Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Verschlüsselungstrojaner (https://www.trojaner-board.de/114905-windows-verschluesselungstrojaner.html)

cosinus 15.05.2012 14:36
Wiederhol den Fix im abgesicherten Modus bitte

KOZOK 15.05.2012 14:55
komme nach wie vor nicht in den abgesicherten modus :confused:

cosinus 15.05.2012 15:01
Geht noch nicht?
Dann mach den FIx nochmal so, aber lass mal die letzte Zeile aus meinem Script weg

KOZOK 15.05.2012 15:06
hab es jetzt nochmal komplett im normalen Modus durchlaufen lassen, jetzt lief der fix komplett durch.

abgesicherter modus geht immernoch nicht.
immernoch das englische auswahlmenü, der bluescreen nach dem laden der treiber und der reboot :/
hab ich bestimmt durch das versuchte aufsetzen des neuen systems verursacht :(

hier das log:

Code:
All processes killed
========== OTL ==========
File C:\Programme\mozilla firefox\searchplugins\SearchResults.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\PROGRA~1\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-3214299632-3185855274-1964151696-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcf9fa2a-9dee-11e1-a39c-00c0a8a7db33}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\PROGRA~1\Windows iLivid Toolbar not found.
File\Folder C:\Dokumente und Einstellungen\Ronny\Anwendungsdaten\searchqutoolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ronny
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Ronny
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.0 log created on 05152012_193325

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 15.05.2012 19:38
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

KOZOK 15.05.2012 23:18
hier das Ergebnis:

Code:
03:23:00.0484 3500        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
03:23:00.0546 3500        ============================================================
03:23:00.0546 3500        Current date / time: 2012/05/16 03:23:00.0546
03:23:00.0546 3500        SystemInfo:
03:23:00.0546 3500       
03:23:00.0546 3500        OS Version: 5.1.2600 ServicePack: 3.0
03:23:00.0546 3500        Product type: Workstation
03:23:00.0546 3500        ComputerName: MISTERPFITNESS
03:23:00.0546 3500        UserName: Ronny
03:23:00.0546 3500        Windows directory: C:\WINDOWS
03:23:00.0546 3500        System windows directory: C:\WINDOWS
03:23:00.0546 3500        Processor architecture: Intel x86
03:23:00.0546 3500        Number of processors: 1
03:23:00.0546 3500        Page size: 0x1000
03:23:00.0546 3500        Boot type: Normal boot
03:23:00.0546 3500        ============================================================
03:23:03.0156 3500        Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:23:03.0156 3500        Drive \Device\Harddisk1\DR2 - Size: 0x3D80000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:23:03.0156 3500        ============================================================
03:23:03.0156 3500        \Device\Harddisk0\DR0:
03:23:03.0156 3500        MBR partitions:
03:23:03.0156 3500        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
03:23:03.0156 3500        \Device\Harddisk1\DR2:
03:23:03.0156 3500        MBR partitions:
03:23:03.0156 3500        ============================================================
03:23:03.0484 3500        C: <-> \Device\Harddisk0\DR0\Partition0
03:23:03.0484 3500        ============================================================
03:23:03.0484 3500        Initialize success
03:23:03.0484 3500        ============================================================
03:23:56.0765 3808        ============================================================
03:23:56.0781 3808        Scan started
03:23:56.0781 3808        Mode: Manual; SigCheck; TDLFS;
03:23:56.0781 3808        ============================================================
03:23:57.0171 3808        61883          (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
03:23:59.0781 3808        61883 - ok
03:23:59.0796 3808        Abiosdsk - ok
03:23:59.0812 3808        abp480n5 - ok
03:23:59.0859 3808        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:24:00.0046 3808        ACPI - ok
03:24:00.0093 3808        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
03:24:00.0281 3808        ACPIEC - ok
03:24:00.0281 3808        adpu160m - ok
03:24:00.0359 3808        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:24:00.0546 3808        aec - ok
03:24:00.0593 3808        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:24:00.0671 3808        AFD - ok
03:24:00.0671 3808        Aha154x - ok
03:24:00.0687 3808        aic78u2 - ok
03:24:00.0703 3808        aic78xx - ok
03:24:00.0968 3808        ALCXWDM        (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
03:24:01.0718 3808        ALCXWDM - ok
03:24:01.0859 3808        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
03:24:02.0015 3808        Alerter - ok
03:24:02.0046 3808        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
03:24:02.0140 3808        ALG - ok
03:24:02.0156 3808        AliIde - ok
03:24:02.0203 3808        AmdK8          (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
03:24:02.0234 3808        AmdK8 - ok
03:24:02.0250 3808        amsint - ok
03:24:02.0453 3808        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
03:24:02.0500 3808        AntiVirSchedulerService - ok
03:24:02.0546 3808        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
03:24:02.0562 3808        AntiVirService - ok
03:24:02.0578 3808        AppMgmt - ok
03:24:02.0656 3808        AR5211          (d4e7ed3ae224c851b08f3a3a85c37e88) C:\WINDOWS\system32\DRIVERS\ar5211.sys
03:24:02.0750 3808        AR5211 - ok
03:24:02.0812 3808        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:24:03.0078 3808        Arp1394 - ok
03:24:03.0093 3808        asc - ok
03:24:03.0109 3808        asc3350p - ok
03:24:03.0125 3808        asc3550 - ok
03:24:03.0218 3808        Aspi32          (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\aspi32.sys
03:24:03.0234 3808        Aspi32 ( UnsignedFile.Multi.Generic ) - warning
03:24:03.0234 3808        Aspi32 - detected UnsignedFile.Multi.Generic (1)
03:24:03.0375 3808        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:24:03.0406 3808        aspnet_state - ok
03:24:03.0421 3808        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:24:03.0578 3808        AsyncMac - ok
03:24:03.0593 3808        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:24:03.0765 3808        atapi - ok
03:24:03.0781 3808        Atdisk - ok
03:24:03.0843 3808        Ati HotKey Poller (6bdb117f5cf40fe91ff50e1bb3f28184) C:\WINDOWS\system32\Ati2evxx.exe
03:24:03.0906 3808        Ati HotKey Poller - ok
03:24:03.0984 3808        ati2mtag        (e9ebf7dca6c5eb9c597035a10a5a6a1b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:24:04.0109 3808        ati2mtag - ok
03:24:04.0171 3808        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:24:04.0390 3808        Atmarpc - ok
03:24:04.0437 3808        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
03:24:04.0625 3808        AudioSrv - ok
03:24:04.0687 3808        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:24:04.0875 3808        audstub - ok
03:24:04.0937 3808        Avc            (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
03:24:05.0125 3808        Avc - ok
03:24:05.0187 3808        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
03:24:05.0218 3808        avgntflt - ok
03:24:05.0265 3808        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
03:24:05.0281 3808        avipbb - ok
03:24:05.0328 3808        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
03:24:05.0343 3808        avkmgr - ok
03:24:05.0375 3808        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:24:05.0578 3808        Beep - ok
03:24:05.0640 3808        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
03:24:05.0890 3808        BITS - ok
03:24:05.0968 3808        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
03:24:06.0140 3808        Browser - ok
03:24:06.0187 3808        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:24:06.0375 3808        cbidf2k - ok
03:24:06.0406 3808        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:24:06.0593 3808        CCDECODE - ok
03:24:06.0609 3808        cd20xrnt - ok
03:24:06.0671 3808        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:24:06.0828 3808        Cdaudio - ok
03:24:06.0875 3808        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:24:07.0031 3808        Cdfs - ok
03:24:07.0062 3808        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:24:07.0203 3808        Cdrom - ok
03:24:07.0218 3808        Changer - ok
03:24:07.0265 3808        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
03:24:07.0437 3808        CiSvc - ok
03:24:07.0468 3808        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
03:24:07.0640 3808        ClipSrv - ok
03:24:07.0781 3808        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:24:07.0828 3808        clr_optimization_v2.0.50727_32 - ok
03:24:07.0843 3808        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
03:24:08.0000 3808        CmBatt - ok
03:24:08.0000 3808        CmdIde - ok
03:24:08.0031 3808        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
03:24:08.0218 3808        Compbatt - ok
03:24:08.0218 3808        COMSysApp - ok
03:24:08.0250 3808        Cpqarray - ok
03:24:08.0328 3808        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
03:24:08.0500 3808        CryptSvc - ok
03:24:08.0500 3808        dac2w2k - ok
03:24:08.0515 3808        dac960nt - ok
03:24:08.0593 3808        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
03:24:08.0703 3808        DcomLaunch - ok
03:24:08.0765 3808        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
03:24:08.0921 3808        Dhcp - ok
03:24:08.0953 3808        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:24:09.0140 3808        Disk - ok
03:24:09.0156 3808        dmadmin - ok
03:24:09.0265 3808        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
03:24:09.0500 3808        dmboot - ok
03:24:09.0546 3808        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
03:24:09.0750 3808        dmio - ok
03:24:09.0796 3808        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:24:09.0937 3808        dmload - ok
03:24:09.0984 3808        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
03:24:10.0171 3808        dmserver - ok
03:24:10.0203 3808        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:24:10.0375 3808        DMusic - ok
03:24:10.0421 3808        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
03:24:10.0531 3808        Dnscache - ok
03:24:10.0578 3808        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
03:24:10.0765 3808        Dot3svc - ok
03:24:10.0781 3808        dpti2o - ok
03:24:10.0812 3808        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:24:10.0968 3808        drmkaud - ok
03:24:11.0015 3808        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
03:24:11.0171 3808        EapHost - ok
03:24:11.0328 3808        EpsonBidirectionalService (cd64ce62be47df0e9a459fd9002221fe) C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
03:24:11.0359 3808        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
03:24:11.0359 3808        EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
03:24:11.0390 3808        EPSONStatusAgent2 (a7661800aec543b2e2d08aed61835359) C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
03:24:11.0406 3808        EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - warning
03:24:11.0406 3808        EPSONStatusAgent2 - detected UnsignedFile.Multi.Generic (1)
03:24:11.0453 3808        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
03:24:11.0640 3808        ERSvc - ok
03:24:11.0671 3808        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
03:24:11.0703 3808        Eventlog - ok
03:24:11.0796 3808        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
03:24:11.0890 3808        EventSystem - ok
03:24:11.0906 3808        ewusbnet - ok
03:24:11.0937 3808        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:24:12.0125 3808        Fastfat - ok
03:24:12.0171 3808        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
03:24:12.0250 3808        FastUserSwitchingCompatibility - ok
03:24:12.0312 3808        Fax            (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
03:24:12.0484 3808        Fax - ok
03:24:12.0515 3808        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
03:24:12.0671 3808        Fdc - ok
03:24:12.0750 3808        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
03:24:12.0906 3808        Fips - ok
03:24:12.0937 3808        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
03:24:13.0093 3808        Flpydisk - ok
03:24:13.0125 3808        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:24:13.0265 3808        FltMgr - ok
03:24:13.0375 3808        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:24:13.0390 3808        FontCache3.0.0.0 - ok
03:24:13.0437 3808        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:24:13.0593 3808        Fs_Rec - ok
03:24:13.0640 3808        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:24:13.0812 3808        Ftdisk - ok
03:24:13.0828 3808        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:24:14.0046 3808        Gpc - ok
03:24:14.0109 3808        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:24:14.0250 3808        helpsvc - ok
03:24:14.0296 3808        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
03:24:14.0500 3808        HidServ - ok
03:24:14.0531 3808        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:24:14.0687 3808        HidUsb - ok
03:24:14.0734 3808        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
03:24:14.0906 3808        hkmsvc - ok
03:24:14.0968 3808        hotcore3        (4bab16afc2b0029e09c67daa8ec722a2) C:\WINDOWS\system32\drivers\hotcore3.sys
03:24:14.0984 3808        hotcore3 - ok
03:24:15.0031 3808        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
03:24:15.0062 3808        Hotkey ( UnsignedFile.Multi.Generic ) - warning
03:24:15.0062 3808        Hotkey - detected UnsignedFile.Multi.Generic (1)
03:24:15.0078 3808        hpn - ok
03:24:15.0125 3808        HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
03:24:15.0218 3808        HPZid412 - ok
03:24:15.0234 3808        HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
03:24:15.0312 3808        HPZipr12 - ok
03:24:15.0343 3808        HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
03:24:15.0437 3808        HPZius12 - ok
03:24:15.0453 3808        HSFHWATI - ok
03:24:15.0468 3808        HSF_DP - ok
03:24:15.0531 3808        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:24:15.0578 3808        HTTP - ok
03:24:15.0625 3808        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
03:24:15.0781 3808        HTTPFilter - ok
03:24:15.0796 3808        hwdatacard - ok
03:24:15.0859 3808        hwusbdev        (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
03:24:15.0921 3808        hwusbdev - ok
03:24:15.0937 3808        i2omgmt - ok
03:24:15.0953 3808        i2omp - ok
03:24:15.0984 3808        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:24:16.0156 3808        i8042prt - ok
03:24:16.0250 3808        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\drivers\iaStor.sys
03:24:16.0390 3808        iaStor - ok
03:24:16.0562 3808        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:24:16.0671 3808        idsvc - ok
03:24:16.0796 3808        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:24:17.0062 3808        Imapi - ok
03:24:17.0125 3808        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
03:24:17.0281 3808        ImapiService - ok
03:24:17.0296 3808        ini910u - ok
03:24:17.0312 3808        IntelIde - ok
03:24:17.0343 3808        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:24:17.0484 3808        Ip6Fw - ok
03:24:17.0531 3808        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:24:17.0671 3808        IpFilterDriver - ok
03:24:17.0703 3808        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:24:17.0859 3808        IpInIp - ok
03:24:17.0875 3808        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:24:18.0062 3808        IpNat - ok
03:24:18.0078 3808        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:24:18.0250 3808        IPSec - ok
03:24:18.0265 3808        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:24:18.0328 3808        IRENUM - ok
03:24:18.0375 3808        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:24:18.0531 3808        isapnp - ok
03:24:18.0640 3808        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
03:24:18.0656 3808        JavaQuickStarterService - ok
03:24:18.0703 3808        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:24:18.0859 3808        Kbdclass - ok
03:24:18.0875 3808        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:24:19.0046 3808        kbdhid - ok
03:24:19.0078 3808        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:24:19.0265 3808        kmixer - ok
03:24:19.0312 3808        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:24:19.0421 3808        KSecDD - ok
03:24:19.0484 3808        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
03:24:19.0578 3808        lanmanserver - ok
03:24:19.0609 3808        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
03:24:19.0656 3808        lanmanworkstation - ok
03:24:19.0671 3808        lbrtfdc - ok
03:24:19.0734 3808        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
03:24:19.0906 3808        LmHosts - ok
03:24:19.0968 3808        LVRS            (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
03:24:20.0000 3808        LVRS - ok
03:24:20.0250 3808        LVUVC          (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
03:24:20.0765 3808        LVUVC - ok
03:24:20.0890 3808        mailKmd - ok
03:24:20.0968 3808        MarvinBus      (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
03:24:21.0125 3808        MarvinBus ( UnsignedFile.Multi.Generic ) - warning
03:24:21.0125 3808        MarvinBus - detected UnsignedFile.Multi.Generic (1)
03:24:21.0312 3808        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
03:24:21.0359 3808        MDM - ok
03:24:21.0437 3808        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
03:24:21.0718 3808        Messenger - ok
03:24:21.0781 3808        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:24:21.0921 3808        mnmdd - ok
03:24:21.0953 3808        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
03:24:22.0078 3808        mnmsrvc - ok
03:24:22.0140 3808        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
03:24:22.0296 3808        Modem - ok
03:24:22.0328 3808        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:24:22.0484 3808        Mouclass - ok
03:24:22.0515 3808        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:24:22.0671 3808        mouhid - ok
03:24:22.0703 3808        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:24:22.0843 3808        MountMgr - ok
03:24:22.0859 3808        mraid35x - ok
03:24:22.0906 3808        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:24:23.0062 3808        MRxDAV - ok
03:24:23.0125 3808        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:24:23.0250 3808        MRxSmb - ok
03:24:23.0296 3808        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
03:24:23.0453 3808        MSDTC - ok
03:24:23.0500 3808        MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
03:24:23.0640 3808        MSDV - ok
03:24:23.0687 3808        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:24:23.0843 3808        Msfs - ok
03:24:23.0859 3808        MSIServer - ok
03:24:23.0906 3808        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:24:24.0046 3808        MSKSSRV - ok
03:24:24.0078 3808        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:24:24.0234 3808        MSPCLOCK - ok
03:24:24.0265 3808        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:24:24.0437 3808        MSPQM - ok
03:24:24.0468 3808        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:24:24.0625 3808        mssmbios - ok
03:24:24.0656 3808        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
03:24:24.0796 3808        MSTEE - ok
03:24:24.0843 3808        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:24:24.0875 3808        Mup - ok
03:24:24.0906 3808        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:24:25.0062 3808        NABTSFEC - ok
03:24:25.0109 3808        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
03:24:25.0296 3808        napagent - ok
03:24:25.0468 3808        NBService      (48daf84fde43ff61c6877131a79230ab) C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
03:24:25.0593 3808        NBService ( UnsignedFile.Multi.Generic ) - warning
03:24:25.0593 3808        NBService - detected UnsignedFile.Multi.Generic (1)
03:24:25.0640 3808        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:24:25.0828 3808        NDIS - ok
03:24:25.0859 3808        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:24:26.0031 3808        NdisIP - ok
03:24:26.0093 3808        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:24:26.0171 3808        NdisTapi - ok
03:24:26.0187 3808        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:24:26.0343 3808        Ndisuio - ok
03:24:26.0390 3808        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:24:26.0562 3808        NdisWan - ok
03:24:26.0593 3808        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:24:26.0687 3808        NDProxy - ok
03:24:26.0718 3808        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:24:26.0890 3808        NetBIOS - ok
03:24:26.0937 3808        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:24:27.0093 3808        NetBT - ok
03:24:27.0156 3808        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
03:24:27.0328 3808        NetDDE - ok
03:24:27.0359 3808        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
03:24:27.0500 3808        NetDDEdsdm - ok
03:24:27.0531 3808        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
03:24:27.0671 3808        Netlogon - ok
03:24:27.0718 3808        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
03:24:27.0890 3808        Netman - ok
03:24:28.0000 3808        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:24:28.0031 3808        NetTcpPortSharing - ok
03:24:28.0078 3808        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:24:28.0250 3808        NIC1394 - ok
03:24:28.0312 3808        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
03:24:28.0375 3808        Nla - ok
03:24:28.0468 3808        NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe
03:24:28.0484 3808        NMSAccessU - ok
03:24:28.0531 3808        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:24:28.0671 3808        Npfs - ok
03:24:28.0734 3808        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:24:28.0984 3808        Ntfs - ok
03:24:29.0015 3808        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
03:24:29.0187 3808        NtLmSsp - ok
03:24:29.0265 3808        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
03:24:29.0484 3808        NtmsSvc - ok
03:24:29.0531 3808        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:24:29.0687 3808        Null - ok
03:24:29.0765 3808        nvatabus        (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\drivers\nvatabus.sys
03:24:29.0828 3808        nvatabus - ok
03:24:29.0890 3808        nvraid          (a4f2a29b9d40f9ffbbb54e56ce483797) C:\WINDOWS\system32\drivers\nvraid.sys
03:24:29.0921 3808        nvraid - ok
03:24:29.0984 3808        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:24:30.0156 3808        NwlnkFlt - ok
03:24:30.0171 3808        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:24:30.0328 3808        NwlnkFwd - ok
03:24:30.0375 3808        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:24:30.0546 3808        ohci1394 - ok
03:24:30.0656 3808        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
03:24:30.0671 3808        ose - ok
03:24:30.0718 3808        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
03:24:30.0875 3808        Parport - ok
03:24:30.0890 3808        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:24:31.0046 3808        PartMgr - ok
03:24:31.0093 3808        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
03:24:31.0265 3808        ParVdm - ok
03:24:31.0296 3808        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
03:24:31.0468 3808        PCI - ok
03:24:31.0468 3808        PCIDump - ok
03:24:31.0531 3808        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:24:31.0671 3808        PCIIde - ok
03:24:31.0718 3808        PCLEPCI        (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
03:24:31.0718 3808        PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
03:24:31.0718 3808        PCLEPCI - detected UnsignedFile.Multi.Generic (1)
03:24:31.0750 3808        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
03:24:31.0906 3808        Pcmcia - ok
03:24:31.0921 3808        PDCOMP - ok
03:24:31.0937 3808        PDFRAME - ok
03:24:31.0953 3808        PDRELI - ok
03:24:31.0953 3808        PDRFRAME - ok
03:24:31.0968 3808        perc2 - ok
03:24:31.0984 3808        perc2hib - ok
03:24:32.0078 3808        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
03:24:32.0093 3808        PlugPlay - ok
03:24:32.0156 3808        Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
03:24:32.0187 3808        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
03:24:32.0187 3808        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
03:24:32.0218 3808        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
03:24:32.0406 3808        PolicyAgent - ok
03:24:32.0453 3808        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:24:32.0609 3808        PptpMiniport - ok
03:24:32.0640 3808        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
03:24:32.0796 3808        Processor - ok
03:24:32.0812 3808        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
03:24:32.0937 3808        ProtectedStorage - ok
03:24:32.0984 3808        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:24:33.0140 3808        PSched - ok
03:24:33.0203 3808        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:24:33.0359 3808        Ptilink - ok
03:24:33.0375 3808        ql1080 - ok
03:24:33.0375 3808        Ql10wnt - ok
03:24:33.0390 3808        ql12160 - ok
03:24:33.0406 3808        ql1240 - ok
03:24:33.0421 3808        ql1280 - ok
03:24:33.0453 3808        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:24:33.0625 3808        RasAcd - ok
03:24:33.0656 3808        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
03:24:33.0812 3808        RasAuto - ok
03:24:33.0843 3808        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:24:34.0000 3808        Rasl2tp - ok
03:24:34.0046 3808        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
03:24:34.0218 3808        RasMan - ok
03:24:34.0234 3808        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:24:34.0406 3808        RasPppoe - ok
03:24:34.0437 3808        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:24:34.0578 3808        Raspti - ok
03:24:34.0625 3808        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:24:34.0812 3808        Rdbss - ok
03:24:34.0859 3808        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:24:35.0000 3808        RDPCDD - ok
03:24:35.0062 3808        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
03:24:35.0078 3808        RDPWD - ok
03:24:35.0125 3808        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
03:24:35.0296 3808        RDSessMgr - ok
03:24:35.0328 3808        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:24:35.0484 3808        redbook - ok
03:24:35.0515 3808        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
03:24:35.0687 3808        RemoteAccess - ok
03:24:35.0718 3808        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
03:24:35.0890 3808        ROOTMODEM - ok
03:24:35.0937 3808        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
03:24:36.0109 3808        RpcLocator - ok
03:24:36.0171 3808        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
03:24:36.0187 3808        RpcSs - ok
03:24:36.0234 3808        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
03:24:36.0406 3808        RSVP - ok
03:24:36.0453 3808        RTL8023xp      (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
03:24:36.0531 3808        RTL8023xp - ok
03:24:36.0562 3808        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
03:24:36.0718 3808        rtl8139 - ok
03:24:36.0750 3808        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
03:24:36.0906 3808        SamSs - ok
03:24:36.0937 3808        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
03:24:37.0109 3808        SCardSvr - ok
03:24:37.0156 3808        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
03:24:37.0328 3808        Schedule - ok
03:24:37.0390 3808        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:24:37.0453 3808        Secdrv - ok
03:24:37.0484 3808        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
03:24:37.0656 3808        seclogon - ok
03:24:37.0703 3808        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
03:24:37.0875 3808        SENS - ok
03:24:37.0921 3808        Ser2pl          (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
03:24:37.0953 3808        Ser2pl - ok
03:24:38.0015 3808        Serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:24:38.0187 3808        Serenum - ok
03:24:38.0234 3808        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
03:24:38.0406 3808        Serial - ok
03:24:38.0437 3808        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:24:38.0625 3808        Sfloppy - ok
03:24:38.0687 3808        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
03:24:38.0859 3808        SharedAccess - ok
03:24:38.0921 3808        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
03:24:38.0953 3808        ShellHWDetection - ok
03:24:38.0968 3808        Simbad - ok
03:24:39.0015 3808        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys
03:24:39.0093 3808        SiSRaid2 - ok
03:24:39.0187 3808        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
03:24:39.0218 3808        SkypeUpdate - ok
03:24:39.0250 3808        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:24:39.0437 3808        SLIP - ok
03:24:39.0453 3808        Sparrow - ok
03:24:39.0484 3808        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:24:39.0671 3808        splitter - ok
03:24:39.0718 3808        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
03:24:39.0765 3808        Spooler - ok
03:24:39.0796 3808        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
03:24:39.0890 3808        sr - ok
03:24:39.0953 3808        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
03:24:40.0031 3808        srservice - ok
03:24:40.0109 3808        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:24:40.0234 3808        Srv - ok
03:24:40.0281 3808        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
03:24:40.0359 3808        SSDPSRV - ok
03:24:40.0421 3808        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
03:24:40.0437 3808        ssmdrv - ok
03:24:40.0500 3808        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
03:24:40.0671 3808        stisvc - ok
03:24:40.0734 3808        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:24:40.0890 3808        streamip - ok
03:24:40.0937 3808        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:24:41.0093 3808        swenum - ok
03:24:41.0125 3808        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:24:41.0296 3808        swmidi - ok
03:24:41.0312 3808        SwPrv - ok
03:24:41.0328 3808        symc810 - ok
03:24:41.0343 3808        symc8xx - ok
03:24:41.0359 3808        sym_hi - ok
03:24:41.0375 3808        sym_u3 - ok
03:24:41.0421 3808        SynTP          (ec8346549de2eff350bf138cb006ec7d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
03:24:41.0484 3808        SynTP - ok
03:24:41.0515 3808        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:24:41.0671 3808        sysaudio - ok
03:24:41.0718 3808        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
03:24:41.0890 3808        SysmonLog - ok
03:24:41.0953 3808        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
03:24:42.0125 3808        TapiSrv - ok
03:24:42.0187 3808        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:24:42.0281 3808        Tcpip - ok
03:24:42.0343 3808        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:24:42.0515 3808        TDPIPE - ok
03:24:42.0546 3808        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:24:42.0687 3808        TDTCP - ok
03:24:42.0718 3808        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:24:42.0890 3808        TermDD - ok
03:24:42.0953 3808        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
03:24:43.0125 3808        TermService - ok
03:24:43.0187 3808        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
03:24:43.0203 3808        Themes - ok
03:24:43.0250 3808        tifm21          (467ff7fb078dcec24c3f4db602190e3d) C:\WINDOWS\system32\drivers\tifm21.sys
03:24:43.0281 3808        tifm21 - ok
03:24:43.0296 3808        TosIde - ok
03:24:43.0328 3808        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
03:24:43.0500 3808        TrkWks - ok
03:24:43.0546 3808        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:24:43.0718 3808        Udfs - ok
03:24:43.0765 3808        UimBus          (e3cfd4fce555784869a9243a71efcb22) C:\WINDOWS\system32\DRIVERS\UimBus.sys
03:24:43.0781 3808        UimBus - ok
03:24:43.0812 3808        Uim_IM          (5237bb4b8390325936a38b55d72c23b4) C:\WINDOWS\system32\Drivers\Uim_IM.sys
03:24:43.0828 3808        Uim_IM - ok
03:24:43.0843 3808        ultra - ok
03:24:43.0906 3808        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:24:44.0078 3808        Update - ok
03:24:44.0156 3808        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
03:24:44.0234 3808        upnphost - ok
03:24:44.0265 3808        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
03:24:44.0453 3808        UPS - ok
03:24:44.0500 3808        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
03:24:44.0671 3808        usbaudio - ok
03:24:44.0734 3808        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:24:44.0875 3808        usbccgp - ok
03:24:44.0921 3808        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:24:45.0078 3808        usbehci - ok
03:24:45.0125 3808        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:24:45.0265 3808        usbhub - ok
03:24:45.0281 3808        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
03:24:45.0437 3808        usbohci - ok
03:24:45.0468 3808        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:24:45.0640 3808        usbprint - ok
03:24:45.0671 3808        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:24:45.0859 3808        usbscan - ok
03:24:45.0890 3808        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
03:24:46.0031 3808        usbser - ok
03:24:46.0062 3808        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:24:46.0218 3808        USBSTOR - ok
03:24:46.0234 3808        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
03:24:46.0406 3808        usbvideo - ok
03:24:46.0437 3808        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:24:46.0562 3808        VgaSave - ok
03:24:46.0578 3808        ViaIde - ok
03:24:46.0640 3808        viamraid        (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\drivers\viamraid.sys
03:24:46.0687 3808        viamraid - ok
03:24:46.0718 3808        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
03:24:46.0875 3808        VolSnap - ok
03:24:46.0921 3808        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
03:24:47.0000 3808        VSS - ok
03:24:47.0046 3808        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
03:24:47.0187 3808        W32Time - ok
03:24:47.0250 3808        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:24:47.0421 3808        Wanarp - ok
03:24:47.0437 3808        Wbutton - ok
03:24:47.0453 3808        WDICA - ok
03:24:47.0500 3808        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:24:47.0671 3808        wdmaud - ok
03:24:47.0718 3808        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
03:24:47.0890 3808        WebClient - ok
03:24:47.0906 3808        winachsf - ok
03:24:48.0015 3808        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
03:24:48.0187 3808        winmgmt - ok
03:24:48.0265 3808        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
03:24:48.0343 3808        WmdmPmSN - ok
03:24:48.0375 3808        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
03:24:48.0546 3808        WmiAcpi - ok
03:24:48.0593 3808        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:24:48.0765 3808        WmiApSrv - ok
03:24:48.0906 3808        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
03:24:49.0046 3808        WMPNetworkSvc - ok
03:24:49.0093 3808        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:24:49.0265 3808        WS2IFSL - ok
03:24:49.0328 3808        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
03:24:49.0484 3808        wscsvc - ok
03:24:49.0500 3808        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:24:49.0687 3808        WSTCODEC - ok
03:24:49.0734 3808        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
03:24:49.0921 3808        wuauserv - ok
03:24:49.0984 3808        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:24:50.0046 3808        WudfPf - ok
03:24:50.0062 3808        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:24:50.0109 3808        WudfRd - ok
03:24:50.0125 3808        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
03:24:50.0156 3808        WudfSvc - ok
03:24:50.0234 3808        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
03:24:50.0468 3808        WZCSVC - ok
03:24:50.0515 3808        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
03:24:50.0671 3808        xmlprov - ok
03:24:50.0812 3808        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:24:51.0078 3808        \Device\Harddisk0\DR0 - ok
03:24:51.0140 3808        MBR (0x1B8)    (114ef63303b3baca3619b7179d5bd4ed) \Device\Harddisk1\DR2
03:28:15.0656 3808        \Device\Harddisk1\DR2 - ok
03:28:16.0031 3808        Boot (0x1200)  (870a17e6f7f6ab392c03dd46d4022687) \Device\Harddisk0\DR0\Partition0
03:28:16.0078 3808        \Device\Harddisk0\DR0\Partition0 - ok
03:28:16.0078 3808        ============================================================
03:28:16.0078 3808        Scan finished
03:28:16.0078 3808        ============================================================
03:28:16.0203 3784        Detected object count: 8
03:28:16.0203 3784        Actual detected object count: 8
03:48:54.0218 3784        Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0218 3784        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0218 3784        EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0218 3784        Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0218 3784        MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0218 3784        NBService ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0218 3784        NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0234 3784        PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0234 3784        PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:48:54.0234 3784        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
03:48:54.0234 3784        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 16.05.2012 13:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

KOZOK 16.05.2012 15:21
jetzt scheint der abgesicherte modus zu funktionieren
das auswahlmenü wenn ich F8 drücke ist immernoch englisch
ungewöhnlich ist auch der bildschirm danach mit auswahl von
-mircrosoft windows recovery console
-do not select this [debugger enable]
-mircrosoft windows xp home edition
aber das liegt sicher an dem combofix

auf jeden fall komm ich jetzt wieder in den abgesicherten modus :)

hier das log

Code:
ComboFix 12-05-16.01 - Ronny 16.05.2012  19:11:36.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.894.547 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ronny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: G DATA AntiVirenKit 2005 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Kaspersky Anti-Hacker *Enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-16 bis 2012-05-16  ))))))))))))))))))))))))))))))
.
.
2012-05-16 17:01 . 2008-02-25 08:59        24448        ----a-r-        c:\windows\system32\drivers\ewdcsc.sys
2012-05-16 17:01 . 2008-02-25 08:59        101120        ----a-r-        c:\windows\system32\drivers\ewusbmdm.sys
2012-05-14 21:19 . 2012-05-14 21:19        --------        d-----w-        c:\dokumente und einstellungen\Ronny\Anwendungsdaten\Avira
2012-05-14 21:03 . 2012-05-14 21:03        --------        d-----w-        c:\programme\ESET
2012-05-14 20:47 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 20:47 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 20:47 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-05-14 20:46 . 2012-05-14 20:46        --------        d-----w-        c:\programme\Avira
2012-05-14 18:15 . 2012-05-14 18:15        --------        d-----w-        c:\dokumente und einstellungen\Ronny\Anwendungsdaten\Malwarebytes
2012-05-14 18:02 . 2012-05-14 18:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-05-09 03:30 . 2012-05-09 03:30        --------        d-----w-        C:\_OTL
2012-05-08 06:43 . 2008-04-14 02:22        26624        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-07 21:02 . 2010-01-24 04:05        55808        ----a-w-        C:\devcon.exe
2012-05-07 19:39 . 2012-05-08 16:55        --------        d---a-w-        C:\_Kaspersky
2012-04-26 16:09 . 2012-04-26 20:48        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:58 . 2006-04-21 19:42        45056        ----a-w-        c:\dokumente und einstellungen\Ronny\Anwendungsdaten\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe
2012-04-11 13:51 . 2004-08-04 00:50        2071424        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2006-04-04 15:53        1862400        ----a-w-        c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2006-04-04 15:53        2194944        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-02 09:42 . 2012-04-02 09:42        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-04-02 09:42 . 2012-04-02 09:42        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-29 14:09 . 2006-04-04 15:53        177664        ----a-w-        c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2006-04-04 15:53        148480        ----a-w-        c:\windows\system32\imagehlp.dll
2012-02-28 18:49 . 2006-04-04 15:53        672768        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 18:49 . 2006-04-04 15:53        61952        ----a-w-        c:\windows\system32\tdc.ocx
2012-02-28 18:49 . 2006-04-04 15:53        81920        ----a-w-        c:\windows\system32\ieencode.dll
2012-02-28 18:47 . 2006-04-04 15:53        371200        ----a-w-        c:\windows\system32\html.iec
2012-04-04 08:49 . 2011-07-16 17:37        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="c:\programme\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Logitech Vid"="c:\programme\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]
"LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-04-18 81920]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-30 14:05        139264        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 12:24        665424        ------w-        c:\progra~1\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200]
2002-07-01 03:05        74752        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 23:00        199680        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 13:49        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 13:41        145496        ----a-w-        c:\programme\Pinnacle\Studio 11\LaunchList2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-17 15:14        50688        ----a-w-        c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
2005-12-20 08:18        40960        ----a-w-        c:\musicbrigade\Musicbrigade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 12:19        69632        ----a-w-        c:\programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:14        155648        ----a-r-        c:\programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [28.09.2009 14:20 38448]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.05.2012 22:47 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.05.2012 22:47 86224]
S1 mailKmd;mailKmd; [x]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys --> c:\windows\system32\DRIVERS\HSFHWATI.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [14.11.2009 12:17 100736]
.
Inhalt des "geplante Tasks" Ordners
.
2009-11-15 c:\windows\Tasks\GlaryInitialize.job
- c:\programme\Glary Utilities\initialize.exe [2009-11-15 18:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://de.yahoo.com/fsc/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com
IE: Add selected links to Link Container - c:\progra~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Show domain links - c:\progra~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
TCP: Interfaces\{0D725C83-F2CB-46DD-A204-B9AAEC54DA25}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\dokumente und einstellungen\Ronny\Anwendungsdaten\Mozilla\Firefox\Profiles\p5qdvati.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-WgaLogon - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Searchqu 406 MediaBar - c:\programme\Windows iLivid Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-16 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????????T??? ??|h??|????a??|Nj?w?j?w????????0??? ???|???????????\??????|????????h?????@?C)?????????????s???????s???sx??s@??????????????|h??sl??????????s?????????????????C?sc"?sx??s??????7~??@?N'?sDi??-6@?Pi?????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-16  19:32:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-16 17:32
.
Vor Suchlauf: 28 Verzeichnis(se), 20.968.890.368 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 21.016.469.504 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BF48553B14946422B35C3E1A938EA187

cosinus 16.05.2012 20:31
Zitat:
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: G DATA AntiVirenKit 2005 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: Kaspersky Anti-Hacker *Enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
Was wird denn da alles an Sicherheitssoftware angezeigt? :wtf:
Ist das alles noch installiert?

KOZOK 16.05.2012 23:01
also eigentlich dürfte jetzt nur noch antivir drauf sein.
den rest hab ich soweit runtergeschmissen.

cosinus 17.05.2012 18:01
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:11 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58