Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit)

Bundeshase · 21.03.2012, 17:20

Hi Arne,

ich benutze Windows XP 64bit, weil das hier eine professionelle Workstation ist - mein Musikstudio läuft auf dem Rechner hier. Ist für die Programme mit denen ich arbeite einfach die ressourcenschonenste und stabilste Art zu arbeiten...aber halt auch sehr anfällig

. Wegen IE6...puh, den benutz ich ja nie, da hab ich ihn auch nie geupdated...

Vielen vielen Dank erstmal!! Ich finde das Engagement auf dieser Seite hier einfach grandios. Das System läuft nach Ausführen des Fixes nochmal um einiges schneller. Hier der Log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ .
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceMixTray deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceTray deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF moved successfully.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr moved successfully.
C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 250728851 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 473570 bytes
->Google Chrome cache emptied: 134263687 bytes
->Flash cache emptied: 3084855 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168024 bytes
%systemroot%\System32 .tmp files removed: 4265 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176027 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 97500617 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 466,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.1 log created on 03212012_171321

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 22.03.2012, 11:25

WindowsXP x64 ist nicht gerade verbreitet. Zudem sollten alle Ansprüche mit dem wesentlich besser unterstütztem Vista oder 7 x64 auch abgedeckt werden aber nun gut...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bundeshase · 22.03.2012, 11:41

Hi Arne,

hier der TDSS-Log (uguru, fireface und nvnusbaudio sind von mir bekannte und verwendete Programme/Treiber, bei dem vierten bin ich mir aber nicht sicher):

Code:

ATTFilter

11:39:40.0687 3188	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:39:41.0125 3188	============================================================
11:39:41.0125 3188	Current date / time: 2012/03/22 11:39:41.0125
11:39:41.0125 3188	SystemInfo:
11:39:41.0125 3188	
11:39:41.0125 3188	OS Version: 5.2.3790 ServicePack: 2.0
11:39:41.0125 3188	Product type: Workstation
11:39:41.0125 3188	ComputerName: GREGSEN
11:39:41.0125 3188	UserName: Administrator
11:39:41.0125 3188	Windows directory: C:\WINDOWS
11:39:41.0125 3188	System windows directory: C:\WINDOWS
11:39:41.0125 3188	Running under WOW64
11:39:41.0125 3188	Processor architecture: Intel x64
11:39:41.0125 3188	Number of processors: 4
11:39:41.0125 3188	Page size: 0x1000
11:39:41.0125 3188	Boot type: Normal boot
11:39:41.0125 3188	============================================================
11:39:42.0265 3188	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0296 3188	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0312 3188	Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0312 3188	Drive \Device\Harddisk3\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:42.0312 3188	\Device\Harddisk0\DR0:
11:39:42.0312 3188	MBR used
11:39:42.0312 3188	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:39:42.0312 3188	\Device\Harddisk1\DR1:
11:39:42.0312 3188	MBR used
11:39:42.0312 3188	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:39:42.0312 3188	\Device\Harddisk2\DR2:
11:39:42.0312 3188	MBR used
11:39:42.0312 3188	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:39:42.0312 3188	\Device\Harddisk3\DR6:
11:39:42.0312 3188	MBR used
11:39:42.0312 3188	\Device\Harddisk3\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:39:42.0687 3188	Initialize success
11:39:42.0687 3188	============================================================
11:40:09.0765 1800	============================================================
11:40:09.0765 1800	Scan started
11:40:09.0765 1800	Mode: Manual; SigCheck; TDLFS; 
11:40:09.0765 1800	============================================================
11:40:10.0125 1800	Abiosdsk - ok
11:40:10.0171 1800	ACPI            (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:40:10.0828 1800	ACPI - ok
11:40:10.0906 1800	ACPIEC          (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:40:10.0984 1800	ACPIEC - ok
11:40:11.0000 1800	adpu160m - ok
11:40:11.0000 1800	adpu320 - ok
11:40:11.0062 1800	aec             (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
11:40:11.0109 1800	aec - ok
11:40:11.0156 1800	AeLookupSvc     (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
11:40:11.0203 1800	AeLookupSvc - ok
11:40:11.0265 1800	AFD             (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
11:40:11.0281 1800	AFD - ok
11:40:11.0281 1800	aic78u2 - ok
11:40:11.0281 1800	aic78xx - ok
11:40:11.0296 1800	Alerter         (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
11:40:11.0328 1800	Alerter - ok
11:40:11.0343 1800	ALG             (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
11:40:11.0375 1800	ALG - ok
11:40:11.0390 1800	AliIde - ok
11:40:11.0406 1800	AmdIde - ok
11:40:11.0421 1800	AppMgmt         (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
11:40:11.0453 1800	AppMgmt - ok
11:40:11.0453 1800	arc - ok
11:40:11.0500 1800	Arp1394         (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:40:11.0531 1800	Arp1394 - ok
11:40:11.0656 1800	aspnet_state    (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
11:40:11.0671 1800	aspnet_state - ok
11:40:11.0687 1800	AsyncMac        (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:40:11.0750 1800	AsyncMac - ok
11:40:11.0796 1800	atapi           (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:40:11.0828 1800	atapi - ok
11:40:11.0843 1800	Atdisk - ok
11:40:11.0859 1800	Atmarpc         (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:40:11.0890 1800	Atmarpc - ok
11:40:11.0937 1800	AudioSrv        (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
11:40:11.0968 1800	AudioSrv - ok
11:40:12.0015 1800	audstub         (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:40:12.0046 1800	audstub - ok
11:40:12.0187 1800	AVP             (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
11:40:12.0187 1800	AVP - ok
11:40:12.0234 1800	Beep            (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
11:40:12.0296 1800	Beep - ok
11:40:12.0343 1800	BITS            (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
11:40:12.0468 1800	BITS - ok
11:40:12.0515 1800	Browser         (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
11:40:12.0562 1800	Browser - ok
11:40:12.0562 1800	BTCFilterService - ok
11:40:12.0609 1800	CdaC15BA        (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
11:40:12.0671 1800	CdaC15BA - ok
11:40:12.0671 1800	CdaD10BA        (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
11:40:12.0703 1800	CdaD10BA - ok
11:40:12.0750 1800	Cdfs            (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
11:40:12.0796 1800	Cdfs - ok
11:40:12.0843 1800	Cdrom           (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:40:12.0906 1800	Cdrom - ok
11:40:12.0906 1800	Changer - ok
11:40:12.0921 1800	CiSvc           (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
11:40:12.0968 1800	CiSvc - ok
11:40:12.0984 1800	ClipSrv         (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
11:40:13.0015 1800	ClipSrv - ok
11:40:13.0093 1800	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:40:13.0093 1800	clr_optimization_v2.0.50727_32 - ok
11:40:13.0156 1800	clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:40:13.0171 1800	clr_optimization_v2.0.50727_64 - ok
11:40:13.0171 1800	CmdIde - ok
11:40:13.0187 1800	COMSysApp - ok
11:40:13.0187 1800	crcdisk         (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
11:40:13.0234 1800	crcdisk - ok
11:40:13.0265 1800	CryptSvc        (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
11:40:13.0359 1800	CryptSvc - ok
11:40:13.0390 1800	DcomLaunch      (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:40:13.0468 1800	DcomLaunch - ok
11:40:13.0546 1800	Dhcp            (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
11:40:13.0593 1800	Dhcp - ok
11:40:13.0640 1800	Disk            (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
11:40:13.0687 1800	Disk - ok
11:40:13.0687 1800	dmadmin - ok
11:40:13.0734 1800	dmboot          (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
11:40:13.0796 1800	dmboot - ok
11:40:13.0796 1800	dmio            (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
11:40:13.0843 1800	dmio - ok
11:40:13.0843 1800	dmload          (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
11:40:13.0906 1800	dmload - ok
11:40:13.0921 1800	dmserver        (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
11:40:13.0953 1800	dmserver - ok
11:40:14.0000 1800	Dnscache        (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
11:40:14.0031 1800	Dnscache - ok
11:40:14.0031 1800	dpti2o - ok
11:40:14.0046 1800	ERSvc           (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
11:40:14.0093 1800	ERSvc - ok
11:40:14.0156 1800	Eventlog        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:40:14.0171 1800	Eventlog - ok
11:40:14.0218 1800	EventSystem     (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
11:40:14.0234 1800	EventSystem - ok
11:40:14.0296 1800	Fastfat         (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
11:40:14.0343 1800	Fastfat - ok
11:40:14.0390 1800	Fdc             (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:40:14.0437 1800	Fdc - ok
11:40:14.0468 1800	Fips            (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
11:40:14.0500 1800	Fips - ok
11:40:14.0546 1800	fireface        (37b768e10a86f7c26f5d144b87e5170c) C:\WINDOWS\system32\drivers\fireface_64.sys
11:40:14.0546 1800	fireface ( UnsignedFile.Multi.Generic ) - warning
11:40:14.0546 1800	fireface - detected UnsignedFile.Multi.Generic (1)
11:40:14.0562 1800	Flpydisk        (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:40:14.0609 1800	Flpydisk - ok
11:40:14.0640 1800	FltMgr          (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:40:14.0671 1800	FltMgr - ok
11:40:14.0843 1800	FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
11:40:14.0843 1800	FontCache3.0.0.0 - ok
11:40:14.0875 1800	Fs_Rec          (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:40:14.0921 1800	Fs_Rec - ok
11:40:14.0937 1800	Ftdisk          (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:40:15.0000 1800	Ftdisk - ok
11:40:15.0015 1800	Gpc             (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:40:15.0046 1800	Gpc - ok
11:40:15.0156 1800	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:40:15.0171 1800	gupdate - ok
11:40:15.0218 1800	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:40:15.0234 1800	gupdatem - ok
11:40:15.0265 1800	hamachi - ok
11:40:15.0265 1800	Hamachi2Svc - ok
11:40:15.0312 1800	HDAudBus        (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:40:15.0343 1800	HDAudBus - ok
11:40:15.0406 1800	helpsvc         (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:40:15.0453 1800	helpsvc - ok
11:40:15.0484 1800	HidServ         (9648ad494be12b39acc2db638e2340a0) C:\WINDOWS\System32\hidserv.dll
11:40:15.0531 1800	HidServ - ok
11:40:15.0578 1800	hidusb          (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:40:15.0609 1800	hidusb - ok
11:40:15.0656 1800	HTTP            (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
11:40:15.0687 1800	HTTP - ok
11:40:15.0718 1800	HTTPFilter      (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
11:40:15.0765 1800	HTTPFilter - ok
11:40:15.0765 1800	i2omgmt - ok
11:40:15.0828 1800	i8042prt        (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:40:15.0859 1800	i8042prt - ok
11:40:15.0906 1800	IASJet - ok
11:40:16.0046 1800	idsvc           (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:40:16.0093 1800	idsvc - ok
11:40:16.0093 1800	iirsp - ok
11:40:16.0125 1800	imapi           (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:40:16.0187 1800	imapi - ok
11:40:16.0234 1800	ImapiService    (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
11:40:16.0296 1800	ImapiService - ok
11:40:16.0500 1800	IntcAzAudAddService (fc000101e3d3aef951a57e8d32f0aed9) C:\WINDOWS\system32\drivers\RTKHDA64.SYS
11:40:16.0937 1800	IntcAzAudAddService - ok
11:40:16.0984 1800	IntelIde - ok
11:40:17.0031 1800	intelppm        (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:40:17.0078 1800	intelppm - ok
11:40:17.0109 1800	Ip6Fw           (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:40:17.0171 1800	Ip6Fw - ok
11:40:17.0187 1800	IpFilterDriver  (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:40:17.0250 1800	IpFilterDriver - ok
11:40:17.0250 1800	IpInIp - ok
11:40:17.0265 1800	IpNat           (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:40:17.0328 1800	IpNat - ok
11:40:17.0375 1800	IPSec           (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:40:17.0500 1800	IPSec - ok
11:40:17.0531 1800	IRENUM          (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:40:17.0578 1800	IRENUM - ok
11:40:17.0625 1800	isapnp          (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:40:17.0671 1800	isapnp - ok
11:40:17.0781 1800	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files (x86)\Java\jre6\bin\jqs.exe
11:40:17.0796 1800	JavaQuickStarterService - ok
11:40:17.0828 1800	JRAID           (50b9060d11c4c2aaebacb2263972eff2) C:\WINDOWS\system32\DRIVERS\jraid.sys
11:40:17.0875 1800	JRAID - ok
11:40:17.0906 1800	Kbdclass        (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:40:17.0953 1800	Kbdclass - ok
11:40:18.0015 1800	KL1             (e656fe10d6d27794afa08136685a69e8) C:\WINDOWS\system32\DRIVERS\kl1.sys
11:40:18.0031 1800	KL1 - ok
11:40:18.0046 1800	kl2             (d865dd8b0448e3f963d68c04c532858f) C:\WINDOWS\system32\DRIVERS\kl2.sys
11:40:18.0062 1800	kl2 - ok
11:40:18.0093 1800	KLIF            (b86a9608c9e07caf205d44d53182e5f5) C:\WINDOWS\system32\DRIVERS\klif.sys
11:40:18.0109 1800	KLIF - ok
11:40:18.0171 1800	klim5           (bc18d092961889f4b9eb095721edfbdd) C:\WINDOWS\system32\DRIVERS\klim5.sys
11:40:18.0171 1800	klim5 - ok
11:40:18.0203 1800	klmouflt        (f34f151ac2400b82c2a314dbe8684661) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
11:40:18.0218 1800	klmouflt - ok
11:40:18.0265 1800	kmixer          (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
11:40:18.0312 1800	kmixer - ok
11:40:18.0359 1800	KORGUMDS        (a96473f1c76bb29849cb947c6c350445) C:\WINDOWS\system32\Drivers\KORGUM64.SYS
11:40:18.0359 1800	KORGUMDS - ok
11:40:18.0406 1800	KSecDD          (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
11:40:18.0406 1800	KSecDD - ok
11:40:18.0468 1800	ksthunk         (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
11:40:18.0515 1800	ksthunk - ok
11:40:18.0531 1800	L8042Kbd        (3fb80db5ec01b6153572d27438fbea20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
11:40:18.0531 1800	L8042Kbd - ok
11:40:18.0562 1800	L8042mou        (d3693364aa9ac82fb0b78680bc7f423b) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
11:40:18.0562 1800	L8042mou - ok
11:40:18.0609 1800	lanmanserver    (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
11:40:18.0625 1800	lanmanserver - ok
11:40:18.0671 1800	lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
11:40:18.0703 1800	lanmanworkstation - ok
11:40:18.0703 1800	LBeepKE         (2c5f11ee4f699b9a5e464053c99bcd21) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:40:18.0718 1800	LBeepKE - ok
11:40:18.0781 1800	LBTServ         (3f98db70009e420c332f48891de39fba) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:40:18.0796 1800	LBTServ - ok
11:40:18.0828 1800	LHidFilt        (b45686101f9473b52d7a501c544dda5d) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:40:18.0843 1800	LHidFilt - ok
11:40:18.0890 1800	LmHosts         (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
11:40:18.0937 1800	LmHosts - ok
11:40:18.0953 1800	LMouFilt        (9980bb086248ca45772eff2559aa62d3) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:40:18.0968 1800	LMouFilt - ok
11:40:18.0984 1800	LMouKE          (0d9eb835d2be6545dca23bf9bbfd437e) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
11:40:18.0984 1800	LMouKE - ok
11:40:19.0015 1800	LUsbFilt        (a1eb1db073972c7ce252daa3456bbbe7) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:40:19.0031 1800	LUsbFilt - ok
11:40:19.0046 1800	Messenger       (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
11:40:19.0093 1800	Messenger - ok
11:40:19.0140 1800	mnmdd           (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
11:40:19.0187 1800	mnmdd - ok
11:40:19.0187 1800	mnmsrvc - ok
11:40:19.0234 1800	Modem           (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
11:40:19.0281 1800	Modem - ok
11:40:19.0312 1800	motccgp - ok
11:40:19.0328 1800	motccgpfl - ok
11:40:19.0328 1800	motmodem - ok
11:40:19.0328 1800	MotoSwitchService - ok
11:40:19.0343 1800	Motousbnet - ok
11:40:19.0343 1800	motusbdevice - ok
11:40:19.0406 1800	Mouclass        (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:40:19.0437 1800	Mouclass - ok
11:40:19.0468 1800	mouhid          (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:40:19.0515 1800	mouhid - ok
11:40:19.0562 1800	MountMgr        (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
11:40:19.0609 1800	MountMgr - ok
11:40:19.0625 1800	mraid35x - ok
11:40:19.0656 1800	MRxDAV          (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:40:19.0671 1800	MRxDAV - ok
11:40:19.0750 1800	MRxSmb          (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:40:19.0796 1800	MRxSmb - ok
11:40:19.0843 1800	MSDTC           (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
11:40:19.0859 1800	MSDTC - ok
11:40:19.0859 1800	Msfs            (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
11:40:19.0921 1800	Msfs - ok
11:40:19.0921 1800	MSIServer - ok
11:40:19.0953 1800	MSKSSRV         (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:40:20.0015 1800	MSKSSRV - ok
11:40:20.0046 1800	MSPCLOCK        (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:40:20.0078 1800	MSPCLOCK - ok
11:40:20.0093 1800	MSPQM           (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
11:40:20.0125 1800	MSPQM - ok
11:40:20.0171 1800	mssmbios        (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:40:20.0203 1800	mssmbios - ok
11:40:20.0250 1800	Mup             (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
11:40:20.0281 1800	Mup - ok
11:40:20.0312 1800	NDIS            (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
11:40:20.0375 1800	NDIS - ok
11:40:20.0421 1800	NdisTapi        (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:40:20.0437 1800	NdisTapi - ok
11:40:20.0484 1800	Ndisuio         (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:40:20.0531 1800	Ndisuio - ok
11:40:20.0531 1800	NdisWan         (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:40:20.0578 1800	NdisWan - ok
11:40:20.0625 1800	NDProxy         (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
11:40:20.0640 1800	NDProxy - ok
11:40:20.0656 1800	NetBIOS         (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:40:20.0703 1800	NetBIOS - ok
11:40:20.0718 1800	NetBT           (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:40:20.0781 1800	NetBT - ok
11:40:20.0812 1800	NetDDE          (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:40:20.0875 1800	NetDDE - ok
11:40:20.0906 1800	NetDDEdsdm      (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:40:20.0937 1800	NetDDEdsdm - ok
11:40:20.0968 1800	Netlogon        (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:21.0015 1800	Netlogon - ok
11:40:21.0031 1800	Netman          (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
11:40:21.0078 1800	Netman - ok
11:40:21.0218 1800	NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:40:21.0218 1800	NetTcpPortSharing - ok
11:40:21.0250 1800	NIC1394         (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:40:21.0296 1800	NIC1394 - ok
11:40:21.0359 1800	Nla             (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
11:40:21.0375 1800	Nla - ok
11:40:21.0421 1800	Npfs            (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
11:40:21.0484 1800	Npfs - ok
11:40:21.0531 1800	Ntfs            (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
11:40:21.0656 1800	Ntfs - ok
11:40:21.0687 1800	NtLmSsp         (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:21.0718 1800	NtLmSsp - ok
11:40:21.0750 1800	NtmsSvc         (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
11:40:21.0843 1800	NtmsSvc - ok
11:40:21.0890 1800	Null            (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
11:40:21.0937 1800	Null - ok
11:40:22.0187 1800	nv              (feab08c326e11a23ab6fe87b3ced56fd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:40:22.0859 1800	nv - ok
11:40:23.0062 1800	NvnUsbAudio     (3e63dec87b07659f1276c5dc01b5aa5a) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
11:40:23.0109 1800	NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
11:40:23.0109 1800	NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
11:40:23.0203 1800	NVSvc           (c8a613978f184b15ae0ff2903e7f0930) C:\WINDOWS\system32\nvsvc64.exe
11:40:23.0281 1800	NVSvc - ok
11:40:23.0312 1800	nvUpdatusService - ok
11:40:23.0593 1800	odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:40:23.0609 1800	odserv - ok
11:40:23.0671 1800	ohci1394        (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:40:23.0703 1800	ohci1394 - ok
11:40:23.0734 1800	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:40:23.0750 1800	ose - ok
11:40:23.0781 1800	Parport         (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
11:40:23.0843 1800	Parport - ok
11:40:23.0875 1800	PartMgr         (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
11:40:23.0937 1800	PartMgr - ok
11:40:23.0953 1800	PCI             (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
11:40:24.0015 1800	PCI - ok
11:40:24.0031 1800	PCIIde          (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:40:24.0062 1800	PCIIde - ok
11:40:24.0093 1800	Pcmcia          (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:40:24.0156 1800	Pcmcia - ok
11:40:24.0156 1800	PDCOMP - ok
11:40:24.0171 1800	PDFRAME - ok
11:40:24.0171 1800	PDRELI - ok
11:40:24.0171 1800	PDRFRAME - ok
11:40:24.0234 1800	PlugPlay        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:40:24.0234 1800	PlugPlay - ok
11:40:24.0250 1800	PnkBstrA - ok
11:40:24.0296 1800	PolicyAgent     (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:24.0328 1800	PolicyAgent - ok
11:40:24.0375 1800	PptpMiniport    (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:40:24.0421 1800	PptpMiniport - ok
11:40:24.0421 1800	PQNTDrv - ok
11:40:24.0437 1800	ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:24.0468 1800	ProtectedStorage - ok
11:40:24.0500 1800	PSched          (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
11:40:24.0531 1800	PSched - ok
11:40:24.0531 1800	Ptilink         (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:40:24.0578 1800	Ptilink - ok
11:40:24.0640 1800	PxHlpa64        (a6bf0a9b5a30d743623ca0d3be35df05) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
11:40:24.0640 1800	PxHlpa64 - ok
11:40:24.0656 1800	RasAcd          (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:40:24.0687 1800	RasAcd - ok
11:40:24.0734 1800	RasAuto         (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
11:40:24.0796 1800	RasAuto - ok
11:40:24.0843 1800	Rasl2tp         (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:40:24.0890 1800	Rasl2tp - ok
11:40:24.0921 1800	RasMan          (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
11:40:24.0968 1800	RasMan - ok
11:40:24.0968 1800	RasPppoe        (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:40:25.0015 1800	RasPppoe - ok
11:40:25.0015 1800	Raspti          (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:40:25.0062 1800	Raspti - ok
11:40:25.0109 1800	Rdbss           (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:40:25.0156 1800	Rdbss - ok
11:40:25.0171 1800	RDPCDD          (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:40:25.0218 1800	RDPCDD - ok
11:40:25.0265 1800	rdpdr           (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:40:25.0328 1800	rdpdr - ok
11:40:25.0390 1800	RDPWD           (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
11:40:25.0421 1800	RDPWD - ok
11:40:25.0437 1800	RDSessMgr       (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
11:40:25.0484 1800	RDSessMgr - ok
11:40:25.0531 1800	redbook         (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:40:25.0578 1800	redbook - ok
11:40:25.0609 1800	RemoteAccess    (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
11:40:25.0656 1800	RemoteAccess - ok
11:40:25.0718 1800	RemoteRegistry  (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
11:40:25.0781 1800	RemoteRegistry - ok
11:40:25.0812 1800	RpcLocator      (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
11:40:25.0843 1800	RpcLocator - ok
11:40:25.0890 1800	RpcSs           (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:40:25.0906 1800	RpcSs - ok
11:40:25.0968 1800	RTL8023x64      (548464910350423cc178c80bf9501c7a) C:\WINDOWS\system32\DRIVERS\Rtnic64.sys
11:40:26.0031 1800	RTL8023x64 - ok
11:40:26.0078 1800	SamSs           (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:26.0109 1800	SamSs - ok
11:40:26.0156 1800	SCardSvr        (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
11:40:26.0203 1800	SCardSvr - ok
11:40:26.0250 1800	Schedule        (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
11:40:26.0296 1800	Schedule - ok
11:40:26.0312 1800	SCR33x USB Smart Card Reader - ok
11:40:26.0359 1800	Secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:40:26.0375 1800	Secdrv - ok
11:40:26.0390 1800	seclogon        (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
11:40:26.0421 1800	seclogon - ok
11:40:26.0453 1800	SENS            (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
11:40:26.0500 1800	SENS - ok
11:40:26.0546 1800	Serial          (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys
11:40:26.0593 1800	Serial - ok
11:40:26.0625 1800	Sfloppy         (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:40:26.0656 1800	Sfloppy - ok
11:40:26.0703 1800	SharedAccess    (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
11:40:26.0796 1800	SharedAccess - ok
11:40:26.0828 1800	ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:40:26.0859 1800	ShellHWDetection - ok
11:40:26.0859 1800	Simbad - ok
11:40:26.0906 1800	splitter        (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
11:40:26.0937 1800	splitter - ok
11:40:26.0984 1800	Spooler         (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
11:40:27.0000 1800	Spooler - ok
11:40:27.0062 1800	sr              (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
11:40:27.0093 1800	sr - ok
11:40:27.0140 1800	srservice       (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll
11:40:27.0187 1800	srservice - ok
11:40:27.0234 1800	Srv             (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
11:40:27.0250 1800	Srv - ok
11:40:27.0265 1800	SSDPSRV         (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll
11:40:27.0296 1800	SSDPSRV - ok
11:40:27.0296 1800	STC2DFU - ok
11:40:27.0328 1800	stisvc          (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
11:40:27.0500 1800	stisvc - ok
11:40:27.0625 1800	swenum          (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:40:27.0656 1800	swenum - ok
11:40:27.0703 1800	swmidi          (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
11:40:27.0750 1800	swmidi - ok
11:40:27.0781 1800	swprv           (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll
11:40:27.0859 1800	swprv - ok
11:40:27.0875 1800	symc8xx - ok
11:40:27.0875 1800	symmpi - ok
11:40:27.0875 1800	sym_hi - ok
11:40:27.0890 1800	sym_u3 - ok
11:40:27.0953 1800	SynasUSB        (48156ccd87e8b2961d8d4ef4021f952f) C:\WINDOWS\syswow64\drivers\SynUSB64.sys
11:40:27.0984 1800	SynasUSB ( UnsignedFile.Multi.Generic ) - warning
11:40:27.0984 1800	SynasUSB - detected UnsignedFile.Multi.Generic (1)
11:40:28.0031 1800	sysaudio        (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
11:40:28.0078 1800	sysaudio - ok
11:40:28.0109 1800	SysmonLog       (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
11:40:28.0156 1800	SysmonLog - ok
11:40:28.0187 1800	TapiSrv         (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
11:40:28.0234 1800	TapiSrv - ok
11:40:28.0281 1800	Tcpip           (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:40:28.0343 1800	Tcpip - ok
11:40:28.0375 1800	TDPIPE          (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:40:28.0437 1800	TDPIPE - ok
11:40:28.0468 1800	TDTCP           (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
11:40:28.0515 1800	TDTCP - ok
11:40:28.0562 1800	TermDD          (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:40:28.0609 1800	TermDD - ok
11:40:28.0625 1800	TermService     (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
11:40:28.0687 1800	TermService - ok
11:40:28.0734 1800	Themes          (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:40:28.0750 1800	Themes - ok
11:40:28.0781 1800	TlntSvr         (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
11:40:28.0812 1800	TlntSvr - ok
11:40:28.0828 1800	TosIde - ok
11:40:28.0875 1800	TrkWks          (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
11:40:28.0921 1800	TrkWks - ok
11:40:28.0968 1800	TuneUp.Defrag   (4b858c3960076ce0c2bd154612be1ef8) C:\WINDOWS\System32\TuneUpDefragService.exe
11:40:28.0984 1800	TuneUp.Defrag - ok
11:40:29.0000 1800	Udfs            (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
11:40:29.0046 1800	Udfs - ok
11:40:29.0093 1800	UGURU           (580641196846b0f594f675c07faad2bc) C:\WINDOWS\system32\drivers\uGuru.sys
11:40:29.0109 1800	UGURU ( UnsignedFile.Multi.Generic ) - warning
11:40:29.0109 1800	UGURU - detected UnsignedFile.Multi.Generic (1)
11:40:29.0109 1800	ultra - ok
11:40:29.0140 1800	UMWdf           (c306cea0f1477240a5d9a7e61db2f3e1) C:\WINDOWS\system32\wdfmgr.exe
11:40:29.0171 1800	UMWdf - ok
11:40:29.0203 1800	Update          (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys
11:40:29.0218 1800	Update - ok
11:40:29.0265 1800	upnphost        (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll
11:40:29.0296 1800	upnphost - ok
11:40:29.0328 1800	UPS             (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
11:40:29.0375 1800	UPS - ok
11:40:29.0406 1800	usbaudio        (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
11:40:29.0437 1800	usbaudio - ok
11:40:29.0453 1800	usbccgp         (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:40:29.0500 1800	usbccgp - ok
11:40:29.0546 1800	USBCCID         (a83d36d8bdd4c15ff7792642dfde4bd3) C:\WINDOWS\system32\DRIVERS\usbccid.sys
11:40:29.0593 1800	USBCCID - ok
11:40:29.0640 1800	usbehci         (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:40:29.0703 1800	usbehci - ok
11:40:29.0734 1800	usbhub          (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:40:29.0781 1800	usbhub - ok
11:40:29.0812 1800	usbscan         (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:40:29.0843 1800	usbscan - ok
11:40:29.0875 1800	USBSTOR         (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:40:29.0906 1800	USBSTOR - ok
11:40:29.0921 1800	usbuhci         (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:40:29.0968 1800	usbuhci - ok
11:40:30.0000 1800	UxTuneUp        (7f760efb9bbc5f8ac223d35dcdc35098) C:\WINDOWS\System32\uxtuneup.dll
11:40:30.0015 1800	UxTuneUp - ok
11:40:30.0062 1800	vds             (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
11:40:30.0156 1800	vds - ok
11:40:30.0203 1800	vga             (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
11:40:30.0250 1800	vga - ok
11:40:30.0296 1800	VgaSave         (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
11:40:30.0328 1800	VgaSave - ok
11:40:30.0343 1800	ViaIde - ok
11:40:30.0390 1800	VolSnap         (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
11:40:30.0421 1800	VolSnap - ok
11:40:30.0484 1800	VSS             (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
11:40:30.0578 1800	VSS - ok
11:40:30.0640 1800	W32Time         (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
11:40:30.0687 1800	W32Time - ok
11:40:30.0750 1800	Wanarp          (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:40:30.0796 1800	Wanarp - ok
11:40:30.0843 1800	Wdf01000        (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:40:30.0890 1800	Wdf01000 - ok
11:40:30.0890 1800	WDICA - ok
11:40:30.0953 1800	wdmaud          (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
11:40:31.0000 1800	wdmaud - ok
11:40:31.0046 1800	WebClient       (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
11:40:31.0078 1800	WebClient - ok
11:40:31.0109 1800	WinHttpAutoProxySvc - ok
11:40:31.0156 1800	winmgmt         (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:40:31.0218 1800	winmgmt - ok
11:40:31.0328 1800	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:40:31.0609 1800	wlidsvc - ok
11:40:31.0859 1800	WmdmPmSN        (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\SysWOW64\mspmsnsv.dll
11:40:31.0921 1800	WmdmPmSN - ok
11:40:31.0984 1800	Wmi             (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll
11:40:32.0062 1800	Wmi - ok
11:40:32.0093 1800	WmiApSrv        (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:40:32.0156 1800	WmiApSrv - ok
11:40:32.0218 1800	WpdUsb          (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:40:32.0265 1800	WpdUsb - ok
11:40:32.0312 1800	wscsvc          (82960ce97c1898c28d7ae62ba6721d27) C:\WINDOWS\system32\wscsvc.dll
11:40:32.0343 1800	wscsvc - ok
11:40:32.0359 1800	wuauserv        (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
11:40:32.0406 1800	wuauserv - ok
11:40:32.0562 1800	WZCSVC          (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
11:40:32.0625 1800	WZCSVC - ok
11:40:32.0656 1800	xmlprov         (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
11:40:32.0718 1800	xmlprov - ok
11:40:32.0781 1800	xusb21          (9176c0822faa649e45121875be32f5d2) C:\WINDOWS\system32\DRIVERS\xusb21.sys
11:40:32.0781 1800	xusb21 - ok
11:40:32.0796 1800	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:40:33.0046 1800	\Device\Harddisk0\DR0 - ok
11:40:33.0078 1800	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:40:33.0125 1800	\Device\Harddisk1\DR1 - ok
11:40:33.0125 1800	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
11:40:33.0171 1800	\Device\Harddisk2\DR2 - ok
11:40:33.0171 1800	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR6
11:40:33.0781 1800	\Device\Harddisk3\DR6 - ok
11:40:33.0781 1800	Boot (0x1200)   (303956f4b7d031e2ab50e9091c03fdae) \Device\Harddisk0\DR0\Partition0
11:40:33.0781 1800	\Device\Harddisk0\DR0\Partition0 - ok
11:40:33.0781 1800	Boot (0x1200)   (eec7c32bed8c61244fa2ee05b1990b56) \Device\Harddisk1\DR1\Partition0
11:40:33.0781 1800	\Device\Harddisk1\DR1\Partition0 - ok
11:40:33.0781 1800	Boot (0x1200)   (92aa6e58bdf76968c27ba8f6b6318ede) \Device\Harddisk2\DR2\Partition0
11:40:33.0781 1800	\Device\Harddisk2\DR2\Partition0 - ok
11:40:33.0781 1800	Boot (0x1200)   (d91824221575654b1eaca7f31b4e6e8f) \Device\Harddisk3\DR6\Partition0
11:40:33.0781 1800	\Device\Harddisk3\DR6\Partition0 - ok
11:40:33.0796 1800	============================================================
11:40:33.0796 1800	Scan finished
11:40:33.0796 1800	============================================================
11:40:33.0890 2928	Detected object count: 4
11:40:33.0890 2928	Actual detected object count: 4
11:40:48.0156 2928	fireface ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928	fireface ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:48.0156 2928	NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928	NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:48.0156 2928	SynasUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928	SynasUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:48.0156 2928	UGURU ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928	UGURU ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:55.0296 3920	Deinitialize success

cosinus · 22.03.2012, 13:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bundeshase · 22.03.2012, 14:40

Hi Arne, ComboFix unterstützt leider Windows XP64bit nicht...wir brauchen wohl eine andere Lösung

cosinus · 22.03.2012, 15:38

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Bundeshase · 22.03.2012, 16:15

Hier der Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 15:43:10
-----------------------------
15:43:10.015 OS Version: Windows x64 5.2.3790 Service Pack 2
15:43:10.015 Number of processors: 4 586 0x1707
15:43:10.015 ComputerName: GREGSEN UserName:
15:43:11.562 Initialize success
15:45:03.859 AVAST engine defs: 12032000
15:45:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:45:09.593 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
15:45:09.593 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.609 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
15:45:09.609 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
15:45:09.625 Disk 0 MBR read successfully
15:45:09.625 Disk 0 MBR scan
15:45:09.750 Disk 0 Windows XP default MBR code
15:45:09.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:45:09.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:45:17.546 Service scanning
15:45:31.500 Modules scanning
15:45:31.500 Disk 0 trace - called modules:
15:45:31.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
15:45:31.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
15:45:31.500 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
15:45:31.500 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
15:45:32.156 AVAST engine scan C:\WINDOWS
15:45:49.343 AVAST engine scan C:\WINDOWS\system32
15:47:47.515 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:58.187 AVAST engine scan C:\Documents and Settings\Administrator
15:52:24.843 File: C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]
15:58:57.281 AVAST engine scan C:\Documents and Settings\All Users
16:03:13.968 Scan finished successfully
16:14:33.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:14:33.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

cosinus · 22.03.2012, 16:29

Zitat:

C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]

Wo hast du das Teil denn her?

Bundeshase · 22.03.2012, 16:30

...ich hab's nie runtergeladen O_o ich weiß nichtmal, was das ist!

cosinus · 22.03.2012, 16:32

Lösch bitte den Ordner \CryptLoad in C:\Documents and Settings\Administrator\My Documents\Downloads

Mach danach ein neues Log mit aswMBR

Bundeshase · 22.03.2012, 17:05

Hi Arne, hier der neue Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 16:37:55
-----------------------------
16:37:55.062 OS Version: Windows x64 5.2.3790 Service Pack 2
16:37:55.062 Number of processors: 4 586 0x1707
16:37:55.062 ComputerName: GREGSEN UserName:
16:37:56.640 Initialize success
16:40:45.156 AVAST engine defs: 12032000
16:42:13.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:42:13.781 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
16:42:13.781 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
16:42:13.781 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
16:42:13.796 Disk 0 MBR read successfully
16:42:13.796 Disk 0 MBR scan
16:42:13.843 Disk 0 Windows XP default MBR code
16:42:13.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
16:42:13.906 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:24.562 Service scanning
16:42:37.203 Modules scanning
16:42:37.203 Disk 0 trace - called modules:
16:42:37.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
16:42:37.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
16:42:37.234 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
16:42:37.234 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
16:42:38.078 AVAST engine scan C:\WINDOWS
16:42:49.687 AVAST engine scan C:\WINDOWS\system32
16:44:58.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:45:07.812 AVAST engine scan C:\Documents and Settings\Administrator
16:54:03.625 AVAST engine scan C:\Documents and Settings\All Users
16:57:34.437 Scan finished successfully
17:04:57.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:04:57.875 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

cosinus · 23.03.2012, 20:42

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bundeshase · 24.03.2012, 17:11

Hallo Arne,

super, tausend Dank dir. Hier die Vollscan-Logs von Malwarebytes, SuperAntiSpyware und ESET:

Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.23.05

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GREGSEN [Administrator]

24.03.2012 11:56:25
mbam-log-2012-03-24 (13-13-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 580111
Laufzeit: 1 Stunde(n), 12 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Ende)

SASW:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/24/2012 at 03:52 AM

Application Version : 5.0.1146

Core Rules Database Version : 8376
Trace Rules Database Version: 6188

Scan type : Complete Scan
Total Scan Time : 03:21:52

Operating System Information
Windows XP Professional 64-bit, Service Pack 2 (Build 5.02.3790)
Administrator

Memory items scanned : 367
Memory threats detected : 0
Registry items scanned : 65153
Registry threats detected : 1
File items scanned : 454056
File threats detected : 1

Disabled.SecurityCenterOption
(x64) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77f868b0b0ef86439fed1a800ffabf5c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-24 03:49:01
# local_time=2012-03-24 04:49:01 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 347743 347743 0 0
# compatibility_mode=8192 67108863 100 0 3798 3798 0 0
# scanned=453568
# found=3
# cleaned=0
# scan_time=12625
C:\Documents and Settings\Administrator\My Documents\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I

cosinus · 24.03.2012, 18:54

Zitat:

Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA

Aus welcher Quelle stammt das?

Bundeshase · 24.03.2012, 19:10

Hi Arne,

soweit ich das sehen kann ist das eine ganz normale Datei, die zum Spiel "Dawn of War" gehört - das zocke ich ab und zu mal. Sieht für meine Begriffe nicht verdächtig aus...was meinst du?

22.03.2012, 16:32	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit) Lösch bitte den Ordner \CryptLoad in C:\Documents and Settings\Administrator\My Documents\Downloads Mach danach ein neues Log mit aswMBR __________________ Logfiles bitte immer in CODE-Tags posten

Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit)

Log-Analyse und Auswertung: Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit)