| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windowssystem blockiert. OTLogfiles hochgeladen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.02.2012, 09:50
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windowssystem blockiert. OTLogfiles hochgeladen. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.02.2012, 10:22
| #17 |
 | Windowssystem blockiert. OTLogfiles hochgeladen.Code:
ATTFilter 10:15:39.0625 2236 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
10:15:39.0828 2236 ============================================================
10:15:39.0828 2236 Current date / time: 2012/02/08 10:15:39.0828
10:15:39.0828 2236 SystemInfo:
10:15:39.0828 2236
10:15:39.0828 2236 OS Version: 5.1.2600 ServicePack: 3.0
10:15:39.0828 2236 Product type: Workstation
10:15:39.0828 2236 ComputerName: NGUYEN-11C66DE0
10:15:39.0828 2236 UserName: Vu
10:15:39.0828 2236 Windows directory: C:\WINDOWS
10:15:39.0828 2236 System windows directory: C:\WINDOWS
10:15:39.0828 2236 Processor architecture: Intel x86
10:15:39.0828 2236 Number of processors: 2
10:15:39.0828 2236 Page size: 0x1000
10:15:39.0828 2236 Boot type: Normal boot
10:15:39.0828 2236 ============================================================
10:15:41.0562 2236 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:15:41.0562 2236 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:15:41.0578 2236 \Device\Harddisk0\DR0:
10:15:41.0578 2236 MBR used
10:15:41.0578 2236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x96676DA
10:15:41.0593 2236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9667758, BlocksNum 0x8606AED
10:15:41.0609 2236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x11C6E284, BlocksNum 0xDAA83D
10:15:41.0609 2236 \Device\Harddisk1\DR1:
10:15:41.0609 2236 MBR used
10:15:41.0609 2236 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x12A14BC1
10:15:41.0734 2236 Initialize success
10:15:41.0734 2236 ============================================================
10:19:44.0453 1924 ============================================================
10:19:44.0453 1924 Scan started
10:19:44.0453 1924 Mode: Manual; SigCheck; TDLFS;
10:19:44.0453 1924 ============================================================
10:19:44.0890 1924 Abiosdsk - ok
10:19:44.0906 1924 abp480n5 - ok
10:19:44.0953 1924 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:19:45.0734 1924 ACPI - ok
10:19:45.0828 1924 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:19:45.0968 1924 ACPIEC - ok
10:19:45.0984 1924 adpu160m - ok
10:19:46.0000 1924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:19:46.0140 1924 aec - ok
10:19:46.0187 1924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:19:46.0234 1924 AFD - ok
10:19:46.0250 1924 AFGMp50 - ok
10:19:46.0281 1924 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
10:19:46.0343 1924 AFGSp50 - ok
10:19:46.0421 1924 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:19:46.0562 1924 AgereSoftModem - ok
10:19:46.0562 1924 Aha154x - ok
10:19:46.0578 1924 aic78u2 - ok
10:19:46.0593 1924 aic78xx - ok
10:19:46.0609 1924 AliIde - ok
10:19:46.0609 1924 amsint - ok
10:19:46.0656 1924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:19:46.0796 1924 Arp1394 - ok
10:19:46.0812 1924 asc - ok
10:19:46.0812 1924 asc3350p - ok
10:19:46.0828 1924 asc3550 - ok
10:19:46.0859 1924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:19:46.0968 1924 AsyncMac - ok
10:19:47.0000 1924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:19:47.0125 1924 atapi - ok
10:19:47.0140 1924 Atdisk - ok
10:19:47.0203 1924 ati2mtag (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:19:47.0312 1924 ati2mtag - ok
10:19:47.0328 1924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:19:47.0453 1924 Atmarpc - ok
10:19:47.0484 1924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:19:47.0609 1924 audstub - ok
10:19:47.0656 1924 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
10:19:47.0671 1924 avgio - ok
10:19:47.0687 1924 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:19:47.0703 1924 avgntflt - ok
10:19:47.0718 1924 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:19:47.0734 1924 avipbb - ok
10:19:47.0765 1924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:19:47.0890 1924 Beep - ok
10:19:47.0921 1924 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
10:19:47.0953 1924 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
10:19:47.0953 1924 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
10:19:47.0984 1924 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
10:19:48.0000 1924 BT ( UnsignedFile.Multi.Generic ) - warning
10:19:48.0000 1924 BT - detected UnsignedFile.Multi.Generic (1)
10:19:48.0000 1924 Btcsrusb (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
10:19:48.0015 1924 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
10:19:48.0015 1924 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
10:19:48.0031 1924 BTHidEnum (0448968ba21acde511c19f3c0296e23b) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
10:19:48.0031 1924 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
10:19:48.0031 1924 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
10:19:48.0046 1924 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
10:19:48.0062 1924 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
10:19:48.0062 1924 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
10:19:48.0078 1924 CardReaderFilter (66b71dd7794d3b8a88ccb645896d3e53) C:\WINDOWS\system32\Drivers\USBCRFT.SYS
10:19:48.0093 1924 CardReaderFilter ( UnsignedFile.Multi.Generic ) - warning
10:19:48.0093 1924 CardReaderFilter - detected UnsignedFile.Multi.Generic (1)
10:19:48.0125 1924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:19:48.0234 1924 cbidf2k - ok
10:19:48.0265 1924 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:19:48.0390 1924 CCDECODE - ok
10:19:48.0406 1924 cd20xrnt - ok
10:19:48.0421 1924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:19:48.0546 1924 Cdaudio - ok
10:19:48.0546 1924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:19:48.0687 1924 Cdfs - ok
10:19:48.0703 1924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:19:48.0828 1924 Cdrom - ok
10:19:48.0843 1924 Changer - ok
10:19:48.0875 1924 CmdIde - ok
10:19:48.0953 1924 cmudax (53c90d77476edd52b3abafca8d5d01db) C:\WINDOWS\system32\drivers\cmudax.sys
10:19:49.0125 1924 cmudax - ok
10:19:49.0156 1924 Cpqarray - ok
10:19:49.0156 1924 dac2w2k - ok
10:19:49.0171 1924 dac960nt - ok
10:19:49.0187 1924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:19:49.0312 1924 Disk - ok
10:19:49.0359 1924 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:19:49.0531 1924 dmboot - ok
10:19:49.0546 1924 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:19:49.0687 1924 dmio - ok
10:19:49.0718 1924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:19:49.0828 1924 dmload - ok
10:19:49.0859 1924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:19:50.0000 1924 DMusic - ok
10:19:50.0015 1924 dpti2o - ok
10:19:50.0031 1924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:19:50.0156 1924 drmkaud - ok
10:19:50.0187 1924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:19:50.0328 1924 Fastfat - ok
10:19:50.0343 1924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:19:50.0484 1924 Fdc - ok
10:19:50.0500 1924 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
10:19:50.0531 1924 FETNDISB - ok
10:19:50.0546 1924 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:19:50.0671 1924 Fips - ok
10:19:50.0703 1924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:19:50.0828 1924 Flpydisk - ok
10:19:50.0859 1924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:19:51.0000 1924 FltMgr - ok
10:19:51.0031 1924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:19:51.0171 1924 Fs_Rec - ok
10:19:51.0187 1924 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:19:51.0312 1924 Ftdisk - ok
10:19:51.0328 1924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:19:51.0453 1924 Gpc - ok
10:19:51.0484 1924 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
10:19:51.0515 1924 HdAudAddService - ok
10:19:51.0546 1924 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:19:51.0671 1924 HDAudBus - ok
10:19:51.0687 1924 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:19:51.0828 1924 hidusb - ok
10:19:51.0843 1924 hpn - ok
10:19:51.0875 1924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:19:51.0921 1924 HTTP - ok
10:19:51.0921 1924 i2omgmt - ok
10:19:51.0937 1924 i2omp - ok
10:19:51.0968 1924 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:19:52.0093 1924 i8042prt - ok
10:19:52.0109 1924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:19:52.0234 1924 Imapi - ok
10:19:52.0250 1924 ini910u - ok
10:19:52.0265 1924 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:19:52.0390 1924 IntelIde - ok
10:19:52.0421 1924 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:19:52.0531 1924 intelppm - ok
10:19:52.0562 1924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:19:52.0687 1924 Ip6Fw - ok
10:19:52.0718 1924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:19:52.0843 1924 IpFilterDriver - ok
10:19:52.0859 1924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:19:52.0984 1924 IpInIp - ok
10:19:53.0000 1924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:19:53.0125 1924 IpNat - ok
10:19:53.0140 1924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:19:53.0265 1924 IPSec - ok
10:19:53.0281 1924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:19:53.0406 1924 IRENUM - ok
10:19:53.0421 1924 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:19:53.0546 1924 isapnp - ok
10:19:53.0578 1924 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:19:53.0703 1924 Kbdclass - ok
10:19:53.0718 1924 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:19:53.0828 1924 kbdhid - ok
10:19:53.0859 1924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:19:53.0984 1924 kmixer - ok
10:19:54.0000 1924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:19:54.0046 1924 KSecDD - ok
10:19:54.0062 1924 lbrtfdc - ok
10:19:54.0093 1924 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
10:19:54.0109 1924 MagicTune ( UnsignedFile.Multi.Generic ) - warning
10:19:54.0109 1924 MagicTune - detected UnsignedFile.Multi.Generic (1)
10:19:54.0156 1924 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:19:54.0171 1924 MBAMProtector - ok
10:19:54.0203 1924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:19:54.0312 1924 mnmdd - ok
10:19:54.0343 1924 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:19:54.0468 1924 Modem - ok
10:19:54.0484 1924 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:19:54.0609 1924 Mouclass - ok
10:19:54.0640 1924 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:19:54.0765 1924 mouhid - ok
10:19:54.0781 1924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:19:54.0890 1924 MountMgr - ok
10:19:54.0906 1924 mraid35x - ok
10:19:54.0921 1924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:19:55.0062 1924 MRxDAV - ok
10:19:55.0109 1924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:19:55.0218 1924 MRxSmb - ok
10:19:55.0234 1924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:19:55.0359 1924 Msfs - ok
10:19:55.0390 1924 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
10:19:55.0406 1924 MSHUSBVideo - ok
10:19:55.0437 1924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:19:55.0562 1924 MSKSSRV - ok
10:19:55.0578 1924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:19:55.0703 1924 MSPCLOCK - ok
10:19:55.0718 1924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:19:55.0843 1924 MSPQM - ok
10:19:55.0875 1924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:19:56.0015 1924 mssmbios - ok
10:19:56.0046 1924 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:19:56.0156 1924 MSTEE - ok
10:19:56.0187 1924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:19:56.0218 1924 Mup - ok
10:19:56.0234 1924 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:19:56.0375 1924 NABTSFEC - ok
10:19:56.0406 1924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:19:56.0531 1924 NDIS - ok
10:19:56.0546 1924 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:19:56.0671 1924 NdisIP - ok
10:19:56.0703 1924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:19:56.0750 1924 NdisTapi - ok
10:19:56.0765 1924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:19:56.0875 1924 Ndisuio - ok
10:19:56.0890 1924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:19:57.0015 1924 NdisWan - ok
10:19:57.0046 1924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:19:57.0093 1924 NDProxy - ok
10:19:57.0109 1924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:19:57.0234 1924 NetBIOS - ok
10:19:57.0265 1924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:19:57.0390 1924 NetBT - ok
10:19:57.0421 1924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:19:57.0546 1924 NIC1394 - ok
10:19:57.0562 1924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:19:57.0671 1924 Npfs - ok
10:19:57.0703 1924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:19:57.0859 1924 Ntfs - ok
10:19:57.0906 1924 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
10:19:57.0937 1924 NTSIM ( UnsignedFile.Multi.Generic ) - warning
10:19:57.0937 1924 NTSIM - detected UnsignedFile.Multi.Generic (1)
10:19:57.0968 1924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:19:58.0093 1924 Null - ok
10:19:58.0109 1924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:19:58.0250 1924 NwlnkFlt - ok
10:19:58.0265 1924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:19:58.0375 1924 NwlnkFwd - ok
10:19:58.0406 1924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:19:58.0515 1924 ohci1394 - ok
10:19:58.0531 1924 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:19:58.0656 1924 Parport - ok
10:19:58.0671 1924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:19:58.0796 1924 PartMgr - ok
10:19:58.0828 1924 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:19:58.0937 1924 ParVdm - ok
10:19:58.0953 1924 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:19:59.0078 1924 PCI - ok
10:19:59.0109 1924 PCIDump - ok
10:19:59.0125 1924 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
10:19:59.0250 1924 PCIIde - ok
10:19:59.0265 1924 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:19:59.0390 1924 Pcmcia - ok
10:19:59.0406 1924 PDCOMP - ok
10:19:59.0421 1924 PDFRAME - ok
10:19:59.0437 1924 PDRELI - ok
10:19:59.0437 1924 PDRFRAME - ok
10:19:59.0453 1924 perc2 - ok
10:19:59.0468 1924 perc2hib - ok
10:19:59.0515 1924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:19:59.0640 1924 PptpMiniport - ok
10:19:59.0656 1924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:19:59.0781 1924 PSched - ok
10:19:59.0812 1924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:19:59.0937 1924 Ptilink - ok
10:19:59.0953 1924 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:19:59.0968 1924 PxHelp20 - ok
10:19:59.0984 1924 ql1080 - ok
10:19:59.0984 1924 Ql10wnt - ok
10:20:00.0000 1924 ql12160 - ok
10:20:00.0015 1924 ql1240 - ok
10:20:00.0031 1924 ql1280 - ok
10:20:00.0046 1924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:20:00.0171 1924 RasAcd - ok
10:20:00.0187 1924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:20:00.0328 1924 Rasl2tp - ok
10:20:00.0328 1924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:20:00.0453 1924 RasPppoe - ok
10:20:00.0468 1924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:20:00.0609 1924 Raspti - ok
10:20:00.0625 1924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:20:00.0765 1924 Rdbss - ok
10:20:00.0781 1924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:20:00.0906 1924 RDPCDD - ok
10:20:00.0953 1924 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:20:01.0000 1924 RDPWD - ok
10:20:01.0031 1924 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:20:01.0156 1924 redbook - ok
10:20:01.0171 1924 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:20:01.0312 1924 ROOTMODEM - ok
10:20:01.0343 1924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:20:01.0468 1924 Secdrv - ok
10:20:01.0500 1924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:20:01.0625 1924 serenum - ok
10:20:01.0625 1924 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:20:01.0765 1924 Serial - ok
10:20:01.0781 1924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:20:01.0906 1924 Sfloppy - ok
10:20:01.0921 1924 Simbad - ok
10:20:01.0953 1924 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:20:02.0078 1924 SLIP - ok
10:20:02.0078 1924 Sparrow - ok
10:20:02.0109 1924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:20:02.0234 1924 splitter - ok
10:20:02.0250 1924 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:20:02.0375 1924 sr - ok
10:20:02.0421 1924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:20:02.0484 1924 Srv - ok
10:20:02.0531 1924 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:20:02.0546 1924 ssmdrv - ok
10:20:02.0578 1924 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:20:02.0703 1924 streamip - ok
10:20:02.0718 1924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:20:02.0859 1924 swenum - ok
10:20:02.0875 1924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:20:03.0000 1924 swmidi - ok
10:20:03.0046 1924 sxuptp (c8a43978dadcf12b7e40a0577227dfbc) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
10:20:03.0062 1924 sxuptp - ok
10:20:03.0078 1924 symc810 - ok
10:20:03.0093 1924 symc8xx - ok
10:20:03.0109 1924 sym_hi - ok
10:20:03.0109 1924 sym_u3 - ok
10:20:03.0140 1924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:20:03.0265 1924 sysaudio - ok
10:20:03.0312 1924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:20:03.0421 1924 Tcpip - ok
10:20:03.0437 1924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:20:03.0562 1924 TDPIPE - ok
10:20:03.0578 1924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:20:03.0703 1924 TDTCP - ok
10:20:03.0734 1924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:20:03.0859 1924 TermDD - ok
10:20:03.0875 1924 TosIde - ok
10:20:03.0906 1924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:20:04.0031 1924 Udfs - ok
10:20:04.0046 1924 ultra - ok
10:20:04.0125 1924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:20:04.0281 1924 Update - ok
10:20:04.0328 1924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:20:04.0453 1924 usbaudio - ok
10:20:04.0468 1924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:20:04.0593 1924 usbccgp - ok
10:20:04.0609 1924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:20:04.0765 1924 usbehci - ok
10:20:04.0781 1924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:20:04.0890 1924 usbhub - ok
10:20:04.0921 1924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:20:05.0031 1924 usbprint - ok
10:20:05.0062 1924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:20:05.0187 1924 usbscan - ok
10:20:05.0203 1924 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:20:05.0328 1924 usbstor - ok
10:20:05.0343 1924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:20:05.0453 1924 usbuhci - ok
10:20:05.0484 1924 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:20:05.0609 1924 usbvideo - ok
10:20:05.0640 1924 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
10:20:05.0656 1924 VComm ( UnsignedFile.Multi.Generic ) - warning
10:20:05.0656 1924 VComm - detected UnsignedFile.Multi.Generic (1)
10:20:05.0687 1924 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
10:20:05.0703 1924 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
10:20:05.0703 1924 VcommMgr - detected UnsignedFile.Multi.Generic (1)
10:20:05.0734 1924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:20:05.0859 1924 VgaSave - ok
10:20:05.0859 1924 ViaIde - ok
10:20:05.0890 1924 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:20:06.0015 1924 VolSnap - ok
10:20:06.0031 1924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:20:06.0171 1924 Wanarp - ok
10:20:06.0203 1924 wbscr (67014473f902f3023f892c3a0950958a) C:\WINDOWS\system32\drivers\wbscr.sys
10:20:06.0218 1924 wbscr - ok
10:20:06.0234 1924 WDICA - ok
10:20:06.0250 1924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:20:06.0375 1924 wdmaud - ok
10:20:06.0437 1924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:20:06.0531 1924 WpdUsb - ok
10:20:06.0562 1924 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:20:06.0687 1924 WSTCODEC - ok
10:20:06.0734 1924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:20:06.0781 1924 WudfPf - ok
10:20:06.0796 1924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:20:06.0843 1924 WudfRd - ok
10:20:06.0890 1924 XUIF (93692d6b2fcbb63f517642048f5295fb) C:\WINDOWS\system32\Drivers\x10ufx2.sys
10:20:06.0921 1924 XUIF - ok
10:20:06.0937 1924 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:20:07.0093 1924 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:20:07.0093 1924 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:20:07.0125 1924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:20:07.0218 1924 \Device\Harddisk1\DR1 - ok
10:20:07.0218 1924 Boot (0x1200) (781f4691f59ec41a892b2ffdfea62242) \Device\Harddisk0\DR0\Partition0
10:20:07.0218 1924 \Device\Harddisk0\DR0\Partition0 - ok
10:20:07.0234 1924 Boot (0x1200) (87a6b203482080c2cc02d6ad51763528) \Device\Harddisk0\DR0\Partition1
10:20:07.0234 1924 \Device\Harddisk0\DR0\Partition1 - ok
10:20:07.0265 1924 Boot (0x1200) (611ec723cbc44822b6b85d58d3961bf7) \Device\Harddisk0\DR0\Partition2
10:20:07.0265 1924 \Device\Harddisk0\DR0\Partition2 - ok
10:20:07.0296 1924 Boot (0x1200) (8b2343d0c054973e47439cf958f3eec8) \Device\Harddisk1\DR1\Partition0
10:20:07.0296 1924 \Device\Harddisk1\DR1\Partition0 - ok
10:20:07.0296 1924 ============================================================
10:20:07.0296 1924 Scan finished
10:20:07.0296 1924 ============================================================
10:20:07.0421 2588 Detected object count: 11
10:20:07.0421 2588 Actual detected object count: 11
10:20:33.0390 2588 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0390 2588 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0390 2588 BT ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0390 2588 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0390 2588 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0390 2588 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0390 2588 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0390 2588 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 CardReaderFilter ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 CardReaderFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:20:33.0406 2588 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:20:33.0406 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:20:33.0406 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
08.02.2012, 11:56
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen.Zitat:
__________________ |
|
08.02.2012, 18:13
| #19 |
| | Windowssystem blockiert. OTLogfiles hochgeladen. ich finde das Code:
ATTFilter 10:20:33.0406 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
wenn ich den tdss-killer öffne, kommt die Startseite: Start Scan. oder soll och nochmal scannen lassen und dann den tdss file löschen? |
|
09.02.2012, 11:30
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen. Ja du musst nochmal den Scan starten Und danach nur TDSS File System löschen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2012, 16:04
| #21 |
| | Windowssystem blockiert. OTLogfiles hochgeladen.Code:
ATTFilter 16:02:20.0046 2292 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
16:02:21.0375 2292 ============================================================
16:02:21.0375 2292 Current date / time: 2012/02/09 16:02:21.0375
16:02:21.0375 2292 SystemInfo:
16:02:21.0375 2292
16:02:21.0375 2292 OS Version: 5.1.2600 ServicePack: 3.0
16:02:21.0375 2292 Product type: Workstation
16:02:21.0390 2292 ComputerName: NGUYEN-11C66DE0
16:02:21.0390 2292 UserName: Vu
16:02:21.0390 2292 Windows directory: C:\WINDOWS
16:02:21.0390 2292 System windows directory: C:\WINDOWS
16:02:21.0390 2292 Processor architecture: Intel x86
16:02:21.0390 2292 Number of processors: 2
16:02:21.0390 2292 Page size: 0x1000
16:02:21.0390 2292 Boot type: Normal boot
16:02:21.0390 2292 ============================================================
16:02:23.0156 2292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:02:23.0156 2292 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:02:23.0171 2292 \Device\Harddisk0\DR0:
16:02:23.0171 2292 MBR used
16:02:23.0171 2292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x96676DA
16:02:23.0203 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9667758, BlocksNum 0x8606AED
16:02:23.0218 2292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x11C6E284, BlocksNum 0xDAA83D
16:02:23.0218 2292 \Device\Harddisk1\DR1:
16:02:23.0218 2292 MBR used
16:02:23.0218 2292 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x12A14BC1
16:02:23.0296 2292 Initialize success
16:02:23.0296 2292 ============================================================
16:02:31.0015 2636 ============================================================
16:02:31.0015 2636 Scan started
16:02:31.0015 2636 Mode: Manual; SigCheck; TDLFS;
16:02:31.0015 2636 ============================================================
16:02:32.0000 2636 Abiosdsk - ok
16:02:32.0015 2636 abp480n5 - ok
16:02:32.0046 2636 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:02:33.0406 2636 ACPI - ok
16:02:33.0578 2636 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:02:33.0828 2636 ACPIEC - ok
16:02:33.0828 2636 adpu160m - ok
16:02:33.0859 2636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:02:34.0031 2636 aec - ok
16:02:34.0062 2636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:02:34.0140 2636 AFD - ok
16:02:34.0140 2636 AFGMp50 - ok
16:02:34.0171 2636 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
16:02:34.0250 2636 AFGSp50 - ok
16:02:34.0312 2636 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:02:34.0453 2636 AgereSoftModem - ok
16:02:34.0468 2636 Aha154x - ok
16:02:34.0484 2636 aic78u2 - ok
16:02:34.0500 2636 aic78xx - ok
16:02:34.0515 2636 AliIde - ok
16:02:34.0515 2636 amsint - ok
16:02:34.0562 2636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:02:34.0734 2636 Arp1394 - ok
16:02:34.0750 2636 asc - ok
16:02:34.0750 2636 asc3350p - ok
16:02:34.0765 2636 asc3550 - ok
16:02:34.0796 2636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:02:34.0953 2636 AsyncMac - ok
16:02:34.0968 2636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:02:35.0109 2636 atapi - ok
16:02:35.0109 2636 Atdisk - ok
16:02:35.0171 2636 ati2mtag (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:02:35.0312 2636 ati2mtag - ok
16:02:35.0328 2636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:02:35.0468 2636 Atmarpc - ok
16:02:35.0500 2636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:02:35.0640 2636 audstub - ok
16:02:35.0687 2636 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:02:35.0703 2636 avgio - ok
16:02:35.0718 2636 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:02:35.0750 2636 avgntflt - ok
16:02:35.0765 2636 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:02:35.0781 2636 avipbb - ok
16:02:35.0812 2636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:02:35.0953 2636 Beep - ok
16:02:35.0984 2636 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
16:02:36.0000 2636 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0000 2636 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
16:02:36.0031 2636 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
16:02:36.0046 2636 BT ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0046 2636 BT - detected UnsignedFile.Multi.Generic (1)
16:02:36.0078 2636 Btcsrusb (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
16:02:36.0093 2636 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0093 2636 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
16:02:36.0093 2636 BTHidEnum (0448968ba21acde511c19f3c0296e23b) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
16:02:36.0109 2636 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0109 2636 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
16:02:36.0109 2636 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
16:02:36.0140 2636 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0140 2636 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
16:02:36.0171 2636 CardReaderFilter (66b71dd7794d3b8a88ccb645896d3e53) C:\WINDOWS\system32\Drivers\USBCRFT.SYS
16:02:36.0187 2636 CardReaderFilter ( UnsignedFile.Multi.Generic ) - warning
16:02:36.0187 2636 CardReaderFilter - detected UnsignedFile.Multi.Generic (1)
16:02:36.0203 2636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:02:36.0328 2636 cbidf2k - ok
16:02:36.0359 2636 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:02:36.0484 2636 CCDECODE - ok
16:02:36.0484 2636 cd20xrnt - ok
16:02:36.0500 2636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:02:36.0656 2636 Cdaudio - ok
16:02:36.0656 2636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:02:36.0812 2636 Cdfs - ok
16:02:36.0828 2636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:02:36.0984 2636 Cdrom - ok
16:02:37.0000 2636 Changer - ok
16:02:37.0031 2636 CmdIde - ok
16:02:37.0109 2636 cmudax (53c90d77476edd52b3abafca8d5d01db) C:\WINDOWS\system32\drivers\cmudax.sys
16:02:37.0312 2636 cmudax - ok
16:02:37.0328 2636 Cpqarray - ok
16:02:37.0343 2636 dac2w2k - ok
16:02:37.0359 2636 dac960nt - ok
16:02:37.0375 2636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:02:37.0500 2636 Disk - ok
16:02:37.0562 2636 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:02:37.0781 2636 dmboot - ok
16:02:37.0812 2636 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:02:37.0968 2636 dmio - ok
16:02:37.0984 2636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:02:38.0109 2636 dmload - ok
16:02:38.0140 2636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:02:38.0281 2636 DMusic - ok
16:02:38.0312 2636 dpti2o - ok
16:02:38.0343 2636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:02:38.0468 2636 drmkaud - ok
16:02:38.0500 2636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:02:38.0640 2636 Fastfat - ok
16:02:38.0671 2636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:02:38.0796 2636 Fdc - ok
16:02:38.0812 2636 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
16:02:38.0859 2636 FETNDISB - ok
16:02:38.0875 2636 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:02:39.0015 2636 Fips - ok
16:02:39.0031 2636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:02:39.0171 2636 Flpydisk - ok
16:02:39.0203 2636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:02:39.0343 2636 FltMgr - ok
16:02:39.0375 2636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:02:39.0515 2636 Fs_Rec - ok
16:02:39.0531 2636 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:02:39.0671 2636 Ftdisk - ok
16:02:39.0703 2636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:02:39.0859 2636 Gpc - ok
16:02:39.0875 2636 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
16:02:39.0921 2636 HdAudAddService - ok
16:02:39.0953 2636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:02:40.0093 2636 HDAudBus - ok
16:02:40.0109 2636 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:02:40.0250 2636 hidusb - ok
16:02:40.0265 2636 hpn - ok
16:02:40.0312 2636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:02:40.0359 2636 HTTP - ok
16:02:40.0375 2636 i2omgmt - ok
16:02:40.0390 2636 i2omp - ok
16:02:40.0406 2636 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:02:40.0562 2636 i8042prt - ok
16:02:40.0578 2636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:02:40.0703 2636 Imapi - ok
16:02:40.0718 2636 ini910u - ok
16:02:40.0765 2636 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:02:40.0906 2636 IntelIde - ok
16:02:40.0937 2636 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:02:41.0062 2636 intelppm - ok
16:02:41.0093 2636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:02:41.0203 2636 Ip6Fw - ok
16:02:41.0234 2636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:02:41.0359 2636 IpFilterDriver - ok
16:02:41.0375 2636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:02:41.0500 2636 IpInIp - ok
16:02:41.0531 2636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:02:41.0671 2636 IpNat - ok
16:02:41.0703 2636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:02:41.0828 2636 IPSec - ok
16:02:41.0859 2636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:02:41.0984 2636 IRENUM - ok
16:02:42.0015 2636 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:02:42.0156 2636 isapnp - ok
16:02:42.0187 2636 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:02:42.0312 2636 Kbdclass - ok
16:02:42.0343 2636 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:02:42.0484 2636 kbdhid - ok
16:02:42.0500 2636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:02:42.0640 2636 kmixer - ok
16:02:42.0656 2636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:02:42.0703 2636 KSecDD - ok
16:02:42.0734 2636 lbrtfdc - ok
16:02:42.0765 2636 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
16:02:42.0781 2636 MagicTune ( UnsignedFile.Multi.Generic ) - warning
16:02:42.0781 2636 MagicTune - detected UnsignedFile.Multi.Generic (1)
16:02:42.0812 2636 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:02:42.0828 2636 MBAMProtector - ok
16:02:42.0875 2636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:02:43.0015 2636 mnmdd - ok
16:02:43.0046 2636 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:02:43.0187 2636 Modem - ok
16:02:43.0203 2636 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:02:43.0328 2636 Mouclass - ok
16:02:43.0359 2636 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:02:43.0500 2636 mouhid - ok
16:02:43.0515 2636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:02:43.0656 2636 MountMgr - ok
16:02:43.0656 2636 mraid35x - ok
16:02:43.0671 2636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:02:43.0843 2636 MRxDAV - ok
16:02:43.0890 2636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:02:43.0984 2636 MRxSmb - ok
16:02:44.0015 2636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:02:44.0156 2636 Msfs - ok
16:02:44.0187 2636 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
16:02:44.0203 2636 MSHUSBVideo - ok
16:02:44.0218 2636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:02:44.0359 2636 MSKSSRV - ok
16:02:44.0375 2636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:02:44.0500 2636 MSPCLOCK - ok
16:02:44.0515 2636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:02:44.0640 2636 MSPQM - ok
16:02:44.0671 2636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:02:44.0828 2636 mssmbios - ok
16:02:44.0843 2636 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:02:44.0984 2636 MSTEE - ok
16:02:45.0000 2636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:02:45.0031 2636 Mup - ok
16:02:45.0062 2636 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:02:45.0203 2636 NABTSFEC - ok
16:02:45.0234 2636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:02:45.0375 2636 NDIS - ok
16:02:45.0390 2636 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:02:45.0531 2636 NdisIP - ok
16:02:45.0578 2636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:02:45.0656 2636 NdisTapi - ok
16:02:45.0671 2636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:02:45.0812 2636 Ndisuio - ok
16:02:45.0828 2636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:02:45.0968 2636 NdisWan - ok
16:02:46.0000 2636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:02:46.0031 2636 NDProxy - ok
16:02:46.0062 2636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:02:46.0203 2636 NetBIOS - ok
16:02:46.0234 2636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:02:46.0375 2636 NetBT - ok
16:02:46.0406 2636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:02:46.0515 2636 NIC1394 - ok
16:02:46.0531 2636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:02:46.0656 2636 Npfs - ok
16:02:46.0687 2636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:02:46.0875 2636 Ntfs - ok
16:02:46.0921 2636 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
16:02:46.0937 2636 NTSIM ( UnsignedFile.Multi.Generic ) - warning
16:02:46.0937 2636 NTSIM - detected UnsignedFile.Multi.Generic (1)
16:02:46.0968 2636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:02:47.0109 2636 Null - ok
16:02:47.0125 2636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:02:47.0265 2636 NwlnkFlt - ok
16:02:47.0281 2636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:02:47.0437 2636 NwlnkFwd - ok
16:02:47.0453 2636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:02:47.0593 2636 ohci1394 - ok
16:02:47.0625 2636 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:02:47.0765 2636 Parport - ok
16:02:47.0781 2636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:02:47.0921 2636 PartMgr - ok
16:02:47.0937 2636 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:02:48.0078 2636 ParVdm - ok
16:02:48.0093 2636 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:02:48.0218 2636 PCI - ok
16:02:48.0234 2636 PCIDump - ok
16:02:48.0265 2636 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
16:02:48.0406 2636 PCIIde - ok
16:02:48.0421 2636 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:02:48.0562 2636 Pcmcia - ok
16:02:48.0578 2636 PDCOMP - ok
16:02:48.0593 2636 PDFRAME - ok
16:02:48.0609 2636 PDRELI - ok
16:02:48.0625 2636 PDRFRAME - ok
16:02:48.0640 2636 perc2 - ok
16:02:48.0640 2636 perc2hib - ok
16:02:48.0703 2636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:02:48.0843 2636 PptpMiniport - ok
16:02:48.0859 2636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:02:49.0015 2636 PSched - ok
16:02:49.0015 2636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:02:49.0156 2636 Ptilink - ok
16:02:49.0171 2636 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:02:49.0187 2636 PxHelp20 - ok
16:02:49.0203 2636 ql1080 - ok
16:02:49.0218 2636 Ql10wnt - ok
16:02:49.0218 2636 ql12160 - ok
16:02:49.0234 2636 ql1240 - ok
16:02:49.0250 2636 ql1280 - ok
16:02:49.0265 2636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:02:49.0390 2636 RasAcd - ok
16:02:49.0421 2636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:02:49.0546 2636 Rasl2tp - ok
16:02:49.0562 2636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:02:49.0718 2636 RasPppoe - ok
16:02:49.0734 2636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:02:49.0875 2636 Raspti - ok
16:02:49.0890 2636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:02:50.0031 2636 Rdbss - ok
16:02:50.0046 2636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:02:50.0187 2636 RDPCDD - ok
16:02:50.0218 2636 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:02:50.0281 2636 RDPWD - ok
16:02:50.0328 2636 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:02:50.0453 2636 redbook - ok
16:02:50.0484 2636 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:02:50.0625 2636 ROOTMODEM - ok
16:02:50.0671 2636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:02:50.0812 2636 Secdrv - ok
16:02:50.0843 2636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:02:51.0000 2636 serenum - ok
16:02:51.0015 2636 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
16:02:51.0171 2636 Serial - ok
16:02:51.0203 2636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:02:51.0343 2636 Sfloppy - ok
16:02:51.0359 2636 Simbad - ok
16:02:51.0390 2636 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:02:51.0515 2636 SLIP - ok
16:02:51.0531 2636 Sparrow - ok
16:02:51.0562 2636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:02:51.0734 2636 splitter - ok
16:02:51.0750 2636 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:02:51.0875 2636 sr - ok
16:02:51.0937 2636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:02:52.0015 2636 Srv - ok
16:02:52.0062 2636 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:02:52.0078 2636 ssmdrv - ok
16:02:52.0140 2636 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:02:52.0281 2636 streamip - ok
16:02:52.0312 2636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:02:52.0437 2636 swenum - ok
16:02:52.0500 2636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:02:52.0640 2636 swmidi - ok
16:02:52.0718 2636 sxuptp (c8a43978dadcf12b7e40a0577227dfbc) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
16:02:52.0765 2636 sxuptp - ok
16:02:52.0781 2636 symc810 - ok
16:02:52.0812 2636 symc8xx - ok
16:02:52.0828 2636 sym_hi - ok
16:02:52.0859 2636 sym_u3 - ok
16:02:52.0906 2636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:02:53.0031 2636 sysaudio - ok
16:02:53.0140 2636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:02:53.0312 2636 Tcpip - ok
16:02:53.0421 2636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:02:53.0578 2636 TDPIPE - ok
16:02:53.0640 2636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:02:53.0828 2636 TDTCP - ok
16:02:53.0875 2636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:02:54.0031 2636 TermDD - ok
16:02:54.0062 2636 TosIde - ok
16:02:54.0234 2636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:02:54.0406 2636 Udfs - ok
16:02:54.0593 2636 ultra - ok
16:02:54.0703 2636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:02:54.0968 2636 Update - ok
16:02:55.0031 2636 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:02:55.0203 2636 usbaudio - ok
16:02:55.0250 2636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:02:55.0375 2636 usbccgp - ok
16:02:55.0437 2636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:02:55.0578 2636 usbehci - ok
16:02:55.0625 2636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:02:55.0781 2636 usbhub - ok
16:02:55.0796 2636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:02:55.0968 2636 usbprint - ok
16:02:56.0031 2636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:02:56.0187 2636 usbscan - ok
16:02:56.0203 2636 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:02:56.0359 2636 usbstor - ok
16:02:56.0390 2636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:02:56.0531 2636 usbuhci - ok
16:02:56.0578 2636 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:02:56.0734 2636 usbvideo - ok
16:02:56.0765 2636 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
16:02:56.0859 2636 VComm ( UnsignedFile.Multi.Generic ) - warning
16:02:56.0859 2636 VComm - detected UnsignedFile.Multi.Generic (1)
16:02:57.0125 2636 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
16:02:57.0343 2636 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
16:02:57.0343 2636 VcommMgr - detected UnsignedFile.Multi.Generic (1)
16:02:57.0578 2636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:02:58.0734 2636 VgaSave - ok
16:02:58.0781 2636 ViaIde - ok
16:02:58.0828 2636 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:02:58.0968 2636 VolSnap - ok
16:02:59.0000 2636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:02:59.0125 2636 Wanarp - ok
16:02:59.0140 2636 wbscr (67014473f902f3023f892c3a0950958a) C:\WINDOWS\system32\drivers\wbscr.sys
16:02:59.0187 2636 wbscr - ok
16:02:59.0187 2636 WDICA - ok
16:02:59.0218 2636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:02:59.0328 2636 wdmaud - ok
16:02:59.0390 2636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:02:59.0484 2636 WpdUsb - ok
16:02:59.0515 2636 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:02:59.0656 2636 WSTCODEC - ok
16:02:59.0671 2636 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:02:59.0734 2636 WudfPf - ok
16:02:59.0750 2636 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:02:59.0796 2636 WudfRd - ok
16:02:59.0828 2636 XUIF (93692d6b2fcbb63f517642048f5295fb) C:\WINDOWS\system32\Drivers\x10ufx2.sys
16:02:59.0859 2636 XUIF - ok
16:02:59.0875 2636 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:03:00.0093 2636 \Device\Harddisk0\DR0 - ok
16:03:00.0109 2636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:03:00.0203 2636 \Device\Harddisk1\DR1 - ok
16:03:00.0203 2636 Boot (0x1200) (781f4691f59ec41a892b2ffdfea62242) \Device\Harddisk0\DR0\Partition0
16:03:00.0203 2636 \Device\Harddisk0\DR0\Partition0 - ok
16:03:00.0218 2636 Boot (0x1200) (87a6b203482080c2cc02d6ad51763528) \Device\Harddisk0\DR0\Partition1
16:03:00.0218 2636 \Device\Harddisk0\DR0\Partition1 - ok
16:03:00.0234 2636 Boot (0x1200) (4f2d2bc4c6c6e20cb7a67e4108f5497b) \Device\Harddisk0\DR0\Partition2
16:03:00.0234 2636 \Device\Harddisk0\DR0\Partition2 - ok
16:03:00.0250 2636 Boot (0x1200) (8b2343d0c054973e47439cf958f3eec8) \Device\Harddisk1\DR1\Partition0
16:03:00.0250 2636 \Device\Harddisk1\DR1\Partition0 - ok
16:03:00.0250 2636 ============================================================
16:03:00.0250 2636 Scan finished
16:03:00.0250 2636 ============================================================
16:03:00.0359 2620 Detected object count: 10
16:03:00.0359 2620 Actual detected object count: 10
16:03:07.0968 2620 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0968 2620 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 BT ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 CardReaderFilter ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 CardReaderFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:07.0984 2620 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:07.0984 2620 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:08.0000 2620 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:08.0000 2620 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:08.0000 2620 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:08.0000 2620 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:08.0000 2620 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:08.0000 2620 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:10.0281 3792 Deinitialize success
|
|
09.02.2012, 16:26
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2012, 17:27
| #23 |
| | Windowssystem blockiert. OTLogfiles hochgeladen. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-02-09.04 - Vu 09.02.2012 17:14:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.418 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Vu\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Vu\LOKALE~1\Temp\1.tmp\F_IN_BOX.dll
c:\dokumente und einstellungen\Vu\Lokale Einstellungen\Temp\1.tmp\F_IN_BOX.dll
c:\dokumente und einstellungen\Vu\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pthreadVC.dll
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-09 bis 2012-02-09 ))))))))))))))))))))))))))))))
.
.
2012-02-09 14:59 . 2012-02-09 14:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 19:15 . 2012-02-07 19:15 -------- d-----w- C:\_OTL
2012-02-06 19:38 . 2012-02-06 19:38 -------- d-----w- c:\programme\ESET
2012-02-05 23:16 . 2012-02-05 23:16 -------- d-----w- c:\dokumente und einstellungen\lju\Anwendungsdaten\Malwarebytes
2012-02-05 17:04 . 2012-02-05 17:04 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-02-03 02:03 . 2012-02-03 02:03 -------- d-----w- c:\dokumente und einstellungen\lju\Lokale Einstellungen\Anwendungsdaten\Identities
2012-01-29 15:17 . 2012-01-29 15:17 -------- d-----w- c:\dokumente und einstellungen\lju\Anwendungsdaten\OpenOffice.org
2012-01-15 19:00 . 2012-01-15 19:00 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-01-15 19:00 . 2012-01-15 19:00 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 15:01 . 2010-07-17 01:14 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2011-12-10 14:24 . 2010-07-17 17:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2004-07-20 90112]
"Keyboard Status"="c:\progra~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"InstaLAN"="c:\programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LifeCam"="c:\programme\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-7-17 1048576]
Erinnerungen für Microsoft Works-Kalender.lnk - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.07.2010 02:21 108289]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [01.09.2010 21:25 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [01.09.2010 21:25 49152]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [17.07.2010 18:45 652360]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [27.01.2005 07:37 1272000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.07.2010 18:45 20464]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [01.09.2010 21:25 246936]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [17.07.2010 02:16 19928]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.08.2010 17:13 135664]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [17.07.2010 02:14 17408]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.08.2010 17:13 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [09.05.2011 21:22 30576]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-09 16:13]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-09 16:13]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\dokumente und einstellungen\Vu\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Vu\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\dokumente und einstellungen\Vu\Anwendungsdaten\Mozilla\Firefox\Profiles\af56n218.default\
FF - prefs.js: browser.startup.homepage - www.worldstarhiphop.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Stealthy: stealthyextension@gmail.com - %profile%\extensions\stealthyextension@gmail.com
FF - Ext: Grooveshark Unlocker: groovesharkUnlocker@overlord1337 - %profile%\extensions\groovesharkUnlocker@overlord1337
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Adobe PhotoDeluxe Home Edition 4.0 - c:\windows\IsUn0407.exe
AddRemove-fahrschule-weichert.de - c:\windows\unin0407.exe
AddRemove-KeyStat - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-09 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JD-00HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581804 (+237): user != kernel
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(516)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Borland\InterBase\bin\ibguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft LifeCam\MSCamS32.exe
c:\windows\Dit.exe
c:\windows\AGRSMMSG.exe
c:\programme\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDll32.exe
c:\programme\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\programme\Belkin\Router Setup and Monitor\qosPlugin.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09 17:26:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-09 16:26
.
Vor Suchlauf: 7 Verzeichnis(se), 12.832.870.400 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 12.986.540.032 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CF4494A997DE24013B029F405FBA3F2F
|
|
09.02.2012, 20:54
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2012, 23:04
| #25 |
| | Windowssystem blockiert. OTLogfiles hochgeladen. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-02-09.04 - Vu 09.02.2012 22:27:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.417 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Vu\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Vu\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Vu\LOKALE~1\Temp\1.tmp\F_IN_BOX.dll
c:\dokumente und einstellungen\Vu\Lokale Einstellungen\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-09 bis 2012-02-09 ))))))))))))))))))))))))))))))
.
.
2012-02-09 14:59 . 2012-02-09 14:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 19:15 . 2012-02-07 19:15 -------- d-----w- C:\_OTL
2012-02-06 19:38 . 2012-02-06 19:38 -------- d-----w- c:\programme\ESET
2012-02-05 23:16 . 2012-02-05 23:16 -------- d-----w- c:\dokumente und einstellungen\lju\Anwendungsdaten\Malwarebytes
2012-02-05 17:04 . 2012-02-05 17:04 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-02-03 02:03 . 2012-02-03 02:03 -------- d-----w- c:\dokumente und einstellungen\lju\Lokale Einstellungen\Anwendungsdaten\Identities
2012-01-29 15:17 . 2012-01-29 15:17 -------- d-----w- c:\dokumente und einstellungen\lju\Anwendungsdaten\OpenOffice.org
2012-01-15 19:00 . 2012-01-15 19:00 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-01-15 19:00 . 2012-01-15 19:00 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 21:59 . 2010-07-17 01:14 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2011-12-10 14:24 . 2010-07-17 17:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_16.21.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 21:35 . 2012-02-09 21:35 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2004-07-20 90112]
"Keyboard Status"="c:\progra~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"InstaLAN"="c:\programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"LifeCam"="c:\programme\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-7-17 1048576]
Erinnerungen für Microsoft Works-Kalender.lnk - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.07.2010 02:21 108289]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [01.09.2010 21:25 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [01.09.2010 21:25 49152]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [17.07.2010 18:45 652360]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [27.01.2005 07:37 1272000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.07.2010 18:45 20464]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [01.09.2010 21:25 246936]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [17.07.2010 02:16 19928]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.08.2010 17:13 135664]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [17.07.2010 02:14 17408]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.08.2010 17:13 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [09.05.2011 21:22 30576]
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-09 16:13]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-09 16:13]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\dokumente und einstellungen\Vu\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Vu\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\dokumente und einstellungen\Vu\Anwendungsdaten\Mozilla\Firefox\Profiles\af56n218.default\
FF - prefs.js: browser.startup.homepage - www.worldstarhiphop.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Stealthy: stealthyextension@gmail.com - %profile%\extensions\stealthyextension@gmail.com
FF - Ext: Grooveshark Unlocker: groovesharkUnlocker@overlord1337 - %profile%\extensions\groovesharkUnlocker@overlord1337
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-09 22:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JD-00HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581804 (+237): user != kernel
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(412)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Borland\InterBase\bin\ibguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft LifeCam\MSCamS32.exe
c:\programme\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Dit.exe
c:\windows\AGRSMMSG.exe
c:\programme\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\programme\Belkin\Router Setup and Monitor\qosPlugin.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09 23:03:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-09 22:03
ComboFix2.txt 2012-02-09 16:26
.
Vor Suchlauf: 7 Verzeichnis(se), 12.939.931.648 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 12.925.734.912 Bytes frei
.
- - End Of File - - 29EA8CF9DC9A3061C9AC1E66FFB807C6
|
|
10.02.2012, 12:13
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 22:05
| #27 |
| | Windowssystem blockiert. OTLogfiles hochgeladen. [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-12 22:03:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-00HBB0 rev.08.02D08
Running: d9i31ps5.exe; Driver: C:\DOKUME~1\Vu\LOKALE~1\Temp\kwwyrfog.sys
---- System - GMER 1.0.15 ----
SSDT F7C810CE ZwCreateKey
SSDT F7C810C4 ZwCreateThread
SSDT F7C810D3 ZwDeleteKey
SSDT F7C810DD ZwDeleteValueKey
SSDT F7C810E2 ZwLoadKey
SSDT F7C810B0 ZwOpenProcess
SSDT F7C810B5 ZwOpenThread
SSDT F7C810EC ZwReplaceKey
SSDT F7C810E7 ZwRestoreKey
SSDT F7C810D8 ZwSetValueKey
SSDT F7C810BF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
12.02.2012, 22:10
| #28 |
| | Windowssystem blockiert. OTLogfiles hochgeladen.Code:
ATTFilter OSAM Logfile: |
|
12.02.2012, 22:26
| #29 |
| | Windowssystem blockiert. OTLogfiles hochgeladen.Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 22:12:02
-----------------------------
22:12:02.140 OS Version: Windows 5.1.2600 Service Pack 3
22:12:02.140 Number of processors: 2 586 0x403
22:12:02.140 ComputerName: NGUYEN-11C66DE0 UserName: Vu
22:12:02.656 Initialize success
22:14:02.109 AVAST engine defs: 12021201
22:14:51.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
22:14:51.359 Disk 0 Vendor: WDC_WD1600JD-00HBB0 08.02D08 Size: 152627MB BusType: 3
22:14:51.359 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
22:14:51.359 Disk 1 Vendor: WDC_WD1600JD-00HBB0 08.02D08 Size: 152627MB BusType: 3
22:14:51.468 Disk 0 MBR read successfully
22:14:51.468 Disk 0 MBR scan
22:14:51.906 Disk 0 Windows XP default MBR code
22:14:51.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 77006 MB offset 63
22:14:52.015 Disk 0 Partition - 00 0F Extended LBA 75618 MB offset 157710105
22:14:52.062 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 68621 MB offset 157710168
22:14:52.078 Disk 0 Partition - 00 05 Extended 6997 MB offset 298246725
22:14:52.109 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 6997 MB offset 298246788
22:14:52.187 Disk 0 scanning sectors +312576705
22:14:52.375 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:30.718 Service scanning
22:15:31.609 Modules scanning
22:15:56.203 Disk 0 trace - called modules:
22:15:56.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:15:56.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86754ab8]
22:15:56.218 3 CLASSPNP.SYS[f763bfd7] -> nt!IofCallDriver -> \Device\0000007e[0x8674e030]
22:15:56.218 5 ACPI.sys[f74b1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86749d98]
22:15:56.562 AVAST engine scan C:\WINDOWS
22:16:36.906 AVAST engine scan C:\WINDOWS\system32
22:20:45.265 AVAST engine scan C:\WINDOWS\system32\drivers
22:20:59.125 AVAST engine scan C:\Dokumente und Einstellungen\Vu
22:24:33.250 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:25:45.437 Scan finished successfully
22:26:23.125 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Vu\Desktop\MBR.dat"
22:26:23.140 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Vu\Desktop\aswMBR.txt"
|
|
13.02.2012, 11:26
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowssystem blockiert. OTLogfiles hochgeladen. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windowssystem blockiert. OTLogfiles hochgeladen. |
| anhang, logfiles, markusg, problem, windowssystem |
Linear-Darstellung
