| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System mit System-Tool befallenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.03.2011, 23:13
| #16 |
 |  System mit System-Tool befallen OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 23:11:34 on 02.03.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Norton Security Scan for MED2425.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\MED2425\AppData\Local\Temp\catchme.sys (File not found) "pwddifob" (pwddifob) - ? - C:\Users\MED2425\AppData\Local\Temp\pwddifob.sys (Hidden registry entry, rootkit activity | File not found) "pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys (File found, but it contains no detailed information) "pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys (File found, but it contains no detailed information) "Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - J:\Avira10\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - J:\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {0972B098-DEE9-4279-AC7E-4BAAA029102D} "PhotoboxPhotowaysUploader5 Control" - "PhotoBox Photoways" - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100914154950 {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\MED2425\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "J:\Avira10\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "J:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apache2.2" (Apache2.2) - "Apache Software Foundation" - J:\VirtServer\xampp\apache\bin\httpd.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - J:\Avira10\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - J:\Avira10\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "FileZilla Server" (FileZilla Server) - "FileZilla Project" - J:\VirtServer\xampp\FileZillaFTP\FileZilla server.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\MAHJON~1.SCR (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
02.03.2011, 23:19
| #17 |
| | System mit System-Tool befallen MBRCheck, version 1.2.3
__________________(c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDION System Product Name: E6214 Logical Drives Mask: 0x000007fc Kernel Drivers (total 147): 0x82E41000 \SystemRoot\system32\ntkrnlpa.exe 0x82E0A000 \SystemRoot\system32\halmacpi.dll 0x80BA3000 \SystemRoot\system32\kdcom.dll 0x8C02A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C0A2000 \SystemRoot\system32\PSHED.dll 0x8C0B3000 \SystemRoot\system32\BOOTVID.dll 0x8C0BB000 \SystemRoot\system32\CLFS.SYS 0x8C0FD000 \SystemRoot\system32\CI.dll 0x8C228000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8C299000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8C2A7000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8C2EF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8C2F8000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8C300000 \SystemRoot\system32\DRIVERS\pci.sys 0x8C32A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8C335000 \SystemRoot\System32\drivers\partmgr.sys 0x8C346000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8C34E000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8C359000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8C369000 \SystemRoot\System32\drivers\volmgrx.sys 0x8C3B4000 \SystemRoot\System32\drivers\mountmgr.sys 0x8C401000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8C5B4000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8C5BD000 \SystemRoot\system32\drivers\fltmgr.sys 0x8C3CA000 \SystemRoot\system32\drivers\fileinfo.sys 0x8C629000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8C758000 \SystemRoot\System32\Drivers\msrpc.sys 0x8C783000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8C796000 \SystemRoot\System32\Drivers\cng.sys 0x8C600000 \SystemRoot\System32\drivers\pcw.sys 0x8C60E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8C822000 \SystemRoot\system32\drivers\ndis.sys 0x8C8D9000 \SystemRoot\system32\drivers\NETIO.SYS 0x8C917000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8CA0F000 \SystemRoot\System32\drivers\tcpip.sys 0x8CB58000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8CB89000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8CBC8000 \SystemRoot\System32\Drivers\spldr.sys 0x8CBD0000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C93C000 \SystemRoot\System32\Drivers\mup.sys 0x8CA00000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8C94C000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C97E000 \SystemRoot\system32\DRIVERS\disk.sys 0x8C98F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x91FD7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91FF6000 \SystemRoot\System32\Drivers\Null.SYS 0x91E00000 \SystemRoot\System32\Drivers\Beep.SYS 0x91E07000 \SystemRoot\System32\drivers\vga.sys 0x8C9C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8C9E2000 \SystemRoot\System32\drivers\watchdog.sys 0x8C9EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8C9F7000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C800000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8C808000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C813000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8C3DB000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8C617000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9240D000 \SystemRoot\system32\drivers\afd.sys 0x92467000 \SystemRoot\System32\DRIVERS\netbt.sys 0x92499000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x924A0000 \SystemRoot\system32\DRIVERS\pacer.sys 0x924BF000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x924D0000 \SystemRoot\system32\DRIVERS\netbios.sys 0x924DE000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x924F1000 \SystemRoot\system32\DRIVERS\termdd.sys 0x92501000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x92507000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92548000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92552000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9255C000 \SystemRoot\System32\drivers\discache.sys 0x92568000 \SystemRoot\System32\Drivers\dfsc.sys 0x92580000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x9258E000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x925B4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x92A2D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x930B4000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x9316B000 \SystemRoot\System32\drivers\dxgmms1.sys 0x931A4000 \SystemRoot\system32\DRIVERS\HECI.sys 0x931AF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8C1A8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x931BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x931DD000 \SystemRoot\system32\DRIVERS\L1C62x86.sys 0x9660E000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0x96721000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9672B000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9672F000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x96747000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x96754000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9678B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9678D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9679A000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x967BB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x967C4000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x967D6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x967E3000 \SystemRoot\System32\Drivers\x10hid.sys 0x967E5000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x967F8000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x92A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92A12000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x96600000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x925D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8C200000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C000000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x9502A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x95041000 \SystemRoot\system32\DRIVERS\swenum.sys 0x95043000 \SystemRoot\system32\DRIVERS\ks.sys 0x95077000 \SystemRoot\system32\DRIVERS\umbus.sys 0x95085000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x950C9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x950D5000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9740F000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x976F2000 \SystemRoot\system32\drivers\portcls.sys 0x97721000 \SystemRoot\system32\drivers\drmk.sys 0x9773A000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x97930000 \SystemRoot\System32\win32k.sys 0x97778000 \SystemRoot\System32\drivers\Dxapi.sys 0x97782000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91E13000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9778F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x977A0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x977AB000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x97B90000 \SystemRoot\System32\TSDDD.dll 0x97BC0000 \SystemRoot\System32\cdd.dll 0x977E2000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x977B5000 \SystemRoot\system32\drivers\luafv.sys 0x950E6000 \SystemRoot\system32\drivers\WudfPf.sys 0x977D0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x95100000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x95146000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x95156000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x95169000 \SystemRoot\system32\drivers\HTTP.sys 0x977F7000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x95000000 \SystemRoot\system32\DRIVERS\bowser.sys 0x951EE000 \SystemRoot\System32\drivers\mpsdrv.sys 0xADA28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xADA4B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xADA86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xADAB9000 \SystemRoot\system32\drivers\peauth.sys 0xADB50000 \SystemRoot\System32\Drivers\secdrv.SYS 0xADB5A000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xADB7B000 \SystemRoot\System32\drivers\tcpipreg.sys 0xADB88000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9C024000 \SystemRoot\System32\DRIVERS\srv.sys 0x76E30000 \Windows\System32\ntdll.dll 0x48310000 \Windows\System32\smss.exe 0x77070000 \Windows\System32\apisetschema.dll 0x00F50000 \Windows\System32\autochk.exe Processes (total 70): 0 System Idle Process 4 System 316 C:\Windows\System32\smss.exe 456 csrss.exe 512 C:\Windows\System32\wininit.exe 520 csrss.exe 560 C:\Windows\System32\services.exe 596 C:\Windows\System32\lsass.exe 604 C:\Windows\System32\lsm.exe 704 C:\Windows\System32\svchost.exe 764 J:\Avira10\Avira\AntiVir Desktop\avguard.exe 796 J:\Avira10\Avira\AntiVir Desktop\avshadow.exe 804 C:\Windows\System32\conhost.exe 836 C:\Windows\System32\winlogon.exe 996 C:\Windows\System32\svchost.exe 1060 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1164 C:\Windows\System32\svchost.exe 1244 C:\Windows\System32\audiodg.exe 1300 C:\Windows\System32\svchost.exe 1436 C:\Windows\System32\svchost.exe 1640 C:\Windows\System32\spoolsv.exe 1684 J:\Avira10\Avira\AntiVir Desktop\sched.exe 1704 C:\Windows\System32\svchost.exe 1808 J:\VirtServer\xampp\apache\bin\httpd.exe 1856 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe 1896 J:\VirtServer\xampp\FileZillaFTP\FileZilla Server.exe 1968 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 120 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 328 C:\Program Files\CyberLink\Shared files\RichVideo.exe 476 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1320 C:\Windows\System32\svchost.exe 1524 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 524 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 2060 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 2316 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2508 C:\Windows\System32\taskhost.exe 2572 C:\Windows\System32\taskeng.exe 2580 C:\Windows\System32\dwm.exe 2652 C:\Windows\explorer.exe 2904 C:\Program Files\Launch Manager\HotkeyApp.exe 2932 C:\Program Files\Launch Manager\OSD.exe 2956 C:\Program Files\Launch Manager\WButton.exe 2964 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 3092 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3100 C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe 3208 C:\Windows\System32\hkcmd.exe 3240 C:\Windows\System32\igfxpers.exe 3388 J:\Avira10\Avira\AntiVir Desktop\avgnt.exe 3396 C:\Windows\System32\igfxsrvc.exe 3420 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3452 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3732 J:\VirtServer\xampp\apache\bin\httpd.exe 3004 C:\Program Files\Launch Manager\WisLMSvc.exe 1580 C:\Windows\System32\SearchIndexer.exe 3628 WmiPrvSE.exe 3288 C:\Windows\System32\svchost.exe 4276 C:\Windows\System32\SearchProtocolHost.exe 4296 C:\Program Files\Windows Media Player\wmpnetwk.exe 4392 C:\Windows\System32\SearchFilterHost.exe 4928 C:\Windows\System32\svchost.exe 5372 C:\Program Files\Internet Explorer\iexplore.exe 5420 C:\Program Files\Internet Explorer\iexplore.exe 5516 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 5856 dllhost.exe 6108 C:\Program Files\Internet Explorer\iexplore.exe 1212 dllhost.exe 1036 dllhost.exe 4716 C:\Users\MED2425\Desktop\MBRCheck.exe 4940 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006a`30908000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000c`7045bc00 (NTFS) \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000025`95f0d200 (NTFS) \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000032`47e81c00 (NTFS) \\.\I: --> \\.\PhysicalDrive0 at offset 0x0000003e`f9df6600 (NTFS) \\.\J: --> \\.\PhysicalDrive0 at offset 0x00000051`c6501600 (NTFS) \\.\K: --> \\.\PhysicalDrive0 at offset 0x0000005d`fb42e200 (NTFS) PhysicalDrive0 Model Number: WDCWD5000BEVT-00A0RT0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F61074C24A6DA26C38919A0032AE32ED64E1F93E Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
03.03.2011, 12:18
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System mit System-Tool befallenZitat:
__________________ |
|
03.03.2011, 16:24
| #19 |
| | System mit System-Tool befallen 2011/03/03 16:22:03.0223 4104 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30 2011/03/03 16:22:03.0457 4104 ================================================================================ 2011/03/03 16:22:03.0457 4104 SystemInfo: 2011/03/03 16:22:03.0457 4104 2011/03/03 16:22:03.0457 4104 OS Version: 6.1.7600 ServicePack: 0.0 2011/03/03 16:22:03.0457 4104 Product type: Workstation 2011/03/03 16:22:03.0457 4104 ComputerName: MED2425-PC 2011/03/03 16:22:03.0457 4104 UserName: MED2425 2011/03/03 16:22:03.0457 4104 Windows directory: C:\Windows 2011/03/03 16:22:03.0457 4104 System windows directory: C:\Windows 2011/03/03 16:22:03.0457 4104 Processor architecture: Intel x86 2011/03/03 16:22:03.0457 4104 Number of processors: 4 2011/03/03 16:22:03.0457 4104 Page size: 0x1000 2011/03/03 16:22:03.0457 4104 Boot type: Normal boot 2011/03/03 16:22:03.0457 4104 ================================================================================ 2011/03/03 16:22:03.0987 4104 Initialize success 2011/03/03 16:22:15.0157 4092 ================================================================================ 2011/03/03 16:22:15.0157 4092 Scan started 2011/03/03 16:22:15.0157 4092 Mode: Manual; 2011/03/03 16:22:15.0157 4092 ================================================================================ 2011/03/03 16:22:17.0169 4092 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/03/03 16:22:17.0263 4092 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/03/03 16:22:17.0356 4092 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/03/03 16:22:17.0622 4092 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/03/03 16:22:17.0746 4092 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/03/03 16:22:17.0871 4092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/03/03 16:22:18.0012 4092 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/03/03 16:22:18.0121 4092 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/03/03 16:22:18.0230 4092 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/03/03 16:22:18.0355 4092 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/03/03 16:22:18.0448 4092 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/03/03 16:22:18.0511 4092 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/03/03 16:22:18.0604 4092 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/03/03 16:22:18.0729 4092 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/03/03 16:22:18.0838 4092 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/03/03 16:22:18.0948 4092 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/03/03 16:22:18.0979 4092 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/03/03 16:22:19.0166 4092 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/03/03 16:22:19.0306 4092 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/03/03 16:22:19.0400 4092 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/03/03 16:22:19.0509 4092 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/03 16:22:19.0603 4092 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/03/03 16:22:19.0712 4092 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/03/03 16:22:19.0806 4092 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/03/03 16:22:19.0930 4092 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/03/03 16:22:19.0993 4092 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/03/03 16:22:20.0133 4092 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/03/03 16:22:20.0258 4092 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/03/03 16:22:20.0352 4092 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/03 16:22:20.0461 4092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/03/03 16:22:20.0554 4092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/03/03 16:22:20.0679 4092 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/03/03 16:22:20.0788 4092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/03/03 16:22:20.0898 4092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/03/03 16:22:20.0991 4092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/03/03 16:22:21.0085 4092 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/03 16:22:21.0319 4092 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/03 16:22:21.0428 4092 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/03 16:22:21.0537 4092 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/03/03 16:22:21.0646 4092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/03/03 16:22:21.0724 4092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/03 16:22:21.0818 4092 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/03/03 16:22:21.0927 4092 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/03/03 16:22:21.0974 4092 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/03 16:22:22.0099 4092 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/03/03 16:22:22.0208 4092 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/03/03 16:22:22.0364 4092 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/03/03 16:22:22.0473 4092 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/03/03 16:22:22.0582 4092 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/03/03 16:22:22.0723 4092 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/03/03 16:22:22.0801 4092 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/03 16:22:22.0988 4092 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/03/03 16:22:23.0206 4092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/03/03 16:22:23.0347 4092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/03/03 16:22:23.0456 4092 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/03/03 16:22:23.0581 4092 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/03/03 16:22:23.0690 4092 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/03 16:22:23.0752 4092 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/03/03 16:22:23.0784 4092 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/03/03 16:22:23.0940 4092 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/03 16:22:23.0986 4092 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/03/03 16:22:24.0111 4092 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/03/03 16:22:24.0220 4092 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/03 16:22:24.0314 4092 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/03 16:22:24.0423 4092 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/03/03 16:22:24.0579 4092 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/03/03 16:22:24.0642 4092 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/03/03 16:22:24.0782 4092 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/03 16:22:24.0891 4092 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 2011/03/03 16:22:24.0938 4092 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/03/03 16:22:25.0032 4092 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/03 16:22:25.0078 4092 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/03/03 16:22:25.0125 4092 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/03 16:22:25.0250 4092 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/03/03 16:22:25.0375 4092 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/03/03 16:22:25.0406 4092 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/03/03 16:22:25.0437 4092 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/03 16:22:25.0562 4092 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys 2011/03/03 16:22:25.0687 4092 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/03/03 16:22:25.0874 4092 igfx (9ccb5e4766c1a13425fd10bcecc64a33) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/03/03 16:22:26.0108 4092 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/03/03 16:22:26.0186 4092 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys 2011/03/03 16:22:26.0373 4092 IntcAzAudAddService (e4d9b6d1b012db75a01729bc3d4c5b56) C:\Windows\system32\drivers\RTKVHDA.sys 2011/03/03 16:22:26.0514 4092 IntcDAud (4ea6b57a3b71fd1a208af054e97fba37) C:\Windows\system32\DRIVERS\IntcDAud.sys 2011/03/03 16:22:26.0623 4092 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/03/03 16:22:26.0748 4092 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/03 16:22:26.0779 4092 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/03 16:22:26.0888 4092 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/03/03 16:22:26.0919 4092 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/03/03 16:22:26.0950 4092 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/03/03 16:22:26.0982 4092 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/03/03 16:22:27.0013 4092 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/03 16:22:27.0138 4092 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/03 16:22:27.0216 4092 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/03/03 16:22:27.0262 4092 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/03 16:22:27.0356 4092 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/03/03 16:22:27.0418 4092 L1C (6ef8146358452995a4a9335e44abb015) C:\Windows\system32\DRIVERS\L1C62x86.sys 2011/03/03 16:22:27.0559 4092 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/03 16:22:27.0668 4092 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/03/03 16:22:27.0715 4092 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/03/03 16:22:27.0746 4092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/03/03 16:22:27.0840 4092 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/03/03 16:22:27.0886 4092 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/03/03 16:22:27.0980 4092 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/03/03 16:22:28.0027 4092 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/03/03 16:22:28.0152 4092 mod7700 (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys 2011/03/03 16:22:28.0198 4092 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/03/03 16:22:28.0245 4092 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/03 16:22:28.0370 4092 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/03 16:22:28.0495 4092 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/03 16:22:28.0526 4092 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/03/03 16:22:28.0557 4092 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/03/03 16:22:28.0604 4092 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/03 16:22:28.0713 4092 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/03/03 16:22:28.0791 4092 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/03 16:22:28.0838 4092 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/03 16:22:28.0869 4092 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/03 16:22:28.0900 4092 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/03/03 16:22:28.0994 4092 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/03/03 16:22:29.0056 4092 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/03/03 16:22:29.0072 4092 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/03/03 16:22:29.0103 4092 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/03/03 16:22:29.0228 4092 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/03 16:22:29.0337 4092 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/03 16:22:29.0462 4092 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/03/03 16:22:29.0493 4092 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/03/03 16:22:29.0540 4092 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/03 16:22:29.0571 4092 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/03/03 16:22:29.0602 4092 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/03/03 16:22:29.0634 4092 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/03/03 16:22:29.0758 4092 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/03 16:22:29.0852 4092 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/03/03 16:22:29.0961 4092 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/03/03 16:22:30.0024 4092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/03 16:22:30.0055 4092 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/03 16:22:30.0086 4092 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/03 16:22:30.0117 4092 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/03/03 16:22:30.0133 4092 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/03 16:22:30.0164 4092 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/03 16:22:30.0289 4092 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/03/03 16:22:30.0320 4092 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/03/03 16:22:30.0414 4092 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/03 16:22:30.0570 4092 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/03/03 16:22:30.0710 4092 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/03/03 16:22:30.0788 4092 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/03/03 16:22:30.0835 4092 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/03/03 16:22:30.0866 4092 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/03/03 16:22:30.0913 4092 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/03 16:22:31.0022 4092 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/03/03 16:22:31.0053 4092 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/03/03 16:22:31.0084 4092 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/03/03 16:22:31.0178 4092 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/03/03 16:22:31.0225 4092 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/03/03 16:22:31.0272 4092 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/03/03 16:22:31.0318 4092 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/03/03 16:22:31.0396 4092 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/03/03 16:22:31.0568 4092 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/03 16:22:31.0646 4092 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/03/03 16:22:31.0724 4092 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/03 16:22:31.0833 4092 pwdrvio (297e2746df41528a0950f3af80cedb2d) C:\Windows\system32\pwdrvio.sys 2011/03/03 16:22:31.0942 4092 pwdspio (bc7d54cdbe3bbfe52f09cb7b20c3d365) C:\Windows\system32\pwdspio.sys 2011/03/03 16:22:32.0020 4092 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/03/03 16:22:32.0145 4092 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/03/03 16:22:32.0208 4092 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/03 16:22:32.0223 4092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/03 16:22:32.0332 4092 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/03/03 16:22:32.0364 4092 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/03 16:22:32.0410 4092 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/03 16:22:32.0504 4092 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/03 16:22:32.0551 4092 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/03 16:22:32.0598 4092 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/03/03 16:22:32.0629 4092 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/03 16:22:32.0738 4092 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/03 16:22:32.0816 4092 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/03/03 16:22:32.0847 4092 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/03/03 16:22:32.0972 4092 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/03/03 16:22:33.0112 4092 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/03 16:22:33.0222 4092 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\Windows\System32\Drivers\RtsUStor.sys 2011/03/03 16:22:33.0362 4092 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys 2011/03/03 16:22:33.0440 4092 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/03/03 16:22:33.0534 4092 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/03/03 16:22:33.0674 4092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/03 16:22:33.0814 4092 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/03 16:22:33.0861 4092 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/03/03 16:22:33.0908 4092 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/03/03 16:22:34.0033 4092 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/03/03 16:22:34.0048 4092 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/03/03 16:22:34.0080 4092 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/03/03 16:22:34.0142 4092 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/03/03 16:22:34.0267 4092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/03/03 16:22:34.0314 4092 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/03/03 16:22:34.0407 4092 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/03/03 16:22:34.0438 4092 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/03/03 16:22:34.0485 4092 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/03/03 16:22:34.0548 4092 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/03/03 16:22:34.0594 4092 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/03 16:22:34.0626 4092 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/03 16:22:34.0688 4092 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/03/03 16:22:34.0782 4092 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/03/03 16:22:34.0906 4092 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/03 16:22:35.0016 4092 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys 2011/03/03 16:22:35.0125 4092 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/03/03 16:22:35.0281 4092 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/03 16:22:35.0328 4092 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/03 16:22:35.0359 4092 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/03/03 16:22:35.0374 4092 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/03/03 16:22:35.0406 4092 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/03 16:22:35.0437 4092 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/03 16:22:35.0562 4092 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/03 16:22:35.0671 4092 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/03 16:22:35.0780 4092 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/03/03 16:22:35.0842 4092 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/03 16:22:35.0983 4092 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/03/03 16:22:36.0092 4092 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/03 16:22:36.0201 4092 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/03/03 16:22:36.0342 4092 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/03/03 16:22:36.0404 4092 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/03 16:22:36.0498 4092 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/03/03 16:22:36.0607 4092 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/03 16:22:36.0716 4092 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/03 16:22:36.0825 4092 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/03/03 16:22:36.0872 4092 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/03 16:22:36.0934 4092 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\DRIVERS\usbser.sys 2011/03/03 16:22:36.0981 4092 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/03 16:22:37.0075 4092 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/03 16:22:37.0184 4092 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys 2011/03/03 16:22:37.0309 4092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/03/03 16:22:37.0434 4092 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/03 16:22:37.0465 4092 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/03/03 16:22:37.0496 4092 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/03/03 16:22:37.0621 4092 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/03/03 16:22:37.0652 4092 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/03/03 16:22:37.0683 4092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/03/03 16:22:37.0730 4092 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/03/03 16:22:37.0777 4092 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/03/03 16:22:37.0870 4092 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/03/03 16:22:37.0964 4092 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/03/03 16:22:38.0011 4092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/03/03 16:22:38.0136 4092 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/03/03 16:22:38.0245 4092 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/03/03 16:22:38.0370 4092 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/03/03 16:22:38.0401 4092 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/03 16:22:38.0416 4092 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/03 16:22:38.0541 4092 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/03/03 16:22:38.0588 4092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/03 16:22:38.0728 4092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/03/03 16:22:38.0760 4092 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/03/03 16:22:38.0916 4092 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/03/03 16:22:39.0025 4092 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/03/03 16:22:39.0165 4092 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/03 16:22:39.0259 4092 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/03/03 16:22:39.0321 4092 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/03 16:22:39.0446 4092 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys 2011/03/03 16:22:39.0571 4092 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys 2011/03/03 16:22:39.0711 4092 ================================================================================ 2011/03/03 16:22:39.0711 4092 Scan finished 2011/03/03 16:22:39.0711 4092 ================================================================================ |
|
03.03.2011, 16:30
| #20 |
| | System mit System-Tool befallen Norman TDSS Cleaner Version 2.0.2 Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24 Scan started: 2011/03/03 16:26:09 Running pre-scan cleanup routine: Operating System: Microsoft Windows 7 6.1.7600 Logged on user: MED2425-PC\MED2425 Scanning kernel... Scan complete |
|
04.03.2011, 12:32
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System mit System-Tool befallen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> System mit System-Tool befallen |
|
04.03.2011, 17:59
| #22 |
| | System mit System-Tool befallen Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5952 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 04.03.2011 17:57:28 mbam-log-2011-03-04 (17-57-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|) Durchsuchte Objekte: 282680 Laufzeit: 42 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
04.03.2011, 19:20
| #23 |
| | System mit System-Tool befallen SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 03/04/2011 at 07:17 PM Application Version : 4.49.1000 Core Rules Database Version : 6532 Trace Rules Database Version: 4344 Scan type : Complete Scan Total Scan Time : 01:10:58 Memory items scanned : 795 Memory threats detected : 0 Registry items scanned : 9331 Registry threats detected : 0 File items scanned : 139117 File threats detected : 0 |
|
04.03.2011, 21:48
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System mit System-Tool befallen Keine Funde. Rechner wieder soweit ok? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2011, 15:08
| #25 |
| | System mit System-Tool befallen Ja funktioniert eigentlich alles wieder! -> Danke schön Kann ich dann die ganzen Programme wieder entfernen OTL....? MFG tjodan |
|
07.03.2011, 15:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System mit System-Tool befallen Ja kann runter. Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink (Mozilla und andere Browser) => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2011, 15:28
| #27 |
| | System mit System-Tool befallen Okay, mach ich! -> Und dankeschön für die Hilfe Gruß tjodan |
|
| Themen zu System mit System-Tool befallen |
| abend, befallen, dateien, gestern, infizierte, infizierten, logdateien, malewarebytes, neustart, programm, system, system tool, tool, troja, trojaner, virus, zeichen |
Linear-Darstellung
