| |
| |||||||
Log-Analyse und Auswertung: Winlogon.exe und ein Kerl Namens Martin PrikrylWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.12.2011, 07:04
| #1 |
 |  Winlogon.exe und ein Kerl Namens Martin Prikryl Avira Antivir meldete sich plötzlich und zum Anlass schickte ich Malwarebytes Anti-Malware losgeschickt. Einiges gefunden (besonders in System32-Ordner). Allerdings krieg ich die hartnäckigen nicht weg und Probleme mit den Scan-Programmen hatte ich auch noch, also poste ich erstmal alles was ging. Gmer Scan stoppt und schließt selbst nach einigen Sekunden, nach Beginn des Scans. Defogger funktioniert nicht, Disable liegt im Anhang.  Nachtrag: Der Bericht des ersten kompletten Systemscans mit Anti-Malware Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8312
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154
05.12.2011 05:59:42
mbam-log-2011-12-05 (05-59-42).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 705801
Laufzeit: 4 Stunde(n), 21 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
c:\programdata\winlogon.exe (Trojan.Agent.Gen) -> 1608 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Service (Trojan.Agent.Gen) -> Value: Microsoft Service -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Wolfi\downloads\ins-bse1200.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\program files\CPUCooL\instser.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\pss\winlogon.exe.startup (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\rijai.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\jdxdx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\lgazz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\mphqw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\orjlg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\pslny.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\vteae.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\wioqb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\yajhi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\ygnci.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\winlogon.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
05.12.2011, 12:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Winlogon.exe und ein Kerl Namens Martin Prikryl Martin Prikryl ist der Autor von Was ist WinSCP :: WinSCP
__________________Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ |
|
05.12.2011, 22:24
| #3 |
| | Winlogon.exe und ein Kerl Namens Martin Prikryl ESET-Log
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a641b9773186da44bb4c9ebf914d2259
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-05 09:21:17
# local_time=2011-12-05 10:21:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 56780678 56780678 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 67212 98005422 59218 0
# compatibility_mode=5892 16776573 100 100 4269 160641586 0 0
# compatibility_mode=8192 67108863 100 0 3782 3782 0 0
# scanned=521666
# found=4
# cleaned=0
# scan_time=11218
C:\Program Files\Die 15 beliebtesten Kartenspiele\bin\cardssn.dll probably a variant of Win32/Agent.BUDMVXA trojan (unable to clean) 00000000000000000000000000000000 I
C:\TransportGigant\transportgiant.exe probably a variant of Win32/Agent.NXEQNXH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Wolfi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\48a71381-6f3e0069 a variant of Java/TrojanDownloader.Agent.NCT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Wolfi\Downloads\Nemo__s_Whores_1.1.rar a variant of Win32/Packed.MoleboxUltra application (unable to clean) 00000000000000000000000000000000 I
|
|
05.12.2011, 22:39
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin PrikrylZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.12.2011, 22:50
| #5 | |
| | Winlogon.exe und ein Kerl Namens Martin PrikrylZitat:
 Weg mit allen Sachen, die gefunden worden sind? |
|
06.12.2011, 08:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin Prikryl Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\Shell - "" = AutoRun
O33 - MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{2906ace5-2acf-11df-8159-d415a5649007}\Shell - "" = AutoRun
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell - "" = AutoRun
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell\AutoRun\command - "" = A:\.\KANAUST.exe
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell\dxinst\command - "" = A:\.\dxsetup.exe
O33 - MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\Shell - "" = AutoRun
O33 - MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\D\Shell\install\command - "" = D:\autorun.exe
MsConfig - StartUpFolder: C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winlogon.exe - - File not found
[2011.12.05 01:37:10 | 000,210,944 | ---- | C] (Martin Prikryl) -- C:\Windows\System32\kvhou.exe
[2011.12.05 01:36:34 | 000,210,944 | ---- | C] (Martin Prikryl) -- C:\Windows\System32\phpse.exe
[2011.12.04 17:20:20 | 000,210,944 | ---- | M] (Martin Prikryl) -- C:\Windows\System32\mdlsf.exe
[2011.12.04 17:20:16 | 000,210,944 | ---- | M] (Martin Prikryl) -- C:\Windows\System32\mxuhc.exe
[2011.05.07 11:00:33 | 000,000,000 | ---D | M] -- C:\!KillBox
[2010.07.16 17:56:38 | 000,000,000 | ---D | M] -- C:\~MSSETUP.T
:Files
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Winlogon.exe und ein Kerl Namens Martin Prikryl |
|
06.12.2011, 08:55
| #7 |
| | Winlogon.exe und ein Kerl Namens Martin Prikryl Und hier der Log des OTL-Fixes Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: unplug@compunach:2.047 removed from extensions.enabledItems
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "about:neterror?e=query&u=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Wolfi\AppData\Roaming\Mozilla\FireFox\Profiles\r6307irc.default\user.js moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2906ace5-2acf-11df-8159-d415a5649007}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2906ace5-2acf-11df-8159-d415a5649007}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
File A:\.\KANAUST.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
File A:\.\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk\ deleted successfully.
C:\Windows\pss\PowerStrip.lnk.Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winlogon.exe\ deleted successfully.
File C:\Windows\pss\winlogon.exe.Startup not found.
C:\Windows\System32\kvhou.exe moved successfully.
C:\Windows\System32\phpse.exe moved successfully.
C:\Windows\System32\mdlsf.exe moved successfully.
C:\Windows\System32\mxuhc.exe moved successfully.
C:\!KillBox\Logs folder moved successfully.
C:\!KillBox folder moved successfully.
C:\~MSSETUP.T\~MSSTFQF.T folder moved successfully.
C:\~MSSETUP.T folder moved successfully.
========== FILES ==========
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Wolfi
->Temp folder emptied: 203384540 bytes
->Temporary Internet Files folder emptied: 73118145 bytes
->Java cache emptied: 21955987 bytes
->FireFox cache emptied: 116259352 bytes
->Flash cache emptied: 174483 bytes
User: yfl
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1827017 bytes
%systemroot%\System32 .tmp files removed: 1594688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343766 bytes
RecycleBin emptied: 4195888444 bytes
Total Files Cleaned = 4.401,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_084807
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
06.12.2011, 09:19
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin Prikryl Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 10:37
| #9 | |
| | Winlogon.exe und ein Kerl Namens Martin PrikrylZitat:
|
|
06.12.2011, 11:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin Prikryl Ich glaube die Datei war zu groß. Lade sie hier mal hoch => File-Upload.net - Ihr kostenloser File Hoster! und verlink das gnaze hier dann
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 12:18
| #11 |
| | Winlogon.exe und ein Kerl Namens Martin Prikryl Das ganze ist knapp 200 MB groß, darum mache ich das mit uploaded.to und hoffe mal stark, dass das auch klappt. 50 kb/s uploadspeed und ich könnte brechen. |
|
06.12.2011, 13:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin Prikryl Äh dann lass den Upload bitte einfach sein  Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 13:28
| #13 |
| | Winlogon.exe und ein Kerl Namens Martin Prikryl Ok, scheint zu klappen. hxxp://ul.to/2976vr0u Nachtrag: grrrr, zu spät gesehen und gerade erst gepostet^^ |
|
06.12.2011, 13:35
| #14 |
| | Winlogon.exe und ein Kerl Namens Martin Prikryl TDSSKiller-Log Code:
ATTFilter 13:31:07.0646 2256 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:31:07.0948 2256 ============================================================
13:31:07.0948 2256 Current date / time: 2011/12/06 13:31:07.0948
13:31:07.0948 2256 SystemInfo:
13:31:07.0948 2256
13:31:07.0948 2256 OS Version: 6.0.6002 ServicePack: 2.0
13:31:07.0948 2256 Product type: Workstation
13:31:07.0948 2256 ComputerName: WOLFI-PC
13:31:07.0948 2256 UserName: Wolfi
13:31:07.0948 2256 Windows directory: C:\Windows
13:31:07.0948 2256 System windows directory: C:\Windows
13:31:07.0948 2256 Processor architecture: Intel x86
13:31:07.0948 2256 Number of processors: 2
13:31:07.0948 2256 Page size: 0x1000
13:31:07.0948 2256 Boot type: Normal boot
13:31:07.0948 2256 ============================================================
13:31:08.0802 2256 Initialize success
13:33:31.0781 4588 ============================================================
13:33:31.0781 4588 Scan started
13:33:31.0781 4588 Mode: Manual; SigCheck; TDLFS;
13:33:31.0781 4588 ============================================================
13:33:33.0170 4588 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
13:33:33.0247 4588 acedrv11 - ok
13:33:33.0312 4588 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:33:33.0377 4588 ACPI - ok
13:33:33.0452 4588 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:33:33.0476 4588 adp94xx - ok
13:33:33.0499 4588 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:33:33.0510 4588 adpahci - ok
13:33:33.0534 4588 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:33:33.0549 4588 adpu160m - ok
13:33:33.0585 4588 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:33:33.0595 4588 adpu320 - ok
13:33:33.0657 4588 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:33:33.0711 4588 AFD - ok
13:33:33.0740 4588 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:33:33.0747 4588 agp440 - ok
13:33:33.0775 4588 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:33:33.0784 4588 aic78xx - ok
13:33:33.0809 4588 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:33:33.0815 4588 aliide - ok
13:33:33.0846 4588 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:33:33.0872 4588 amdagp - ok
13:33:33.0905 4588 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:33:33.0913 4588 amdide - ok
13:33:33.0941 4588 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:33:34.0011 4588 AmdK7 - ok
13:33:34.0044 4588 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:33:34.0070 4588 AmdK8 - ok
13:33:34.0144 4588 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:33:34.0151 4588 arc - ok
13:33:34.0192 4588 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:33:34.0199 4588 arcsas - ok
13:33:34.0250 4588 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:34.0293 4588 AsyncMac - ok
13:33:34.0322 4588 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:33:34.0329 4588 atapi - ok
13:33:34.0355 4588 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
13:33:34.0364 4588 atksgt - ok
13:33:34.0462 4588 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:33:34.0467 4588 avgio - ok
13:33:34.0486 4588 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:33:34.0492 4588 avgntflt - ok
13:33:34.0511 4588 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:33:34.0517 4588 avipbb - ok
13:33:34.0605 4588 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:33:34.0670 4588 Beep - ok
13:33:34.0720 4588 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:33:34.0742 4588 blbdrive - ok
13:33:34.0798 4588 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:33:34.0838 4588 bowser - ok
13:33:34.0858 4588 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:33:34.0924 4588 BrFiltLo - ok
13:33:34.0944 4588 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:33:34.0976 4588 BrFiltUp - ok
13:33:35.0012 4588 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:33:35.0129 4588 Brserid - ok
13:33:35.0170 4588 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:33:35.0219 4588 BrSerWdm - ok
13:33:35.0244 4588 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:33:35.0296 4588 BrUsbMdm - ok
13:33:35.0319 4588 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:33:35.0359 4588 BrUsbSer - ok
13:33:35.0384 4588 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:33:35.0431 4588 BTHMODEM - ok
13:33:35.0725 4588 catchme - ok
13:33:35.0802 4588 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:35.0839 4588 cdfs - ok
13:33:35.0885 4588 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:35.0938 4588 cdrom - ok
13:33:36.0276 4588 cFosNT (fbcfe23f9096eed9f577c11678c62321) C:\Windows\System32\Drivers\cFosNT.sys
13:33:36.0314 4588 cFosNT - ok
13:33:36.0335 4588 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:33:36.0369 4588 circlass - ok
13:33:36.0402 4588 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:33:36.0413 4588 CLFS - ok
13:33:36.0462 4588 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:33:36.0469 4588 cmdide - ok
13:33:36.0493 4588 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:33:36.0499 4588 Compbatt - ok
13:33:36.0554 4588 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:33:36.0582 4588 crcdisk - ok
13:33:36.0612 4588 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:33:36.0650 4588 Crusoe - ok
13:33:36.0715 4588 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:33:36.0753 4588 DfsC - ok
13:33:36.0777 4588 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:33:36.0785 4588 disk - ok
13:33:36.0846 4588 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:33:36.0899 4588 drmkaud - ok
13:33:36.0937 4588 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:36.0958 4588 DXGKrnl - ok
13:33:36.0992 4588 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:33:37.0016 4588 E1G60 - ok
13:33:37.0094 4588 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:33:37.0122 4588 Ecache - ok
13:33:37.0170 4588 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:33:37.0176 4588 ElbyCDIO - ok
13:33:37.0201 4588 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:33:37.0226 4588 elxstor - ok
13:33:37.0249 4588 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:33:37.0276 4588 ErrDev - ok
13:33:37.0311 4588 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:33:37.0346 4588 exfat - ok
13:33:37.0376 4588 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:33:37.0390 4588 fastfat - ok
13:33:37.0422 4588 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:33:37.0445 4588 fdc - ok
13:33:37.0470 4588 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:33:37.0477 4588 FileInfo - ok
13:33:37.0495 4588 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:33:37.0518 4588 Filetrace - ok
13:33:37.0565 4588 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:37.0606 4588 flpydisk - ok
13:33:37.0626 4588 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:33:37.0636 4588 FltMgr - ok
13:33:37.0668 4588 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:33:37.0685 4588 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:33:37.0685 4588 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:33:37.0714 4588 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:37.0743 4588 Fs_Rec - ok
13:33:37.0763 4588 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:33:37.0770 4588 gagp30kx - ok
13:33:37.0799 4588 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:37.0804 4588 GEARAspiWDM - ok
13:33:37.0853 4588 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
13:33:37.0857 4588 giveio ( UnsignedFile.Multi.Generic ) - warning
13:33:37.0857 4588 giveio - detected UnsignedFile.Multi.Generic (1)
13:33:37.0900 4588 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:33:37.0955 4588 HdAudAddService - ok
13:33:37.0997 4588 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:38.0022 4588 HDAudBus - ok
13:33:38.0051 4588 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:33:38.0109 4588 HidBth - ok
13:33:38.0134 4588 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:33:38.0176 4588 HidIr - ok
13:33:38.0213 4588 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:38.0241 4588 HidUsb - ok
13:33:38.0277 4588 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:33:38.0295 4588 HpCISSs - ok
13:33:38.0343 4588 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:33:38.0395 4588 HTTP - ok
13:33:38.0416 4588 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:33:38.0423 4588 i2omp - ok
13:33:38.0435 4588 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:38.0460 4588 i8042prt - ok
13:33:38.0478 4588 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:33:38.0487 4588 iaStorV - ok
13:33:38.0535 4588 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:33:38.0544 4588 iirsp - ok
13:33:38.0870 4588 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
13:33:39.0034 4588 IntcAzAudAddService - ok
13:33:39.0128 4588 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:33:39.0153 4588 intelide - ok
13:33:39.0183 4588 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:39.0218 4588 intelppm - ok
13:33:39.0254 4588 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:39.0286 4588 IpFilterDriver - ok
13:33:39.0302 4588 IpInIp - ok
13:33:39.0351 4588 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:33:39.0368 4588 IPMIDRV - ok
13:33:39.0397 4588 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:33:39.0414 4588 IPNAT - ok
13:33:39.0438 4588 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:33:39.0472 4588 IRENUM - ok
13:33:39.0506 4588 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:33:39.0537 4588 isapnp - ok
13:33:39.0589 4588 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:39.0599 4588 iScsiPrt - ok
13:33:39.0619 4588 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:33:39.0625 4588 iteatapi - ok
13:33:39.0646 4588 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:33:39.0653 4588 iteraid - ok
13:33:39.0665 4588 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:39.0672 4588 kbdclass - ok
13:33:39.0683 4588 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:39.0711 4588 kbdhid - ok
13:33:39.0751 4588 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:33:39.0770 4588 KSecDD - ok
13:33:39.0806 4588 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:33:39.0811 4588 LHidFilt - ok
13:33:39.0840 4588 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
13:33:39.0845 4588 lirsgt - ok
13:33:39.0864 4588 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:39.0893 4588 lltdio - ok
13:33:39.0936 4588 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:33:39.0943 4588 LSI_FC - ok
13:33:39.0968 4588 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:33:39.0975 4588 LSI_SAS - ok
13:33:40.0007 4588 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:40.0015 4588 LSI_SCSI - ok
13:33:40.0027 4588 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:33:40.0055 4588 luafv - ok
13:33:40.0084 4588 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:33:40.0090 4588 LUsbFilt - ok
13:33:40.0156 4588 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:33:40.0162 4588 LVPr2Mon - ok
13:33:40.0223 4588 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
13:33:40.0233 4588 LVRS - ok
13:33:40.0653 4588 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
13:33:40.0790 4588 LVUVC - ok
13:33:40.0890 4588 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:33:40.0897 4588 megasas - ok
13:33:40.0921 4588 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:33:40.0940 4588 MegaSR - ok
13:33:40.0959 4588 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:33:40.0990 4588 Modem - ok
13:33:41.0016 4588 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:33:41.0044 4588 monitor - ok
13:33:41.0061 4588 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:41.0068 4588 mouclass - ok
13:33:41.0085 4588 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:41.0101 4588 mouhid - ok
13:33:41.0112 4588 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:33:41.0119 4588 MountMgr - ok
13:33:41.0136 4588 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:33:41.0144 4588 mpio - ok
13:33:41.0158 4588 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:33:41.0183 4588 mpsdrv - ok
13:33:41.0210 4588 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:33:41.0216 4588 Mraid35x - ok
13:33:41.0273 4588 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:33:41.0383 4588 MRxDAV - ok
13:33:41.0511 4588 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:41.0538 4588 mrxsmb - ok
13:33:41.0574 4588 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:41.0599 4588 mrxsmb10 - ok
13:33:41.0622 4588 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:41.0644 4588 mrxsmb20 - ok
13:33:41.0692 4588 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:33:41.0699 4588 msahci - ok
13:33:41.0722 4588 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:33:41.0730 4588 msdsm - ok
13:33:41.0750 4588 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:33:41.0801 4588 Msfs - ok
13:33:41.0820 4588 MSICDSetup - ok
13:33:41.0849 4588 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:33:41.0880 4588 msisadrv - ok
13:33:41.0917 4588 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:41.0946 4588 MSKSSRV - ok
13:33:41.0972 4588 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:42.0000 4588 MSPCLOCK - ok
13:33:42.0026 4588 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:33:42.0058 4588 MSPQM - ok
13:33:42.0106 4588 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:33:42.0114 4588 MsRPC - ok
13:33:42.0190 4588 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:42.0218 4588 mssmbios - ok
13:33:42.0247 4588 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:33:42.0281 4588 MSTEE - ok
13:33:42.0592 4588 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
13:33:42.0641 4588 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
13:33:42.0641 4588 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
13:33:42.0670 4588 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:33:42.0678 4588 Mup - ok
13:33:42.0702 4588 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:42.0713 4588 NativeWifiP - ok
13:33:42.0733 4588 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:33:42.0750 4588 NDIS - ok
13:33:42.0758 4588 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:42.0783 4588 NdisTapi - ok
13:33:42.0843 4588 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:42.0859 4588 Ndisuio - ok
13:33:42.0876 4588 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:42.0923 4588 NdisWan - ok
13:33:42.0956 4588 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:33:42.0968 4588 NDProxy - ok
13:33:42.0975 4588 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:33:42.0991 4588 NetBIOS - ok
13:33:43.0013 4588 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:33:43.0051 4588 netbt - ok
13:33:43.0116 4588 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:33:43.0122 4588 nfrd960 - ok
13:33:43.0130 4588 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:33:43.0153 4588 Npfs - ok
13:33:43.0171 4588 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:33:43.0200 4588 nsiproxy - ok
13:33:43.0236 4588 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:33:43.0299 4588 Ntfs - ok
13:33:43.0371 4588 ntiomin (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys
13:33:43.0385 4588 ntiomin ( UnsignedFile.Multi.Generic ) - warning
13:33:43.0385 4588 ntiomin - detected UnsignedFile.Multi.Generic (1)
13:33:43.0415 4588 ntiopnp (5850c28057ddea04390b88f8cc482504) C:\Windows\system32\drivers\ntiopnp.sys
13:33:43.0421 4588 ntiopnp - ok
13:33:43.0477 4588 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:33:43.0524 4588 ntrigdigi - ok
13:33:43.0602 4588 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:33:43.0651 4588 Null - ok
13:33:43.0710 4588 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
13:33:43.0717 4588 NVHDA - ok
13:33:44.0987 4588 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:33:45.0292 4588 nvlddmkm - ok
13:33:45.0398 4588 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:33:45.0406 4588 nvraid - ok
13:33:45.0434 4588 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:33:45.0441 4588 nvstor - ok
13:33:45.0511 4588 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:33:45.0518 4588 nv_agp - ok
13:33:45.0532 4588 NwlnkFlt - ok
13:33:45.0543 4588 NwlnkFwd - ok
13:33:45.0571 4588 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:45.0602 4588 ohci1394 - ok
13:33:45.0665 4588 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
13:33:45.0740 4588 P17 - ok
13:33:45.0813 4588 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:33:45.0830 4588 Parport - ok
13:33:45.0874 4588 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:33:45.0896 4588 partmgr - ok
13:33:45.0917 4588 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:33:45.0947 4588 Parvdm - ok
13:33:46.0015 4588 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:33:46.0025 4588 pci - ok
13:33:46.0042 4588 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:33:46.0049 4588 pciide - ok
13:33:46.0081 4588 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:33:46.0090 4588 pcmcia - ok
13:33:46.0111 4588 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:33:46.0203 4588 PEAUTH - ok
13:33:46.0243 4588 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:46.0271 4588 PptpMiniport - ok
13:33:46.0295 4588 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:33:46.0321 4588 Processor - ok
13:33:46.0342 4588 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:33:46.0365 4588 PSched - ok
13:33:46.0411 4588 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:33:46.0463 4588 ql2300 - ok
13:33:46.0522 4588 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:33:46.0544 4588 ql40xx - ok
13:33:46.0612 4588 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:33:46.0653 4588 QWAVEdrv - ok
13:33:46.0679 4588 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:46.0696 4588 RasAcd - ok
13:33:46.0706 4588 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:46.0740 4588 Rasl2tp - ok
13:33:46.0771 4588 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:46.0798 4588 RasPppoe - ok
13:33:46.0813 4588 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:46.0821 4588 RasSstp - ok
13:33:46.0881 4588 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:46.0897 4588 rdbss - ok
13:33:46.0903 4588 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:46.0933 4588 RDPCDD - ok
13:33:46.0983 4588 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:33:47.0016 4588 rdpdr - ok
13:33:47.0030 4588 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:33:47.0047 4588 RDPENCDD - ok
13:33:47.0076 4588 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:33:47.0108 4588 RDPWD - ok
13:33:47.0127 4588 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
13:33:47.0143 4588 ROOTMODEM - ok
13:33:47.0161 4588 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:47.0188 4588 rspndr - ok
13:33:47.0235 4588 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\MSI Afterburner\RTCore32.sys
13:33:47.0252 4588 RTCore32 ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0252 4588 RTCore32 - detected UnsignedFile.Multi.Generic (1)
13:33:47.0297 4588 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:33:47.0341 4588 RTL8169 - ok
13:33:47.0390 4588 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys
13:33:47.0395 4588 SANDRA - ok
13:33:47.0473 4588 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:33:47.0495 4588 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0495 4588 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
13:33:47.0522 4588 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:33:47.0542 4588 SASENUM ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0542 4588 SASENUM - detected UnsignedFile.Multi.Generic (1)
13:33:47.0571 4588 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:33:47.0576 4588 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0576 4588 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
13:33:47.0597 4588 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:33:47.0605 4588 sbp2port - ok
13:33:47.0629 4588 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:33:47.0682 4588 secdrv - ok
13:33:47.0717 4588 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:33:47.0741 4588 Serenum - ok
13:33:47.0760 4588 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:33:47.0789 4588 Serial - ok
13:33:47.0819 4588 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:33:47.0835 4588 sermouse - ok
13:33:47.0865 4588 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:33:47.0877 4588 sffdisk - ok
13:33:47.0893 4588 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:47.0910 4588 sffp_mmc - ok
13:33:47.0951 4588 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:33:47.0967 4588 sffp_sd - ok
13:33:47.0987 4588 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:33:48.0036 4588 sfloppy - ok
13:33:48.0066 4588 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:33:48.0073 4588 sisagp - ok
13:33:48.0099 4588 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:33:48.0106 4588 SiSRaid2 - ok
13:33:48.0129 4588 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:33:48.0136 4588 SiSRaid4 - ok
13:33:48.0166 4588 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:33:48.0198 4588 Smb - ok
13:33:48.0234 4588 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
13:33:48.0242 4588 speedfan - ok
13:33:48.0249 4588 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:33:48.0255 4588 spldr - ok
13:33:48.0307 4588 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys
13:33:48.0331 4588 sptd - ok
13:33:48.0353 4588 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:33:48.0391 4588 srv - ok
13:33:48.0465 4588 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:33:48.0497 4588 srv2 - ok
13:33:48.0520 4588 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:48.0550 4588 srvnet - ok
13:33:48.0583 4588 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:33:48.0595 4588 ssmdrv - ok
13:33:48.0623 4588 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
13:33:48.0629 4588 ss_bbus - ok
13:33:48.0642 4588 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
13:33:48.0647 4588 ss_bmdfl - ok
13:33:48.0665 4588 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
13:33:48.0672 4588 ss_bmdm - ok
13:33:48.0705 4588 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:33:48.0711 4588 swenum - ok
13:33:48.0776 4588 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:33:48.0782 4588 Symc8xx - ok
13:33:48.0804 4588 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:33:48.0811 4588 Sym_hi - ok
13:33:48.0834 4588 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:33:48.0841 4588 Sym_u3 - ok
13:33:48.0982 4588 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:33:49.0041 4588 Tcpip - ok
13:33:49.0078 4588 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:49.0137 4588 Tcpip6 - ok
13:33:49.0191 4588 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:33:49.0228 4588 tcpipreg - ok
13:33:49.0259 4588 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:33:49.0300 4588 TDPIPE - ok
13:33:49.0324 4588 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:33:49.0340 4588 TDTCP - ok
13:33:49.0370 4588 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:33:49.0383 4588 tdx - ok
13:33:49.0412 4588 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:33:49.0430 4588 TermDD - ok
13:33:49.0486 4588 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:49.0514 4588 tssecsrv - ok
13:33:49.0918 4588 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
13:33:49.0923 4588 TuneUpUtilitiesDrv - ok
13:33:49.0955 4588 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:49.0984 4588 tunmp - ok
13:33:50.0013 4588 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:50.0038 4588 tunnel - ok
13:33:50.0067 4588 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:33:50.0074 4588 uagp35 - ok
13:33:50.0102 4588 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:33:50.0117 4588 udfs - ok
13:33:50.0140 4588 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:33:50.0147 4588 uliagpkx - ok
13:33:50.0173 4588 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:33:50.0183 4588 uliahci - ok
13:33:50.0209 4588 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:33:50.0222 4588 UlSata - ok
13:33:50.0243 4588 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:33:50.0250 4588 ulsata2 - ok
13:33:50.0268 4588 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:33:50.0300 4588 umbus - ok
13:33:50.0361 4588 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:33:50.0386 4588 usbaudio - ok
13:33:50.0419 4588 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:50.0444 4588 usbccgp - ok
13:33:50.0468 4588 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:33:50.0512 4588 usbcir - ok
13:33:50.0555 4588 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:50.0580 4588 usbehci - ok
13:33:50.0599 4588 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:50.0613 4588 usbhub - ok
13:33:50.0629 4588 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:33:50.0674 4588 usbohci - ok
13:33:50.0710 4588 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:50.0737 4588 usbprint - ok
13:33:50.0767 4588 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:33:50.0797 4588 usbscan - ok
13:33:50.0825 4588 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:50.0838 4588 USBSTOR - ok
13:33:50.0859 4588 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:50.0879 4588 usbuhci - ok
13:33:50.0905 4588 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:33:50.0932 4588 usbvideo - ok
13:33:50.0964 4588 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
13:33:50.0998 4588 VClone - ok
13:33:51.0050 4588 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:51.0076 4588 vga - ok
13:33:51.0114 4588 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:33:51.0146 4588 VgaSave - ok
13:33:51.0169 4588 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:33:51.0190 4588 viaagp - ok
13:33:51.0225 4588 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:33:51.0242 4588 ViaC7 - ok
13:33:51.0269 4588 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:33:51.0284 4588 viaide - ok
13:33:51.0307 4588 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:33:51.0314 4588 volmgr - ok
13:33:51.0340 4588 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:33:51.0352 4588 volmgrx - ok
13:33:51.0384 4588 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:33:51.0394 4588 volsnap - ok
13:33:51.0413 4588 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:33:51.0421 4588 vsmraid - ok
13:33:51.0625 4588 VX3000 (3d96ef51524e99680e89929e953a5495) C:\Windows\system32\DRIVERS\VX3000.sys
13:33:51.0696 4588 VX3000 - ok
13:33:51.0725 4588 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:33:51.0770 4588 WacomPen - ok
13:33:51.0791 4588 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0804 4588 Wanarp - ok
13:33:51.0807 4588 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0819 4588 Wanarpv6 - ok
13:33:51.0838 4588 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:33:51.0844 4588 Wd - ok
13:33:51.0868 4588 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:33:51.0891 4588 Wdf01000 - ok
13:33:51.0976 4588 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:33:52.0001 4588 WmiAcpi - ok
13:33:52.0036 4588 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:33:52.0071 4588 WpdUsb - ok
13:33:52.0099 4588 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:52.0129 4588 ws2ifsl - ok
13:33:52.0164 4588 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:52.0195 4588 WUDFRd - ok
13:33:52.0217 4588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:33:52.0244 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:33:52.0245 4588 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:33:52.0247 4588 Boot (0x1200) (522b033f60eae7ee0e2e28a5fe432cc0) \Device\Harddisk0\DR0\Partition0
13:33:52.0247 4588 \Device\Harddisk0\DR0\Partition0 - ok
13:33:52.0248 4588 ============================================================
13:33:52.0248 4588 Scan finished
13:33:52.0248 4588 ============================================================
13:33:52.0254 4748 Detected object count: 9
13:33:52.0254 4748 Actual detected object count: 9
13:34:34.0225 4748 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0225 4748 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0225 4748 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0225 4748 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748 ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748 ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748 RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0227 4748 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0227 4748 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0228 4748 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0228 4748 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0228 4748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:34:34.0228 4748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
06.12.2011, 13:47
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe und ein Kerl Namens Martin PrikrylZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Winlogon.exe und ein Kerl Namens Martin Prikryl |
| anti-malware, antivir, avira, avira antivir, besonders, disable, funktionier, funktioniert, funktioniert nicht, gefunde, gmer, hacktool.gamescheat.gen, hartnäckige, hartnäckigen, krieg, malwarebytes, melde, namens, plötzlich, poste, probleme, schließt, sekunden, stoppt, system, trojan.agent.ge, winlogon.exe |
Linear-Darstellung
