Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira Antivir findet PSW.Karagany.A.73 (https://www.trojaner-board.de/110439-avira-antivir-findet-psw-karagany-a-73-a.html)

jvde 25.02.2012 20:21
Avira Antivir findet PSW.Karagany.A.73
 
Hallo zusammen,
habe am 22. und 24.2.12 jeweils die Meldung von Avira Antivir bekommen das
PSW.Karagany.A.73 gefunden wurde. Zuvor hat ThreatFire jeweils Prozesse blockiert die ich auch gesperrt habe. Nach dem ersten Auftreten war die Vermutung 'erledigt' , nach dem 2. gehe ich davon aus das sich etwas eingenistet hat. Beim 2. Angriff war Processhacker im Hintergrund aktiv wo man sehen kann das unter Firefox,Plugin-container.exe,java.exe,iope0.527120022577982.exe und dort ein Prozess ~!'24.tmp läuft der mit der IP 95.163.67.189 in Moscow Russia kommuniziert.
Gibt es da noch eine Rettung?
Hänge mal die empfohlenen Logfiles an vielleicht kann mal jemand drüber schaun.

cosinus 26.02.2012 17:12
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

jvde 27.02.2012 13:06
kurze Nachfrage: Online mit ESET scannen OHNE Virenscanner und Threatfire , quasi mit offenen Toren ohne Schutz stundenlang online scannen lassen, habe ich das richtig verstanden? Ist das nicht richtig gefährlich?:confused:
Gruß jvde

cosinus 27.02.2012 14:50
Zitat:
Ist das nicht richtig gefährlich?
Nein. Ein nicht aktiver Virenscanner ist kein offenes Tor.
Und ja, man kann auch ein System ohne Virenscanner im Hintergrund sicher betreiben, aber darum geht es nicht. Dein Virenscanner im Hintergrund würde ESET mehr stören als nützen

jvde 27.02.2012 20:02
Hier erst mal den Anti-Malware.log ESET läuft noch

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JM :: HOME-2910092118 [Administrator]

27.02.2012 00:03:10
mbam-log-2012-02-27 (00-03-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1118384
Laufzeit: 3 Stunde(n), 51 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
H:\Dokumente und Einstellungen\JM\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\50cf9ad4-2b3bb29e (Trojan.Downloader.bh) -> Erfolgreich gelöscht und in

Quarantäne gestellt.
W:\System Volume Information\_restore{5255D9C6-DE18-40F1-8AF3-E9E9C35499F3}\RP439\A0121244.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne

gestellt.

(Ende)

jvde 28.02.2012 08:21
So und hier nun das Log vom ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fb44fe53ea4d0046855d1a577edb12c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-27 10:25:22
# local_time=2012-02-27 11:25:22 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775125 100 100 503548 95833847 496326 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3898 3898 0 0
# scanned=887851
# found=8
# cleaned=0
# scan_time=25873
D:\Program Files\myTeVii\MyTheatre.exe        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I
H:\Programme\GPT\GnuPT-Portable.exe        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
H:\Programme\myTeVii\MyTheatre.exe        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I
W:\Temp_1\GPT\GnuPT-Portable.exe        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
W:\Temp_1\Ultimate_boot_CD\boot\austrumi.tgz        PHP/Rst.AK trojan (unable to clean)        00000000000000000000000000000000        I
W:\Temp_1\wb\ISO\PicoXP.iso        probably a variant of Win32/PSW.Agent.KTZHFJR trojan (unable to clean)        00000000000000000000000000000000        I
W:\Temp_1\wb\ISO\VistaPE.iso        probably a variant of Win32/PSW.Agent.KTZHFJR trojan (unable to clean)        00000000000000000000000000000000        I
W:\Temp_1\wb\Neuer Ordner\VistaPE.iso        probably a variant of Win32/PSW.Agent.KTZHFJR trojan (unable to clean)        00000000000000000000000000000000        I
Zur Info der Rechner ist ein Multibootsystem mit D: Win7 Home Premium, H: WinXP Home SP3, S: Win7 Ultimate alle anderen Partitionen sind Datenpartitionen.

jvde

cosinus 28.02.2012 11:10
Zitat:
W:\Temp_1\Ultimate_boot_CD\boot\austrumi.tgz PHP/Rst.AK trojan (unable to clean) 00000000000000000000000000000000 I
W:\Temp_1\wb\ISO\PicoXP.iso probably a variant of Win32/PSW.Agent.KTZHFJR trojan (unable to clean) 00000000000000000000000000000000 I
W:\Temp_1\wb\ISO\VistaPE.iso probably a variant of Win32/PSW.Agent.KTZHFJR trojan (unable to clean) 00000000000000000000000000000000 I
W:\Temp_1\wb\Neuer Ordner\VistaPE.iso

Aus welcher Quelle stammen diese ISOs?

jvde 28.02.2012 19:44
das sollten alte Images sogenannt "Tool-CD/DVD's" diverser Computerzeitschriften sein.
jvde

cosinus 28.02.2012 22:22
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

jvde 29.02.2012 20:27
leider ist das OTL.log zu lang deshalb als Archiv.

jvde

cosinus 01.03.2012 12:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1078081533-854245398-725345543-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - H:\Programme\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 192.168.2.101;127.0.0.1:9421;
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - H:\Programme\Star Downloader\SDIEInt.dll ()
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-854245398-725345543-1004\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKU\S-1-5-21-1078081533-854245398-725345543-1004..\Run: [Akamai NetSession Interface] H:\Dokumente und Einstellungen\JM\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1078081533-854245398-725345543-1004..\Run: [JFSW2Launch] H:\Dokumente und Einstellungen\JM\Anwendungsdaten\Transcend\JFSW2\JFSW2Launch.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - S:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70d2ce8c-cb7e-11de-93f6-00d05c080f8f}\Shell\AutoRun\command - "" = setup.exe -- [2011.06.26 16:30:52 | 021,707,000 | ---- | M] ()
MsConfig - StartUpReg: rfxsrvtray - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
@Alternate Data Stream - 48 bytes -> H:\Dokumente und Einstellungen\All Users\DRM:??????????
@Alternate Data Stream - 176 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EB2F6FB8
@Alternate Data Stream - 166 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BF98CBAF
@Alternate Data Stream - 159 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2AEBCB5B
@Alternate Data Stream - 152 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF
@Alternate Data Stream - 12 bytes -> H:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 118 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B0832161
@Alternate Data Stream - 112 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:425D0709
@Alternate Data Stream - 108 bytes -> H:\WINDOWS:
@Alternate Data Stream - 104 bytes -> H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E4174418
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jvde 01.03.2012 20:12
nach Neustart erschien folgendes Logfile:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.
H:\Programme\AskSearch\bin\DefaultSearch.dll moved successfully.
HKU\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFEF0-5B30-21D4-945D-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFEF0-5B30-21D4-945D-000000000000}\ deleted successfully.
H:\Programme\Star Downloader\SDIEInt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
H:\Dokumente und Einstellungen\JM\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\JFSW2Launch deleted successfully.
H:\Dokumente und Einstellungen\JM\Anwendungsdaten\Transcend\JFSW2\JFSW2Launch.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\autoexec.bat moved successfully.
S:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70d2ce8c-cb7e-11de-93f6-00d05c080f8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d2ce8c-cb7e-11de-93f6-00d05c080f8f}\ not found.
setup.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\rfxsrvtray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ deleted successfully.
Unable to delete ADS H:\Dokumente und Einstellungen\All Users\DRM:?????????? .
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EB2F6FB8 deleted successfully.
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BF98CBAF deleted successfully.
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2AEBCB5B deleted successfully.
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF deleted successfully.
ADS H:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B0832161 deleted successfully.
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:425D0709 deleted successfully.
Unable to delete ADS H:\WINDOWS: .
ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E4174418 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 279208 bytes
->Temporary Internet Files folder emptied: 279610 bytes
 
User: ***
->Temp folder emptied: 6977810 bytes
->Temporary Internet Files folder emptied: 4875741 bytes
->FireFox cache emptied: 39403830 bytes
->Opera cache emptied: 4745851 bytes
->Flash cache emptied: 1508 bytes
 
User: JM
->Temp folder emptied: 76756469 bytes
->Temporary Internet Files folder emptied: 78462158 bytes
->Java cache emptied: 14334588 bytes
->FireFox cache emptied: 293345096 bytes
->Opera cache emptied: 224536 bytes
->Flash cache emptied: 18281 bytes
 
User: LocalService
->Temp folder emptied: 694684 bytes
->Temporary Internet Files folder emptied: 27187550 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2837504 bytes
%systemroot%\System32\dllcache .tmp files removed: 322012400 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3793526 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 838,00 mb
 
H:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.1 log created on 03012012_125448

Files\Folders moved on Reboot...
File\Folder H:\WINDOWS\temp\Perflib_Perfdata_5d0.dat not found!

Registry entries deleted on Reboot...
jvde

cosinus 01.03.2012 20:44
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

jvde 01.03.2012 21:15
hier isses, das tdss.log

Code:
21:02:30.0843 5836        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:02:31.0015 5836        ============================================================
21:02:31.0015 5836        Current date / time: 2012/03/01 21:02:31.0015
21:02:31.0015 5836        SystemInfo:
21:02:31.0015 5836       
21:02:31.0015 5836        OS Version: 5.1.2600 ServicePack: 3.0
21:02:31.0015 5836        Product type: Workstation
21:02:31.0015 5836        ComputerName: HOME-2910092118
21:02:31.0015 5836        UserName: JM
21:02:31.0015 5836        Windows directory: H:\WINDOWS
21:02:31.0015 5836        System windows directory: H:\WINDOWS
21:02:31.0015 5836        Processor architecture: Intel x86
21:02:31.0015 5836        Number of processors: 4
21:02:31.0015 5836        Page size: 0x1000
21:02:31.0015 5836        Boot type: Normal boot
21:02:31.0015 5836        ============================================================
21:02:32.0015 5836        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:02:32.0015 5836        Drive \Device\Harddisk1\DR10 - Size: 0x0 (0.00 Gb), SectorSize: 0x200, Cylinders: 0xFFFFFFFF, SectorsPerTrack: 0x1, TracksPerCylinder: 0x1, Type 'W'
21:02:32.0031 5836        Drive \Device\Harddisk4\DR13 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:02:32.0031 5836        \Device\Harddisk0\DR0:
21:02:32.0031 5836        MBR used
21:02:32.0031 5836        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4EFA824
21:02:32.0031 5836        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4EFA863, BlocksNum 0x61B746A
21:02:32.0046 5836        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB0B5B8E, BlocksNum 0x3C02F0D
21:02:32.0062 5836        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xECB8ADA, BlocksNum 0x6407802
21:02:32.0062 5836        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x150C031B, BlocksNum 0x13DE408E
21:02:32.0078 5836        \Device\Harddisk0\DR0\Partition5: MBR, Type 0xB, StartLBA 0x28EA43E8, BlocksNum 0x1C9FBE40
21:02:32.0078 5836        \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x458A026D, BlocksNum 0xDC5FBF1
21:02:32.0093 5836        \Device\Harddisk0\DR0\Partition7: MBR, Type 0xB, StartLBA 0x534FFE9D, BlocksNum 0x1E036A0
21:02:32.0093 5836        \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x55303584, BlocksNum 0x1F402439
21:02:32.0093 5836        \Device\Harddisk1\DR10:
21:02:32.0093 5836        Invalid mbr signature
21:02:32.0093 5836        \Device\Harddisk4\DR13:
21:02:32.0109 5836        MBR used
21:02:32.0109 5836        \Device\Harddisk4\DR13\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
21:02:32.0328 5836        Initialize success
21:02:32.0328 5836        ============================================================
21:03:18.0343 1240        ============================================================
21:03:18.0343 1240        Scan started
21:03:18.0343 1240        Mode: Manual; SigCheck; TDLFS;
21:03:18.0343 1240        ============================================================
21:03:18.0984 1240        Abiosdsk - ok
21:03:18.0984 1240        abp480n5 - ok
21:03:19.0015 1240        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:19.0250 1240        ACPI - ok
21:03:19.0281 1240        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) H:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:19.0343 1240        ACPIEC - ok
21:03:19.0406 1240        adpu160m - ok
21:03:19.0421 1240        aec            (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
21:03:19.0500 1240        aec - ok
21:03:19.0515 1240        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
21:03:19.0546 1240        AFD - ok
21:03:19.0593 1240        Aha154x - ok
21:03:19.0609 1240        aic78u2 - ok
21:03:19.0609 1240        aic78xx - ok
21:03:19.0625 1240        AliIde - ok
21:03:19.0640 1240        amdide          (6e58654cb25730b2579e45e1fd116a47) H:\WINDOWS\system32\DRIVERS\amdide.sys
21:03:19.0656 1240        amdide - ok
21:03:19.0671 1240        AmdPPM          (033448d435e65c4bd72e70521fd05c76) H:\WINDOWS\system32\DRIVERS\AmdPPM.sys
21:03:19.0687 1240        AmdPPM - ok
21:03:19.0703 1240        amsint - ok
21:03:19.0718 1240        arusb(TP-LINK)  (d8aa72b3760402b4a30925d9778e4688) H:\WINDOWS\system32\DRIVERS\arusb.sys
21:03:19.0750 1240        arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - warning
21:03:19.0750 1240        arusb(TP-LINK) - detected UnsignedFile.Multi.Generic (1)
21:03:19.0796 1240        asc - ok
21:03:19.0812 1240        asc3350p - ok
21:03:19.0812 1240        asc3550 - ok
21:03:19.0843 1240        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:19.0906 1240        AsyncMac - ok
21:03:19.0937 1240        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:20.0015 1240        atapi - ok
21:03:20.0015 1240        Atdisk - ok
21:03:20.0140 1240        ati2mtag        (c832bf76f003999d2e91e5115583c69e) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:03:20.0343 1240        ati2mtag - ok
21:03:20.0406 1240        AtiHdmiService  (e3b9fe6d478dc12ee9fb5169ee98d1ba) H:\WINDOWS\system32\drivers\AtiHdmi.sys
21:03:20.0437 1240        AtiHdmiService - ok
21:03:20.0468 1240        Atmarpc        (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:20.0531 1240        Atmarpc - ok
21:03:20.0593 1240        audstub        (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:20.0656 1240        audstub - ok
21:03:20.0718 1240        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) H:\Programme\Avira\AntiVir Desktop\avgio.sys
21:03:20.0734 1240        avgio - ok
21:03:20.0750 1240        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) H:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:03:20.0781 1240        avgntflt - ok
21:03:20.0843 1240        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) H:\WINDOWS\system32\DRIVERS\avipbb.sys
21:03:20.0859 1240        avipbb - ok
21:03:20.0875 1240        Beep            (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
21:03:20.0953 1240        Beep - ok
21:03:20.0984 1240        BT              (43467de7db414ac70a88fc2fa0916ef3) H:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:03:20.0984 1240        BT - ok
21:03:21.0000 1240        Btcsrusb        (cd4113699ce34fe4b63c99aaa13f10c1) H:\WINDOWS\system32\Drivers\btcusb.sys
21:03:21.0015 1240        Btcsrusb - ok
21:03:21.0078 1240        BtHidBus        (ac2e61482a57ea50730f8c2679f37040) H:\WINDOWS\system32\Drivers\BtHidBus.sys
21:03:21.0093 1240        BtHidBus - ok
21:03:21.0109 1240        btnetBUs        (6783c5c81bfb640469468a80dfa1ccb3) H:\WINDOWS\system32\Drivers\btnetBus.sys
21:03:21.0109 1240        btnetBUs - ok
21:03:21.0140 1240        cbfs3          (afab1d4cab04218cbab0ae69625d0d65) H:\WINDOWS\system32\drivers\cbfs3.sys
21:03:21.0140 1240        cbfs3 - ok
21:03:21.0171 1240        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:21.0234 1240        cbidf2k - ok
21:03:21.0312 1240        CCDECODE        (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:21.0375 1240        CCDECODE - ok
21:03:21.0390 1240        cd20xrnt - ok
21:03:21.0390 1240        Cdaudio        (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
21:03:21.0468 1240        Cdaudio - ok
21:03:21.0484 1240        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
21:03:21.0562 1240        Cdfs - ok
21:03:21.0562 1240        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
21:03:21.0640 1240        Cdrom - ok
21:03:21.0703 1240        chypcsc2        (e6ec1a13ad135e49b82647e3f666f1df) H:\WINDOWS\system32\DRIVERS\chypcsc2.sys
21:03:21.0718 1240        chypcsc2 ( UnsignedFile.Multi.Generic ) - warning
21:03:21.0718 1240        chypcsc2 - detected UnsignedFile.Multi.Generic (1)
21:03:21.0734 1240        CHYSCK2K        (32e741dfba5df0cdf6e5a869c8f4e36c) H:\WINDOWS\system32\Drivers\ChySck2k.sys
21:03:21.0750 1240        CHYSCK2K - ok
21:03:21.0765 1240        CmdIde - ok
21:03:21.0765 1240        Cpqarray - ok
21:03:21.0812 1240        CrystalSysInfo  (f054744f67576a01139885173392502b) H:\Programme\MediaCoder\SysInfo.sys
21:03:21.0828 1240        CrystalSysInfo - ok
21:03:21.0875 1240        dac2w2k - ok
21:03:21.0875 1240        dac960nt - ok
21:03:21.0906 1240        DCamUSBEMPIA    (45a46a0af042f8bfe86a8d3b3b289a31) H:\WINDOWS\system32\DRIVERS\emDevice.sys
21:03:21.0953 1240        DCamUSBEMPIA - ok
21:03:21.0984 1240        DCamUSBMSETUP  (fa00c4d26887feb2ec252742ebe0fa26) H:\WINDOWS\system32\DRIVERS\MSETUPW2.sys
21:03:22.0000 1240        DCamUSBMSETUP ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0000 1240        DCamUSBMSETUP - detected UnsignedFile.Multi.Generic (1)
21:03:22.0062 1240        DCDisk          (11179bba0c9840f7f44cb786b5228bfa) H:\WINDOWS\system32\drivers\DCDisk.sys
21:03:22.0062 1240        DCDisk ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0062 1240        DCDisk - detected UnsignedFile.Multi.Generic (1)
21:03:22.0093 1240        dcsnap          (029f86c522b792e926cd05efadc01871) H:\WINDOWS\system32\drivers\dcsnap.sys
21:03:22.0093 1240        dcsnap ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0093 1240        dcsnap - detected UnsignedFile.Multi.Generic (1)
21:03:22.0109 1240        Disk            (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
21:03:22.0187 1240        Disk - ok
21:03:22.0203 1240        DLPortIO        (1d95d36db805787d54eb50e45ed4af40) H:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
21:03:22.0218 1240        DLPortIO ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0218 1240        DLPortIO - detected UnsignedFile.Multi.Generic (1)
21:03:22.0296 1240        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\WINDOWS\system32\drivers\dmboot.sys
21:03:22.0375 1240        dmboot - ok
21:03:22.0390 1240        dmio            (53720ab12b48719d00e327da470a619a) H:\WINDOWS\system32\drivers\dmio.sys
21:03:22.0468 1240        dmio - ok
21:03:22.0484 1240        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
21:03:22.0546 1240        dmload - ok
21:03:22.0578 1240        DMusic          (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
21:03:22.0656 1240        DMusic - ok
21:03:22.0703 1240        dpti2o - ok
21:03:22.0718 1240        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
21:03:22.0781 1240        drmkaud - ok
21:03:22.0796 1240        DrvAgent32      (651554e483712b708ede864d0ca1aa73) H:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:03:22.0812 1240        DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0812 1240        DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
21:03:22.0843 1240        DS1410D        (20747e2cd3ae1f390feb8b18b522aac8) H:\WINDOWS\system32\drivers\DS1410D.sys
21:03:22.0843 1240        DS1410D ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0843 1240        DS1410D - detected UnsignedFile.Multi.Generic (1)
21:03:22.0921 1240        DS2490          (6d64679e932c2f666e5c42e51f5a8e84) H:\WINDOWS\system32\Drivers\DS2490.sys
21:03:22.0921 1240        DS2490 ( UnsignedFile.Multi.Generic ) - warning
21:03:22.0921 1240        DS2490 - detected UnsignedFile.Multi.Generic (1)
21:03:22.0921 1240        DumpIt - ok
21:03:22.0953 1240        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) H:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:03:22.0953 1240        ElbyCDIO - ok
21:03:22.0984 1240        epmntdrv        (f07ba56b0235f15eff8f10dc6389c42e) H:\WINDOWS\system32\epmntdrv.sys
21:03:23.0000 1240        epmntdrv ( UnsignedFile.Multi.Generic ) - warning
21:03:23.0000 1240        epmntdrv - detected UnsignedFile.Multi.Generic (1)
21:03:23.0015 1240        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) H:\WINDOWS\system32\EuGdiDrv.sys
21:03:23.0031 1240        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
21:03:23.0031 1240        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
21:03:23.0093 1240        Fastfat        (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
21:03:23.0156 1240        Fastfat - ok
21:03:23.0171 1240        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys
21:03:23.0250 1240        Fdc - ok
21:03:23.0265 1240        FiltUSBEMPIA    (32093e294ef997d7920473f029515948) H:\WINDOWS\system32\DRIVERS\emFilter.sys
21:03:23.0281 1240        FiltUSBEMPIA - ok
21:03:23.0296 1240        Fips            (b0678a548587c5f1967b0d70bacad6c1) H:\WINDOWS\system32\drivers\Fips.sys
21:03:23.0375 1240        Fips - ok
21:03:23.0437 1240        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:03:23.0500 1240        Flpydisk - ok
21:03:23.0531 1240        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:03:23.0593 1240        FltMgr - ok
21:03:23.0671 1240        FreshIO        (caac750e6d27866c28494e0de9fa802a) H:\Programme\FreshDevices\FreshDiagnose\FreshIO.sys
21:03:23.0671 1240        FreshIO ( UnsignedFile.Multi.Generic ) - warning
21:03:23.0671 1240        FreshIO - detected UnsignedFile.Multi.Generic (1)
21:03:23.0734 1240        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:23.0812 1240        Fs_Rec - ok
21:03:23.0843 1240        FTD2XX          (82943df950458d4e0f5710136d3583fa) H:\WINDOWS\system32\Drivers\FTD2XX.sys
21:03:23.0843 1240        FTD2XX - ok
21:03:23.0859 1240        FTDIBUS        (aae37f0f2f613218dce17b42a18c38db) H:\WINDOWS\system32\drivers\ftdibus.sys
21:03:23.0875 1240        FTDIBUS - ok
21:03:23.0890 1240        Ftdisk          (8f1955ce42e1484714b542f341647778) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:23.0953 1240        Ftdisk - ok
21:03:24.0015 1240        FTSER2K        (48bfd1ba45c9c9e7ab339e25abfba1d2) H:\WINDOWS\system32\drivers\ftser2k.sys
21:03:24.0031 1240        FTSER2K - ok
21:03:24.0046 1240        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:24.0125 1240        Gpc - ok
21:03:24.0140 1240        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:24.0218 1240        HDAudBus - ok
21:03:24.0234 1240        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:24.0312 1240        hidusb - ok
21:03:24.0375 1240        hotcore3        (4b6d6cb77a88d381234c1954ac19f54b) H:\WINDOWS\system32\DRIVERS\hotcore3.sys
21:03:24.0390 1240        hotcore3 - ok
21:03:24.0390 1240        hpn - ok
21:03:24.0421 1240        HTTP            (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
21:03:24.0437 1240        HTTP - ok
21:03:24.0500 1240        HWiNFO32        (1a4ea4266acb04cf9f6b733302ac312f) H:\Programme\HWiNFO32\HWiNFO32.SYS
21:03:24.0500 1240        HWiNFO32 - ok
21:03:24.0562 1240        i2omp - ok
21:03:24.0578 1240        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:03:24.0656 1240        i8042prt - ok
21:03:24.0671 1240        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:24.0750 1240        Imapi - ok
21:03:24.0750 1240        ini910u - ok
21:03:24.0765 1240        IntelIde - ok
21:03:24.0781 1240        io.sys          (5e333b8c20fb4a48c8ca3cf3489cd235) H:\WINDOWS\system32\drivers\io.sys
21:03:24.0796 1240        io.sys ( UnsignedFile.Multi.Generic ) - warning
21:03:24.0796 1240        io.sys - detected UnsignedFile.Multi.Generic (1)
21:03:24.0859 1240        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:03:24.0937 1240        Ip6Fw - ok
21:03:24.0953 1240        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:25.0031 1240        IpFilterDriver - ok
21:03:25.0046 1240        IpInIp          (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:25.0109 1240        IpInIp - ok
21:03:25.0125 1240        IpNat          (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:25.0203 1240        IpNat - ok
21:03:25.0265 1240        IPSec          (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:25.0328 1240        IPSec - ok
21:03:25.0359 1240        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:25.0390 1240        IRENUM - ok
21:03:25.0406 1240        isapnp          (6dfb88f64135c525433e87648bda30de) H:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:25.0484 1240        isapnp - ok
21:03:25.0500 1240        IvtBtBUs        (01cbb39001afda1152f3fce15ab646ea) H:\WINDOWS\system32\Drivers\IvtBtBus.sys
21:03:25.0500 1240        IvtBtBUs - ok
21:03:25.0578 1240        Kbdclass        (1704d8c4c8807b889e43c649b478a452) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:25.0640 1240        Kbdclass - ok
21:03:25.0656 1240        kmixer          (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
21:03:25.0750 1240        kmixer - ok
21:03:25.0765 1240        KSecDD          (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
21:03:25.0796 1240        KSecDD - ok
21:03:25.0859 1240        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) H:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
21:03:25.0875 1240        Lavasoft Kernexplorer - ok
21:03:25.0937 1240        Lbd            (336abe8721cbc3110f1c6426da633417) H:\WINDOWS\system32\DRIVERS\Lbd.sys
21:03:25.0953 1240        Lbd - ok
21:03:26.0015 1240        MagixASIODrv    (34933232c17fbbfe2e224e5c536a48cf) H:\Programme\MAGIX\Samplitude_10_SE\mxasio.sys
21:03:26.0031 1240        MagixASIODrv ( UnsignedFile.Multi.Generic ) - warning
21:03:26.0031 1240        MagixASIODrv - detected UnsignedFile.Multi.Generic (1)
21:03:26.0109 1240        mf              (a7da20ab18a1bdae28b0f349e57da0d1) H:\WINDOWS\system32\DRIVERS\mf.sys
21:03:26.0171 1240        mf - ok
21:03:26.0187 1240        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
21:03:26.0250 1240        mnmdd - ok
21:03:26.0281 1240        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) H:\WINDOWS\system32\drivers\Modem.sys
21:03:26.0343 1240        Modem - ok
21:03:26.0781 1240        MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) H:\WINDOWS\system32\drivers\MODEMCSA.sys
21:03:26.0843 1240        MODEMCSA - ok
21:03:27.0078 1240        Mouclass        (b24ce8005deab254c0251e15cb71d802) H:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:27.0171 1240        Mouclass - ok
21:03:27.0234 1240        mouhid          (66a6f73c74e1791464160a7065ce711a) H:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:27.0312 1240        mouhid - ok
21:03:27.0328 1240        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
21:03:27.0406 1240        MountMgr - ok
21:03:27.0468 1240        MPE            (c0f8e0c2c3c0437cf37c6781896dc3ec) H:\WINDOWS\system32\DRIVERS\MPE.sys
21:03:27.0531 1240        MPE - ok
21:03:27.0531 1240        mraid35x - ok
21:03:27.0546 1240        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:27.0609 1240        MRxDAV - ok
21:03:27.0640 1240        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:27.0671 1240        MRxSmb - ok
21:03:27.0718 1240        Msfs            (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
21:03:27.0796 1240        Msfs - ok
21:03:27.0828 1240        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:27.0890 1240        MSKSSRV - ok
21:03:27.0906 1240        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:27.0968 1240        MSPCLOCK - ok
21:03:27.0984 1240        MSPQM          (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
21:03:28.0046 1240        MSPQM - ok
21:03:28.0125 1240        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:28.0187 1240        mssmbios - ok
21:03:28.0203 1240        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
21:03:28.0265 1240        MSTEE - ok
21:03:28.0296 1240        Mup            (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
21:03:28.0312 1240        Mup - ok
21:03:28.0328 1240        mv2            (a0f0b16316276017e682410b5612a707) H:\WINDOWS\system32\DRIVERS\mv2.sys
21:03:28.0343 1240        mv2 - ok
21:03:28.0406 1240        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:28.0484 1240        NABTSFEC - ok
21:03:28.0515 1240        NDIS            (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
21:03:28.0578 1240        NDIS - ok
21:03:28.0593 1240        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:28.0656 1240        NdisIP - ok
21:03:28.0718 1240        NDISLOOP        (ba3402f4d62bfd73bca573667007fb11) H:\WINDOWS\system32\DRIVERS\ndisloop.sys
21:03:28.0718 1240        NDISLOOP ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0718 1240        NDISLOOP - detected UnsignedFile.Multi.Generic (1)
21:03:28.0734 1240        NdisTapi        (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:28.0765 1240        NdisTapi - ok
21:03:28.0781 1240        Ndisuio        (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:28.0859 1240        Ndisuio - ok
21:03:28.0937 1240        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:29.0000 1240        NdisWan - ok
21:03:29.0015 1240        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
21:03:29.0062 1240        NDProxy - ok
21:03:29.0078 1240        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:29.0140 1240        NetBIOS - ok
21:03:29.0218 1240        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:29.0281 1240        NetBT - ok
21:03:29.0359 1240        NmPar          (241c985de3ab9f73568fe3b181dc70f4) H:\WINDOWS\system32\DRIVERS\NmPar.sys
21:03:29.0406 1240        NmPar - ok
21:03:29.0468 1240        nmserial        (6489dd8e27d70bee2897681b46b76bd1) H:\WINDOWS\system32\DRIVERS\nmserial.sys
21:03:29.0484 1240        nmserial - ok
21:03:29.0515 1240        NPF            (b9730495e0cf674680121e34bd95a73b) H:\WINDOWS\system32\drivers\npf.sys
21:03:29.0515 1240        NPF - ok
21:03:29.0531 1240        Npfs            (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
21:03:29.0609 1240        Npfs - ok
21:03:29.0656 1240        NSNDIS5        (53f7546e8daefb3a0813f5e19c4613c9) H:\WINDOWS\system32\NSNDIS5.SYS
21:03:29.0687 1240        NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
21:03:29.0687 1240        NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
21:03:29.0718 1240        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
21:03:29.0781 1240        Ntfs - ok
21:03:29.0812 1240        Null            (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
21:03:29.0875 1240        Null - ok
21:03:29.0937 1240        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:30.0000 1240        NwlnkFlt - ok
21:03:30.0015 1240        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:30.0078 1240        NwlnkFwd - ok
21:03:30.0109 1240        PAC7311        (95bd9287b49b01a3cf2488af8a1ac312) H:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
21:03:30.0140 1240        PAC7311 - ok
21:03:30.0156 1240        Parport        (f84785660305b9b903fb3bca8ba29837) H:\WINDOWS\system32\drivers\Parport.sys
21:03:30.0234 1240        Parport - ok
21:03:30.0281 1240        PartMgr        (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
21:03:30.0359 1240        PartMgr - ok
21:03:30.0375 1240        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\WINDOWS\system32\drivers\ParVdm.sys
21:03:30.0437 1240        ParVdm - ok
21:03:30.0453 1240        PCI            (387e8dedc343aa2d1efbc30580273acd) H:\WINDOWS\system32\DRIVERS\pci.sys
21:03:30.0515 1240        PCI - ok
21:03:30.0531 1240        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) H:\WINDOWS\system32\DRIVERS\pciide.sys
21:03:30.0593 1240        PCIIde - ok
21:03:30.0625 1240        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) H:\WINDOWS\system32\drivers\Pcmcia.sys
21:03:30.0687 1240        Pcmcia - ok
21:03:30.0734 1240        perc2 - ok
21:03:30.0750 1240        perc2hib - ok
21:03:30.0765 1240        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
21:03:30.0828 1240        PptpMiniport - ok
21:03:30.0859 1240        prcmondrv      (0c0d173c2a6f790baee8d4cc48a1ef59) H:\WINDOWS\system32\drivers\prcmondrv1041.sys
21:03:30.0859 1240        prcmondrv ( UnsignedFile.Multi.Generic ) - warning
21:03:30.0859 1240        prcmondrv - detected UnsignedFile.Multi.Generic (1)
21:03:30.0890 1240        Processor      (2cb55427c58679f49ad600fccba76360) H:\WINDOWS\system32\DRIVERS\processr.sys
21:03:30.0937 1240        Processor - ok
21:03:30.0968 1240        PSched          (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
21:03:31.0031 1240        PSched - ok
21:03:31.0093 1240        PSI            (14e6fb92f1788982e2bbc81d915b1f02) H:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:03:31.0109 1240        PSI - ok
21:03:31.0125 1240        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
21:03:31.0187 1240        Ptilink - ok
21:03:31.0203 1240        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) H:\WINDOWS\system32\Drivers\PxHelp20.sys
21:03:31.0218 1240        PxHelp20 - ok
21:03:31.0218 1240        ql1080 - ok
21:03:31.0234 1240        Ql10wnt - ok
21:03:31.0234 1240        ql12160 - ok
21:03:31.0234 1240        ql1240 - ok
21:03:31.0250 1240        ql1280 - ok
21:03:31.0250 1240        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
21:03:31.0328 1240        RasAcd - ok
21:03:31.0390 1240        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:03:31.0453 1240        Rasl2tp - ok
21:03:31.0468 1240        RasPppoe        (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:03:31.0531 1240        RasPppoe - ok
21:03:31.0546 1240        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
21:03:31.0625 1240        Raspti - ok
21:03:31.0640 1240        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
21:03:31.0703 1240        Rdbss - ok
21:03:31.0765 1240        RDID1021        (bb3726f807b3cff6660048bcbf343490) H:\WINDOWS\system32\Drivers\rdwm1021.sys
21:03:31.0765 1240        RDID1021 ( UnsignedFile.Multi.Generic ) - warning
21:03:31.0765 1240        RDID1021 - detected UnsignedFile.Multi.Generic (1)
21:03:31.0796 1240        RDPCDD          (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:03:31.0859 1240        RDPCDD - ok
21:03:31.0890 1240        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) H:\WINDOWS\system32\drivers\RDPWD.sys
21:03:31.0906 1240        RDPWD - ok
21:03:32.0000 1240        redbook        (ed761d453856f795a7fe056e42c36365) H:\WINDOWS\system32\DRIVERS\redbook.sys
21:03:32.0062 1240        redbook - ok
21:03:32.0093 1240        RTLE8023xp      (1323ba3ca4e8d863eb00cd81c0aaf356) H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:03:32.0093 1240        RTLE8023xp - ok
21:03:32.0109 1240        SAllBDA        (4fabeae0acc6df39d7595ffcf951ee9d) H:\WINDOWS\system32\Drivers\TeViiSAll.sys
21:03:32.0125 1240        SAllBDA - ok
21:03:32.0171 1240        SbieDrv        (4dc71d072aa8cc54634469b22120bdb8) H:\Programme\Sandboxie\SbieDrv.sys
21:03:32.0187 1240        SbieDrv - ok
21:03:32.0250 1240        ScanUSBEMPIA    (9202c8474937fa710accfbc9c6e9a769) H:\WINDOWS\system32\DRIVERS\emScan.sys
21:03:32.0265 1240        ScanUSBEMPIA - ok
21:03:32.0281 1240        Scutum50        (f34c06d1c706a6d9433570b087a18b02) H:\WINDOWS\system32\Drivers\Scutum50.sys
21:03:32.0281 1240        Scutum50 ( UnsignedFile.Multi.Generic ) - warning
21:03:32.0281 1240        Scutum50 - detected UnsignedFile.Multi.Generic (1)
21:03:32.0296 1240        Secdrv          (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
21:03:32.0343 1240        Secdrv - ok
21:03:32.0406 1240        serenum        (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
21:03:32.0468 1240        serenum - ok
21:03:32.0500 1240        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) H:\WINDOWS\system32\DRIVERS\serial.sys
21:03:32.0562 1240        Serial - ok
21:03:32.0593 1240        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
21:03:32.0656 1240        Sfloppy - ok
21:03:32.0656 1240        Simbad - ok
21:03:32.0671 1240        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
21:03:32.0734 1240        SLIP - ok
21:03:32.0812 1240        snapman        (c3bf55189aa92b8f919108ef9e4accae) H:\WINDOWS\system32\DRIVERS\snapman.sys
21:03:32.0828 1240        snapman - ok
21:03:32.0843 1240        Soluto          (ff35c2d01ac36b446a1b997f305f0fc2) H:\WINDOWS\system32\DRIVERS\Soluto.sys
21:03:32.0843 1240        Soluto - ok
21:03:32.0859 1240        Sparrow - ok
21:03:32.0875 1240        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
21:03:32.0937 1240        splitter - ok
21:03:32.0953 1240        sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) H:\WINDOWS\system32\Drivers\sptd.sys
21:03:32.0984 1240        sptd - ok
21:03:33.0015 1240        sr              (50fa898f8c032796d3b1b9951bb5a90f) H:\WINDOWS\system32\DRIVERS\sr.sys
21:03:33.0046 1240        sr - ok
21:03:33.0078 1240        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
21:03:33.0109 1240        Srv - ok
21:03:33.0187 1240        ssmdrv          (a36ee93698802cd899f98bfd553d8185) H:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:03:33.0187 1240        ssmdrv - ok
21:03:33.0218 1240        StarOpen        (e57b778208c783d8debab320c16a1b82) H:\WINDOWS\system32\drivers\StarOpen.sys
21:03:33.0218 1240        StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:03:33.0218 1240        StarOpen - detected UnsignedFile.Multi.Generic (1)
21:03:33.0265 1240        STHDA          (376f5cb88c4a176c4e2d6ac9a6226b1e) H:\WINDOWS\system32\drivers\sthda.sys
21:03:33.0328 1240        STHDA - ok
21:03:33.0406 1240        streamip        (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:03:33.0484 1240        streamip - ok
21:03:33.0500 1240        swenum          (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
21:03:33.0562 1240        swenum - ok
21:03:33.0593 1240        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
21:03:33.0656 1240        swmidi - ok
21:03:33.0703 1240        symc810 - ok
21:03:33.0718 1240        symc8xx - ok
21:03:33.0718 1240        sym_hi - ok
21:03:33.0718 1240        sym_u3 - ok
21:03:33.0734 1240        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
21:03:33.0796 1240        sysaudio - ok
21:03:33.0828 1240        tap0901        (1e89de7a4fb7a854ebb241d0aa8996dd) H:\WINDOWS\system32\DRIVERS\tap0901.sys
21:03:33.0828 1240        tap0901 ( UnsignedFile.Multi.Generic ) - warning
21:03:33.0828 1240        tap0901 - detected UnsignedFile.Multi.Generic (1)
21:03:33.0859 1240        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
21:03:33.0890 1240        Tcpip - ok
21:03:33.0953 1240        TDPIPE          (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
21:03:34.0031 1240        TDPIPE - ok
21:03:34.0062 1240        tdrpman        (3b7b6779eb231f731bba8f9fe67aadfc) H:\WINDOWS\system32\DRIVERS\tdrpman.sys
21:03:34.0078 1240        tdrpman - ok
21:03:34.0093 1240        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
21:03:34.0156 1240        TDTCP - ok
21:03:34.0187 1240        TermDD          (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
21:03:34.0265 1240        TermDD - ok
21:03:34.0281 1240        TfFsMon        (95746e5b1473432f3d9458940dba6e3a) H:\WINDOWS\system32\drivers\TfFsMon.sys
21:03:34.0281 1240        TfFsMon - ok
21:03:34.0296 1240        TfNetMon        (02ffdd873e31c5c2d57ca87d11ec36af) H:\WINDOWS\system32\drivers\TfNetMon.sys
21:03:34.0312 1240        TfNetMon - ok
21:03:34.0312 1240        TfSysMon        (f8bd92251ab439383c051ce907d78cce) H:\WINDOWS\system32\drivers\TfSysMon.sys
21:03:34.0328 1240        TfSysMon - ok
21:03:34.0343 1240        tifsfilter      (b0b3122bff3910e0ba97014045467778) H:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:03:34.0343 1240        tifsfilter - ok
21:03:34.0359 1240        timounter      (13bfe330880ac0ce8672d00aa5aff738) H:\WINDOWS\system32\DRIVERS\timntr.sys
21:03:34.0375 1240        timounter - ok
21:03:34.0390 1240        TosIde - ok
21:03:34.0421 1240        TTDVBUSB        (80c1bb018abca0ae7048d998cc4dae89) H:\WINDOWS\system32\Drivers\ttdvbusb.sys
21:03:34.0421 1240        TTDVBUSB ( UnsignedFile.Multi.Generic ) - warning
21:03:34.0421 1240        TTDVBUSB - detected UnsignedFile.Multi.Generic (1)
21:03:34.0484 1240        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) H:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
21:03:34.0484 1240        TuneUpUtilitiesDrv - ok
21:03:34.0562 1240        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
21:03:34.0625 1240        Udfs - ok
21:03:34.0656 1240        UimBus          (de1b2980484aaf20a1dd8b743f96284b) H:\WINDOWS\system32\DRIVERS\UimBus.sys
21:03:34.0656 1240        UimBus - ok
21:03:34.0671 1240        Uim_IM          (e40d444bc1d1fbc2cadfbcc99551bae0) H:\WINDOWS\system32\Drivers\Uim_IM.sys
21:03:34.0687 1240        Uim_IM - ok
21:03:34.0687 1240        ultra - ok
21:03:34.0718 1240        Update          (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
21:03:34.0781 1240        Update - ok
21:03:34.0859 1240        USB28xxBGA      (68a00f7bd18bc3af2d98a75142e1c74e) H:\WINDOWS\system32\DRIVERS\emBDA.sys
21:03:34.0859 1240        USB28xxBGA - ok
21:03:34.0875 1240        USB28xxOEM      (d52f4fc7788d670a78b2c253717b5330) H:\WINDOWS\system32\DRIVERS\emOEM.sys
21:03:34.0890 1240        USB28xxOEM - ok
21:03:34.0921 1240        usbaudio        (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
21:03:34.0984 1240        usbaudio - ok
21:03:35.0015 1240        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:03:35.0078 1240        usbccgp - ok
21:03:35.0140 1240        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
21:03:35.0218 1240        usbehci - ok
21:03:35.0218 1240        usbhub          (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
21:03:35.0281 1240        usbhub - ok
21:03:35.0281 1240        usbohci        (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
21:03:35.0343 1240        usbohci - ok
21:03:35.0359 1240        usbprint        (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
21:03:35.0437 1240        usbprint - ok
21:03:35.0468 1240        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
21:03:35.0531 1240        usbscan - ok
21:03:35.0578 1240        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:03:35.0640 1240        usbstor - ok
21:03:35.0671 1240        VClone          (fce98c43b5c5db8e0da8ea0e2b45e044) H:\WINDOWS\system32\DRIVERS\VClone.sys
21:03:35.0671 1240        VClone ( UnsignedFile.Multi.Generic ) - warning
21:03:35.0671 1240        VClone - detected UnsignedFile.Multi.Generic (1)
21:03:35.0703 1240        VComm          (025c2a8cba0ab595d3461d278eff5793) H:\WINDOWS\system32\DRIVERS\VComm.sys
21:03:35.0703 1240        VComm - ok
21:03:35.0750 1240        VcommMgr        (95ddf14292354887d7d8c8a0881c7485) H:\WINDOWS\system32\Drivers\VcommMgr.sys
21:03:35.0765 1240        VcommMgr - ok
21:03:35.0781 1240        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
21:03:35.0843 1240        VgaSave - ok
21:03:35.0859 1240        ViaIde - ok
21:03:35.0859 1240        VolSnap        (a5a712f4e880874a477af790b5186e1d) H:\WINDOWS\system32\drivers\VolSnap.sys
21:03:35.0921 1240        VolSnap - ok
21:03:35.0953 1240        Wanarp          (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
21:03:36.0015 1240        Wanarp - ok
21:03:36.0046 1240        wdmaud          (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
21:03:36.0125 1240        wdmaud - ok
21:03:36.0156 1240        WinUSB          (30fc6e5448d0cbaaa95280eeef7fedae) H:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:03:36.0171 1240        WinUSB - ok
21:03:36.0218 1240        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:03:36.0265 1240        WSTCODEC - ok
21:03:36.0296 1240        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:03:36.0328 1240        WudfPf - ok
21:03:36.0343 1240        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:03:36.0359 1240        WudfRd - ok
21:03:36.0375 1240        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:03:36.0609 1240        \Device\Harddisk0\DR0 - ok
21:03:36.0671 1240        MBR (0x1B8)    (63b034a01fb3d248c4e9a8e71e9b33e3) \Device\Harddisk1\DR10
21:03:36.0703 1240        \Device\Harddisk1\DR10 - ok
21:03:36.0703 1240        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR13
21:03:36.0953 1240        \Device\Harddisk4\DR13 - ok
21:03:36.0953 1240        Boot (0x1200)  (dfd50145e1ac0c9fb34a315e1c31181b) \Device\Harddisk0\DR0\Partition0
21:03:36.0953 1240        \Device\Harddisk0\DR0\Partition0 - ok
21:03:36.0953 1240        Boot (0x1200)  (3b5a90576b7bde20c7dbf7397883b273) \Device\Harddisk0\DR0\Partition1
21:03:36.0953 1240        \Device\Harddisk0\DR0\Partition1 - ok
21:03:36.0968 1240        Boot (0x1200)  (958adba0bdaf6519b4d8af61fdb9607f) \Device\Harddisk0\DR0\Partition2
21:03:36.0968 1240        \Device\Harddisk0\DR0\Partition2 - ok
21:03:36.0968 1240        Boot (0x1200)  (36137006dd6b4a700de005f36f90ae33) \Device\Harddisk0\DR0\Partition3
21:03:36.0984 1240        \Device\Harddisk0\DR0\Partition3 - ok
21:03:36.0984 1240        Boot (0x1200)  (0c0d4915f16fa92a3e6bf2eedfd973c7) \Device\Harddisk0\DR0\Partition4
21:03:36.0984 1240        \Device\Harddisk0\DR0\Partition4 - ok
21:03:37.0000 1240        Boot (0x1200)  (79c9263f4775282423e4d53b567b138e) \Device\Harddisk0\DR0\Partition5
21:03:37.0000 1240        \Device\Harddisk0\DR0\Partition5 - ok
21:03:37.0000 1240        Boot (0x1200)  (cc438332ea61bc20937e9e0300041a12) \Device\Harddisk0\DR0\Partition6
21:03:37.0000 1240        \Device\Harddisk0\DR0\Partition6 - ok
21:03:37.0015 1240        Boot (0x1200)  (6a3916aaccb11e84d8b70cf28825077d) \Device\Harddisk0\DR0\Partition7
21:03:37.0015 1240        \Device\Harddisk0\DR0\Partition7 - ok
21:03:37.0015 1240        Boot (0x1200)  (11ee3160b712fb9b6015ea1b707f9a87) \Device\Harddisk0\DR0\Partition8
21:03:37.0015 1240        \Device\Harddisk0\DR0\Partition8 - ok
21:03:37.0015 1240        Boot (0x1200)  (76d6f32e3174f24d78f8730e2fbb0c6e) \Device\Harddisk4\DR13\Partition0
21:03:37.0015 1240        \Device\Harddisk4\DR13\Partition0 - ok
21:03:37.0015 1240        ============================================================
21:03:37.0015 1240        Scan finished
21:03:37.0015 1240        ============================================================
21:03:37.0125 5224        Detected object count: 23
21:03:37.0125 5224        Actual detected object count: 23
21:04:20.0312 5224        arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        chypcsc2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        chypcsc2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DCamUSBMSETUP ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DCamUSBMSETUP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DCDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DCDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        dcsnap ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        dcsnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DLPortIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DLPortIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DS1410D ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DS1410D ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        DS2490 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        DS2490 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        FreshIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        FreshIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        io.sys ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        io.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        MagixASIODrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        MagixASIODrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        NDISLOOP ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        NDISLOOP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0312 5224        NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0312 5224        NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        prcmondrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        prcmondrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        RDID1021 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        RDID1021 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        TTDVBUSB ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        TTDVBUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:20.0328 5224        VClone ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:20.0328 5224        VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
jvde

cosinus 01.03.2012 21:41
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:10 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19