"Mediashifting.com" Virus

Chris4You · 28.12.2011, 23:04

Hi,

fast gut, entweder das Log hört plötzlich auf (was kein gutes Zeichen ist), oder Du hast es nicht ganz kopiert...

2168 C:\Windows\System32\svchost.exe
2432

Im anschluß an MAM:
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Isch habe den Verdacht auf Rootkit...

chris

DanyRibi · 28.12.2011, 23:09

Ich habe 2 mal ein Fullscan mit Malwarebytes gemacht.
Eins heute (28.12) und eins vorgestern (26.12) ich poste sie mal hier rein..

Das ist der vom 26.
[SPOILER]Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122604

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.12.2011 22:36:37
mbam-log-2011-12-26 (22-36-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 286165
Laufzeit: 1 Stunde(n), 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=16d49936-2114-11e1-a3d6-001d72dac89a) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\X (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\00000001.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\709b8acb\U\800000cf.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Delete on reboot.
d:\programme\tuneup media v1.1.9 (itunes plugin)\tuneupmedia_fix.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
d:\programme\norton 360 with crack\1box_ntr2011.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.[/SPOILER]

DanyRibi · 28.12.2011, 23:11

soll ich den MBR Check nochmals machen?

Gruß DanyRibi

DanyRibi · 28.12.2011, 23:12

... und hier nochmal der MAM vom 28.12

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: FIFU-PC [Administrator]

Schutz: Deaktiviert

28.12.2011 22:20:25
mbam-log-2011-12-28 (22-20-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286377
Laufzeit: 45 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Avenger\Desktop.ini (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)

DanyRibi · 28.12.2011, 23:27

Bei dem TDSS Killer kommt jetzt folgendes :

Was soll ich tun?

Chris4You · 28.12.2011, 23:43

Hi,

ja, das ist das was ich erwartet hatte, mbrchek hätte ihn auch finden sollen...
Unbdingt beseitigen lassen!

chris

DanyRibi · 28.12.2011, 23:46

ok. hab's gemacht. du bekommst gleich die .log-Datei

DanyRibi · 28.12.2011, 23:54

hier ist die .log-Datei vom TDSS Killer

[SPOILER]23:43:45.0089 1944 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:43:45.0323 1944 ============================================================
23:43:45.0323 1944 Current date / time: 2011/12/28 23:43:45.0323
23:43:45.0323 1944 SystemInfo:
23:43:45.0323 1944
23:43:45.0323 1944 OS Version: 6.1.7600 ServicePack: 0.0
23:43:45.0323 1944 Product type: Workstation
23:43:45.0323 1944 ComputerName: FIFU-PC
23:43:45.0323 1944 UserName: Administrator
23:43:45.0323 1944 Windows directory: C:\Windows
23:43:45.0323 1944 System windows directory: C:\Windows
23:43:45.0323 1944 Processor architecture: Intel x86
23:43:45.0323 1944 Number of processors: 1
23:43:45.0323 1944 Page size: 0x1000
23:43:45.0323 1944 Boot type: Normal boot
23:43:45.0323 1944 ============================================================
23:43:46.0914 1944 Initialize success
23:43:58.0598 3056 ============================================================
23:43:58.0598 3056 Scan started
23:43:58.0598 3056 Mode: Manual;
23:43:58.0598 3056 ============================================================
23:44:00.0501 3056 .tdx - ok
23:44:00.0876 3056 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:44:00.0876 3056 1394ohci - ok
23:44:01.0235 3056 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:44:01.0250 3056 ACPI - ok
23:44:01.0609 3056 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:44:01.0609 3056 AcpiPmi - ok
23:44:02.0046 3056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:44:02.0077 3056 adp94xx - ok
23:44:02.0451 3056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:44:02.0451 3056 adpahci - ok
23:44:02.0826 3056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:44:02.0826 3056 adpu320 - ok
23:44:03.0247 3056 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:44:03.0278 3056 AFD - ok
23:44:03.0637 3056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:44:03.0637 3056 agp440 - ok
23:44:03.0996 3056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:44:03.0996 3056 aic78xx - ok
23:44:04.0386 3056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:44:04.0386 3056 aliide - ok
23:44:04.0776 3056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:44:04.0776 3056 amdagp - ok
23:44:05.0181 3056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:44:05.0181 3056 amdide - ok
23:44:05.0556 3056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:44:05.0556 3056 AmdK8 - ok
23:44:05.0930 3056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:44:05.0930 3056 AmdPPM - ok
23:44:06.0554 3056 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:44:06.0554 3056 amdsata - ok
23:44:06.0913 3056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:44:06.0913 3056 amdsbs - ok
23:44:07.0272 3056 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:44:07.0272 3056 amdxata - ok
23:44:07.0631 3056 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:44:07.0631 3056 AppID - ok
23:44:08.0036 3056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:44:08.0036 3056 arc - ok
23:44:08.0426 3056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:44:08.0426 3056 arcsas - ok
23:44:08.0816 3056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:08.0816 3056 AsyncMac - ok
23:44:09.0206 3056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:44:09.0206 3056 atapi - ok
23:44:09.0674 3056 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
23:44:09.0705 3056 athr - ok
23:44:10.0127 3056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:44:10.0127 3056 b06bdrv - ok
23:44:10.0532 3056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:44:10.0532 3056 b57nd60x - ok
23:44:10.0797 3056 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
23:44:10.0829 3056 BHDrvx86 - ok
23:44:11.0187 3056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:44:11.0187 3056 blbdrive - ok
23:44:11.0593 3056 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
23:44:11.0593 3056 bowser - ok
23:44:11.0967 3056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:44:11.0967 3056 BrFiltLo - ok
23:44:12.0311 3056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:44:12.0326 3056 BrFiltUp - ok
23:44:12.0732 3056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:44:12.0732 3056 Brserid - ok
23:44:13.0122 3056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:44:13.0122 3056 BrSerWdm - ok
23:44:13.0496 3056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:44:13.0496 3056 BrUsbMdm - ok
23:44:13.0839 3056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:44:13.0839 3056 BrUsbSer - ok
23:44:14.0245 3056 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
23:44:14.0245 3056 BthEnum - ok
23:44:14.0619 3056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:44:14.0619 3056 BTHMODEM - ok
23:44:14.0994 3056 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:44:14.0994 3056 BthPan - ok
23:44:15.0415 3056 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
23:44:15.0431 3056 BTHPORT - ok
23:44:15.0805 3056 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
23:44:15.0805 3056 BTHUSB - ok
23:44:16.0195 3056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:16.0195 3056 cdfs - ok
23:44:16.0569 3056 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:16.0569 3056 cdrom - ok
23:44:16.0944 3056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:44:16.0944 3056 circlass - ok
23:44:17.0225 3056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:44:17.0225 3056 CLFS - ok
23:44:17.0583 3056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:17.0583 3056 CmBatt - ok
23:44:17.0958 3056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:44:17.0958 3056 cmdide - ok
23:44:18.0317 3056 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:44:18.0332 3056 CNG - ok
23:44:18.0707 3056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:44:18.0707 3056 Compbatt - ok
23:44:19.0050 3056 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:44:19.0065 3056 CompositeBus - ok
23:44:19.0455 3056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:44:19.0455 3056 crcdisk - ok
23:44:19.0877 3056 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:44:19.0908 3056 CSC - ok
23:44:20.0298 3056 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:44:20.0298 3056 DfsC - ok
23:44:20.0735 3056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:44:20.0735 3056 discache - ok
23:44:21.0125 3056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:44:21.0125 3056 Disk - ok
23:44:21.0530 3056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:44:21.0530 3056 drmkaud - ok
23:44:21.0951 3056 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
23:44:21.0983 3056 DXGKrnl - ok
23:44:22.0419 3056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:44:22.0513 3056 ebdrv - ok
23:44:22.0934 3056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:44:22.0965 3056 elxstor - ok
23:44:23.0340 3056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:44:23.0340 3056 ErrDev - ok
23:44:23.0730 3056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:44:23.0730 3056 exfat - ok
23:44:24.0104 3056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:44:24.0104 3056 fastfat - ok
23:44:24.0479 3056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:44:24.0479 3056 fdc - ok
23:44:24.0869 3056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:44:24.0884 3056 FileInfo - ok
23:44:25.0259 3056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:44:25.0259 3056 Filetrace - ok
23:44:25.0649 3056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:25.0649 3056 flpydisk - ok
23:44:26.0054 3056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:44:26.0070 3056 FltMgr - ok
23:44:26.0460 3056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:44:26.0460 3056 FsDepends - ok
23:44:26.0865 3056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:44:26.0865 3056 Fs_Rec - ok
23:44:27.0271 3056 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
23:44:27.0271 3056 fvevol - ok
23:44:27.0630 3056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:44:27.0630 3056 gagp30kx - ok
23:44:28.0035 3056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:44:28.0035 3056 GEARAspiWDM - ok
23:44:28.0457 3056 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
23:44:28.0457 3056 ggflt - ok
23:44:28.0831 3056 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
23:44:28.0831 3056 ggsemc - ok
23:44:29.0221 3056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:44:29.0221 3056 hcw85cir - ok
23:44:29.0611 3056 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:44:29.0642 3056 HdAudAddService - ok
23:44:30.0032 3056 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:44:30.0048 3056 HDAudBus - ok
23:44:30.0423 3056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:44:30.0423 3056 HidBatt - ok
23:44:30.0860 3056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:44:30.0860 3056 HidBth - ok
23:44:31.0250 3056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:44:31.0250 3056 HidIr - ok
23:44:31.0624 3056 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:44:31.0624 3056 HidUsb - ok
23:44:32.0014 3056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:44:32.0014 3056 HpSAMD - ok
23:44:32.0436 3056 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:44:32.0482 3056 HTTP - ok
23:44:32.0857 3056 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:44:32.0857 3056 hwpolicy - ok
23:44:33.0231 3056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:44:33.0231 3056 i8042prt - ok
23:44:33.0652 3056 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:44:33.0668 3056 iaStorV - ok
23:44:33.0902 3056 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys
23:44:33.0902 3056 IDSVix86 - ok
23:44:34.0417 3056 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:44:34.0526 3056 igfx - ok
23:44:34.0900 3056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:44:34.0900 3056 iirsp - ok
23:44:35.0259 3056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:44:35.0259 3056 intelide - ok
23:44:35.0634 3056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:44:35.0634 3056 intelppm - ok
23:44:36.0024 3056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:36.0024 3056 IpFilterDriver - ok
23:44:36.0367 3056 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:44:36.0382 3056 IPMIDRV - ok
23:44:36.0741 3056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:44:36.0741 3056 IPNAT - ok
23:44:37.0131 3056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:44:37.0147 3056 IRENUM - ok
23:44:37.0521 3056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:44:37.0521 3056 isapnp - ok
23:44:37.0911 3056 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:44:37.0927 3056 iScsiPrt - ok
23:44:38.0301 3056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:44:38.0317 3056 kbdclass - ok
23:44:38.0676 3056 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:44:38.0676 3056 kbdhid - ok
23:44:39.0066 3056 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:44:39.0066 3056 KSecDD - ok
23:44:39.0424 3056 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:44:39.0440 3056 KSecPkg - ok
23:44:39.0846 3056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:44:39.0846 3056 lltdio - ok
23:44:40.0251 3056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:44:40.0267 3056 LSI_FC - ok
23:44:40.0641 3056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:44:40.0641 3056 LSI_SAS - ok
23:44:41.0031 3056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:44:41.0031 3056 LSI_SAS2 - ok
23:44:41.0406 3056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:44:41.0406 3056 LSI_SCSI - ok
23:44:41.0983 3056 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:44:42.0030 3056 MBAMProtector - ok
23:44:42.0435 3056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:44:42.0435 3056 megasas - ok
23:44:42.0825 3056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:44:42.0825 3056 MegaSR - ok
23:44:43.0215 3056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:44:43.0215 3056 Modem - ok
23:44:43.0590 3056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:44:43.0590 3056 monitor - ok
23:44:43.0948 3056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:44:43.0948 3056 mouclass - ok
23:44:44.0338 3056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:44:44.0338 3056 mouhid - ok
23:44:44.0697 3056 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:44:44.0713 3056 mountmgr - ok
23:44:45.0072 3056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:44:45.0072 3056 mpio - ok
23:44:45.0430 3056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:44:45.0430 3056 mpsdrv - ok
23:44:45.0867 3056 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:44:45.0867 3056 MRxDAV - ok
23:44:46.0257 3056 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:46.0257 3056 mrxsmb - ok
23:44:46.0663 3056 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:46.0678 3056 mrxsmb10 - ok
23:44:47.0068 3056 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:47.0068 3056 mrxsmb20 - ok
23:44:47.0427 3056 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:44:47.0427 3056 msahci - ok
23:44:47.0786 3056 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:44:47.0802 3056 msdsm - ok
23:44:48.0176 3056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:44:48.0176 3056 Msfs - ok
23:44:48.0566 3056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:44:48.0566 3056 mshidkmdf - ok
23:44:48.0972 3056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:44:48.0972 3056 msisadrv - ok
23:44:49.0362 3056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:44:49.0362 3056 MSKSSRV - ok
23:44:49.0798 3056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:49.0798 3056 MSPCLOCK - ok
23:44:50.0157 3056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:44:50.0157 3056 MSPQM - ok
23:44:50.0547 3056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:44:50.0547 3056 MsRPC - ok
23:44:50.0906 3056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:44:50.0906 3056 mssmbios - ok
23:44:51.0280 3056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:44:51.0280 3056 MSTEE - ok
23:44:51.0670 3056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:44:51.0670 3056 MTConfig - ok
23:44:52.0060 3056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:44:52.0060 3056 Mup - ok
23:44:52.0544 3056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:44:52.0544 3056 NativeWifiP - ok
23:44:52.0809 3056 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS
23:44:52.0809 3056 NAVENG - ok
23:44:52.0903 3056 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS
23:44:52.0934 3056 NAVEX15 - ok
23:44:53.0308 3056 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:44:53.0324 3056 NDIS - ok
23:44:53.0683 3056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:44:53.0683 3056 NdisCap - ok
23:44:54.0073 3056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:54.0073 3056 NdisTapi - ok
23:44:54.0463 3056 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:54.0463 3056 Ndisuio - ok
23:44:54.0868 3056 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:54.0868 3056 NdisWan - ok
23:44:55.0305 3056 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:44:55.0305 3056 NDProxy - ok
23:44:55.0680 3056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:44:55.0680 3056 NetBIOS - ok
23:44:56.0070 3056 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:44:56.0085 3056 NetBT - ok
23:44:56.0506 3056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:44:56.0506 3056 nfrd960 - ok
23:44:56.0881 3056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:44:56.0896 3056 Npfs - ok
23:44:57.0271 3056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:44:57.0286 3056 nsiproxy - ok
23:44:57.0770 3056 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:44:57.0832 3056 Ntfs - ok
23:44:58.0176 3056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:44:58.0176 3056 Null - ok
23:44:58.0566 3056 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:44:58.0566 3056 nvraid - ok
23:44:58.0956 3056 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:44:58.0956 3056 nvstor - ok
23:44:59.0392 3056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:44:59.0408 3056 nv_agp - ok
23:45:00.0422 3056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:45:00.0516 3056 ohci1394 - ok
23:45:00.0952 3056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:45:00.0968 3056 Parport - ok
23:45:01.0452 3056 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:45:01.0467 3056 partmgr - ok
23:45:01.0826 3056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:45:01.0826 3056 Parvdm - ok
23:45:02.0341 3056 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:45:02.0341 3056 pci - ok
23:45:02.0715 3056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:45:02.0715 3056 pciide - ok
23:45:03.0105 3056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:45:03.0105 3056 pcmcia - ok
23:45:03.0480 3056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:45:03.0480 3056 pcw - ok
23:45:03.0932 3056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:45:03.0979 3056 PEAUTH - ok
23:45:04.0977 3056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:04.0977 3056 PptpMiniport - ok
23:45:05.0648 3056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:45:05.0726 3056 Processor - ok
23:45:06.0241 3056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:45:06.0256 3056 Psched - ok
23:45:06.0771 3056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:45:06.0896 3056 ql2300 - ok
23:45:07.0270 3056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:45:07.0270 3056 ql40xx - ok
23:45:08.0456 3056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:45:08.0456 3056 QWAVEdrv - ok
23:45:08.0908 3056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:08.0908 3056 RasAcd - ok
23:45:10.0359 3056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:10.0359 3056 RasAgileVpn - ok
23:45:10.0749 3056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:10.0765 3056 Rasl2tp - ok
23:45:11.0155 3056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:11.0155 3056 RasPppoe - ok
23:45:11.0545 3056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:11.0545 3056 RasSstp - ok
23:45:12.0028 3056 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:12.0028 3056 rdbss - ok
23:45:12.0543 3056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:45:12.0559 3056 rdpbus - ok
23:45:12.0918 3056 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:12.0918 3056 RDPCDD - ok
23:45:13.0432 3056 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:45:13.0432 3056 RDPDR - ok
23:45:13.0900 3056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:45:13.0994 3056 RDPENCDD - ok
23:45:14.0712 3056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:45:14.0727 3056 RDPREFMP - ok
23:45:16.0287 3056 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:45:16.0287 3056 RDPWD - ok
23:45:16.0677 3056 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:45:16.0677 3056 rdyboost - ok
23:45:17.0098 3056 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:45:17.0098 3056 RFCOMM - ok
23:45:17.0504 3056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:17.0504 3056 rspndr - ok
23:45:17.0863 3056 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:45:17.0863 3056 s3cap - ok
23:45:18.0268 3056 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:45:18.0268 3056 sbp2port - ok
23:45:18.0643 3056 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:45:18.0643 3056 scfilter - ok
23:45:19.0064 3056 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
23:45:19.0064 3056 sdbus - ok
23:45:19.0438 3056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:45:19.0438 3056 secdrv - ok
23:45:19.0828 3056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:45:19.0828 3056 Serenum - ok
23:45:20.0250 3056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:45:20.0250 3056 Serial - ok
23:45:20.0640 3056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:45:20.0640 3056 sermouse - ok
23:45:21.0014 3056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:45:21.0014 3056 sffdisk - ok
23:45:21.0576 3056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:45:21.0576 3056 sffp_mmc - ok
23:45:22.0044 3056 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:45:22.0044 3056 sffp_sd - ok
23:45:22.0387 3056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:45:22.0449 3056 sfloppy - ok
23:45:22.0933 3056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:45:22.0933 3056 sisagp - ok
23:45:27.0082 3056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:45:27.0098 3056 SiSRaid2 - ok
23:45:29.0267 3056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:45:29.0391 3056 SiSRaid4 - ok
23:45:29.0953 3056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:45:29.0953 3056 Smb - ok
23:45:30.0343 3056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:45:30.0343 3056 spldr - ok
23:45:30.0873 3056 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS
23:45:30.0889 3056 SRTSP - ok
23:45:31.0326 3056 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS
23:45:31.0326 3056 SRTSPX - ok
23:45:31.0716 3056 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
23:45:31.0731 3056 srv - ok
23:45:32.0121 3056 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
23:45:32.0121 3056 srv2 - ok
23:45:32.0527 3056 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:45:32.0543 3056 SrvHsfHDA - ok
23:45:32.0917 3056 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:45:32.0948 3056 SrvHsfV92 - ok
23:45:33.0354 3056 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:45:33.0369 3056 SrvHsfWinac - ok
23:45:33.0759 3056 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:33.0759 3056 srvnet - ok
23:45:34.0181 3056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:45:34.0181 3056 stexstor - ok
23:45:34.0539 3056 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:45:34.0539 3056 storflt - ok
23:45:34.0898 3056 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:45:34.0898 3056 storvsc - ok
23:45:35.0257 3056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:45:35.0257 3056 swenum - ok
23:45:35.0756 3056 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS
23:45:35.0772 3056 SymDS - ok
23:45:36.0255 3056 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS
23:45:36.0271 3056 SymEFA - ok
23:45:36.0661 3056 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:45:36.0661 3056 SymEvent - ok
23:45:37.0129 3056 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS
23:45:37.0129 3056 SymIRON - ok
23:45:37.0597 3056 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS
23:45:37.0597 3056 SymNetS - ok
23:45:38.0049 3056 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
23:45:38.0081 3056 Tcpip - ok
23:45:38.0471 3056 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:38.0486 3056 TCPIP6 - ok
23:45:38.0892 3056 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:45:38.0892 3056 tcpipreg - ok
23:45:39.0266 3056 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:45:39.0266 3056 TDPIPE - ok
23:45:39.0609 3056 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:45:39.0609 3056 TDTCP - ok
23:45:39.0968 3056 tdx (02bede7c69bc6d86e8600316f35c7f57) C:\Windows\system32\DRIVERS\tdx.sys
23:45:39.0968 3056 tdx ( Rootkit.Win32.ZAccess.g ) - infected
23:45:39.0968 3056 tdx - detected Rootkit.Win32.ZAccess.g (0)
23:45:40.0358 3056 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:45:40.0358 3056 TermDD - ok
23:45:40.0779 3056 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:40.0779 3056 tssecsrv - ok
23:45:41.0045 3056 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
23:45:41.0045 3056 TuneUpUtilitiesDrv - ok
23:45:41.0388 3056 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:41.0403 3056 tunnel - ok
23:45:41.0778 3056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:45:41.0793 3056 uagp35 - ok
23:45:42.0183 3056 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:45:42.0199 3056 udfs - ok
23:45:42.0651 3056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:45:42.0745 3056 uliagpkx - ok
23:45:43.0079 3056 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:45:43.0079 3056 umbus - ok
23:45:43.0471 3056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:45:43.0471 3056 UmPass - ok
23:45:43.0861 3056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:45:43.0861 3056 USBAAPL - ok
23:45:44.0242 3056 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:44.0242 3056 usbccgp - ok
23:45:44.0632 3056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:45:44.0632 3056 usbcir - ok
23:45:45.0007 3056 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:45.0007 3056 usbehci - ok
23:45:45.0397 3056 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:45.0412 3056 usbhub - ok
23:45:45.0787 3056 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:45.0787 3056 usbohci - ok
23:45:46.0177 3056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:45:46.0177 3056 usbprint - ok
23:45:46.0567 3056 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:46.0582 3056 USBSTOR - ok
23:45:47.0035 3056 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:45:47.0035 3056 usbuhci - ok
23:45:47.0549 3056 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
23:45:47.0549 3056 VClone - ok
23:45:47.0893 3056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:45:47.0893 3056 vdrvroot - ok
23:45:48.0251 3056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:48.0251 3056 vga - ok
23:45:48.0641 3056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:45:48.0641 3056 VgaSave - ok
23:45:49.0109 3056 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:45:49.0125 3056 vhdmp - ok
23:45:49.0484 3056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:45:49.0484 3056 viaagp - ok
23:45:49.0858 3056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:45:49.0858 3056 ViaC7 - ok
23:45:50.0233 3056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:45:50.0233 3056 viaide - ok
23:45:50.0591 3056 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:45:50.0591 3056 vmbus - ok
23:45:50.0935 3056 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:45:50.0950 3056 VMBusHID - ok
23:45:51.0309 3056 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:45:51.0309 3056 volmgr - ok
23:45:51.0683 3056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:45:51.0715 3056 volmgrx - ok
23:45:52.0120 3056 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:45:52.0120 3056 volsnap - ok
23:45:52.0775 3056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:45:52.0775 3056 vsmraid - ok
23:45:53.0165 3056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:45:53.0165 3056 vwifibus - ok
23:45:53.0571 3056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:45:53.0571 3056 vwififlt - ok
23:45:54.0133 3056 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:45:54.0133 3056 vwifimp - ok
23:45:54.0507 3056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:45:54.0523 3056 WacomPen - ok
23:45:54.0866 3056 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0866 3056 WANARP - ok
23:45:54.0881 3056 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:54.0881 3056 Wanarpv6 - ok
23:45:55.0303 3056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:45:55.0303 3056 Wd - ok
23:45:55.0661 3056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:45:55.0661 3056 Wdf01000 - ok
23:45:56.0098 3056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:45:56.0098 3056 WfpLwf - ok
23:45:56.0473 3056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:45:56.0473 3056 WIMMount - ok
23:45:56.0909 3056 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
23:45:56.0909 3056 WinUsb - ok
23:45:57.0331 3056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:45:57.0331 3056 WmiAcpi - ok
23:45:57.0752 3056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:57.0752 3056 ws2ifsl - ok
23:45:58.0126 3056 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:45:58.0126 3056 WudfPf - ok
23:45:58.0501 3056 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:58.0501 3056 WUDFRd - ok
23:45:58.0594 3056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:45:58.0657 3056 \Device\Harddisk0\DR0 - ok
23:45:58.0672 3056 Boot (0x1200) (d9309ba9da18506827077a43b40cdaeb) \Device\Harddisk0\DR0\Partition0
23:45:58.0672 3056 \Device\Harddisk0\DR0\Partition0 - ok
23:45:58.0688 3056 Boot (0x1200) (e607270cd54bb73414cb04ed59578b2e) \Device\Harddisk0\DR0\Partition1
23:45:58.0688 3056 \Device\Harddisk0\DR0\Partition1 - ok
23:45:58.0735 3056 Boot (0x1200) (2ca966281e8767d6ba71212b76470b5f) \Device\Harddisk0\DR0\Partition2
23:45:58.0735 3056 \Device\Harddisk0\DR0\Partition2 - ok
23:45:58.0766 3056 Boot (0x1200) (318536f777627ce692442de47272d540) \Device\Harddisk0\DR0\Partition3
23:45:58.0766 3056 \Device\Harddisk0\DR0\Partition3 - ok
23:45:58.0766 3056 ============================================================
23:45:58.0766 3056 Scan finished
23:45:58.0766 3056 ============================================================
23:45:58.0781 3468 Detected object count: 1
23:45:58.0781 3468 Actual detected object count: 1
00:08:10.0726 3468 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
00:08:13.0206 3468 Backup copy found, using it..
00:08:13.0502 3468 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
00:08:34.0968 3468 C:\Windows\System32\c_70780.nls - will be deleted on reboot
00:08:45.0514 3468 tdx ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
00:09:41.0377 2720 Deinitialize success [/SPOILER]

DanyRibi · 29.12.2011, 00:27

muss ich jetzt noch etwas machen oder war's das jetzt?

Chris4You · 29.12.2011, 07:20

Hi,

lass bitte noch mal MBRCheck laufen...
Wenn der Rechner keine Symphtome mehr hat, wären wir durch...

Zur Sicherheit abschließend noch Dr.Web...
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

DanyRibi · 29.12.2011, 11:51

so hier nochmal den MBR Check von heute:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5230
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 161):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BA1000 \SystemRoot\system32\kdcom.dll
0x8323B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B3000 \SystemRoot\system32\PSHED.dll
0x832C4000 \SystemRoot\system32\BOOTVID.dll
0x832CC000 \SystemRoot\system32\CLFS.SYS
0x8330E000 \SystemRoot\system32\CI.dll
0x87039000 \SystemRoot\system32\drivers\Wdf01000.sys
0x870AA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x870B8000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x87100000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x87109000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x87111000 \SystemRoot\system32\DRIVERS\pci.sys
0x8713B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x87146000 \SystemRoot\System32\drivers\partmgr.sys
0x87157000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8715F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8716A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8717A000 \SystemRoot\System32\drivers\volmgrx.sys
0x871C5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x871CC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x87000000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x871DA000 \SystemRoot\System32\drivers\mountmgr.sys
0x871F0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x833B9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8702E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83200000 \SystemRoot\system32\drivers\fltmgr.sys
0x87220000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMDS.SYS
0x87277000 \SystemRoot\system32\drivers\fileinfo.sys
0x87288000 \SystemRoot\system32\drivers\N360\0500000.07D\SYMEFA.SYS
0x87405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87534000 \SystemRoot\System32\Drivers\msrpc.sys
0x8755F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87572000 \SystemRoot\System32\Drivers\cng.sys
0x875CF000 \SystemRoot\System32\drivers\pcw.sys
0x875DD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8732C000 \SystemRoot\system32\drivers\ndis.sys
0x87636000 \SystemRoot\system32\drivers\NETIO.SYS
0x87674000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87699000 \SystemRoot\System32\drivers\tcpip.sys
0x87600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x877E2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87808000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87847000 \SystemRoot\System32\Drivers\spldr.sys
0x8784F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8787C000 \SystemRoot\System32\Drivers\mup.sys
0x8788C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87894000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x878C6000 \SystemRoot\system32\DRIVERS\disk.sys
0x878D7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8792E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8794D000 \SystemRoot\System32\Drivers\Null.SYS
0x87954000 \SystemRoot\System32\drivers\vga.sys
0x87960000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87981000 \SystemRoot\System32\drivers\watchdog.sys
0x8798E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87996000 \SystemRoot\system32\drivers\rdpencdd.sys

Hier hört er auch auf.

DanyRibi · 29.12.2011, 12:17

2 Fragen zu Dr. Web - Cure it:
1. Bei dem Automatischen Schnellscan wurden infizierte Objekte gefunden.
Soll ich die verschieben oder nicht?
2. Nach dem autmoatischen Schnellscan.
Soll ich dann noch einen Fullscan machen?

Chris4You · 29.12.2011, 13:21

Hi,
2xja und
die Logs jeweils posten!

chris

DanyRibi · 29.12.2011, 14:59

Hei.!

Hier ist schonmal die .log-Datei vom Schnellscan von Dr.Web
Den Fullscan soll ich dann auch posten oder?
Gruß DanyRibi

7021239128773976934653[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HDWKI0M;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1]\JSFile_1[0][20f];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4\xcid,jsI;Wahrscheinlich SCRIPT.Virus;;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Container enthält infizierte Objekte;Verschoben.;
xcid,jsIXo-azmhb9CDQBYk-ZaA==[1];C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10VGUAL4;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3641UP7X;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OZ6VOD5;Wahrscheinlich SCRIPT.Virus;;
ajs[2].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
ajs[3].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LXUZBQ8;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96OA6HUH;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQUVL7Y7;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG0PBX5P;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTGWDJP5;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9QEIMTK;Wahrscheinlich SCRIPT.Virus;;
vasCA08CV6F.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vasCAXU72FV.js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[11].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWUMFC7Y;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3UZK83G;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPLE2Y0Q;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
vas[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVQ7PY8I;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
vas[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA12M9QP;Wahrscheinlich SCRIPT.Virus;;
ajs[1].php;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
vas[9].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0H5LBVS;Wahrscheinlich SCRIPT.Virus;;
ipodservice.exe;c:\program files\ipod\bin;Trojan.Starter.1695;Desinfiziert.;
mbamservice.exe;c:\program files\malwarebytes' anti-malware;Trojan.Starter.1695;Desinfiziert.;
ccsvchst.exe;c:\program files\norton 360\engine\5.0.0.125;Trojan.Starter.1695;Desinfiziert.;
regsrv64.exe;c:\users\administrator\appdata\roaming;Trojan.VbCrypt.80;Gelöscht.;

Chris4You · 29.12.2011, 16:42

Hi,

irgendwie kommen die Viecher schneller nach als das wir sie wieder los werden...
Poste auch das Log vom Fullscan und nochmal ein OTL-Log...

Danach Update für MAM und auch noch mal ein Fullscan...

chris

"Mediashifting.com" Virus

Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" Virus