Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit) (https://www.trojaner-board.de/111632-rootkit-verlangsamt-programmstart-copy-paste-vorgaenge-windows-xp-64bit.html)

Bundeshase 21.03.2012 17:20
Hi Arne,

ich benutze Windows XP 64bit, weil das hier eine professionelle Workstation ist - mein Musikstudio läuft auf dem Rechner hier. Ist für die Programme mit denen ich arbeite einfach die ressourcenschonenste und stabilste Art zu arbeiten...aber halt auch sehr anfällig :). Wegen IE6...puh, den benutz ich ja nie, da hab ich ihn auch nie geupdated...:D

Vielen vielen Dank erstmal!! Ich finde das Engagement auf dieser Seite hier einfach grandios. Das System läuft nach Ausführen des Fixes nochmal um einiges schneller. Hier der Log:



All processes killed
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ .
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceMixTray deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceTray deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF moved successfully.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr moved successfully.
C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 250728851 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 473570 bytes
->Google Chrome cache emptied: 134263687 bytes
->Flash cache emptied: 3084855 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168024 bytes
%systemroot%\System32 .tmp files removed: 4265 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176027 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 97500617 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 466,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.1 log created on 03212012_171321

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 22.03.2012 11:25
WindowsXP x64 ist nicht gerade verbreitet. Zudem sollten alle Ansprüche mit dem wesentlich besser unterstütztem Vista oder 7 x64 auch abgedeckt werden aber nun gut...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Bundeshase 22.03.2012 11:41
Hi Arne,

hier der TDSS-Log (uguru, fireface und nvnusbaudio sind von mir bekannte und verwendete Programme/Treiber, bei dem vierten bin ich mir aber nicht sicher):


Code:
11:39:40.0687 3188        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:39:41.0125 3188        ============================================================
11:39:41.0125 3188        Current date / time: 2012/03/22 11:39:41.0125
11:39:41.0125 3188        SystemInfo:
11:39:41.0125 3188       
11:39:41.0125 3188        OS Version: 5.2.3790 ServicePack: 2.0
11:39:41.0125 3188        Product type: Workstation
11:39:41.0125 3188        ComputerName: GREGSEN
11:39:41.0125 3188        UserName: Administrator
11:39:41.0125 3188        Windows directory: C:\WINDOWS
11:39:41.0125 3188        System windows directory: C:\WINDOWS
11:39:41.0125 3188        Running under WOW64
11:39:41.0125 3188        Processor architecture: Intel x64
11:39:41.0125 3188        Number of processors: 4
11:39:41.0125 3188        Page size: 0x1000
11:39:41.0125 3188        Boot type: Normal boot
11:39:41.0125 3188        ============================================================
11:39:42.0265 3188        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0296 3188        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0312 3188        Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:39:42.0312 3188        Drive \Device\Harddisk3\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:42.0312 3188        \Device\Harddisk0\DR0:
11:39:42.0312 3188        MBR used
11:39:42.0312 3188        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:39:42.0312 3188        \Device\Harddisk1\DR1:
11:39:42.0312 3188        MBR used
11:39:42.0312 3188        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:39:42.0312 3188        \Device\Harddisk2\DR2:
11:39:42.0312 3188        MBR used
11:39:42.0312 3188        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:39:42.0312 3188        \Device\Harddisk3\DR6:
11:39:42.0312 3188        MBR used
11:39:42.0312 3188        \Device\Harddisk3\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:39:42.0687 3188        Initialize success
11:39:42.0687 3188        ============================================================
11:40:09.0765 1800        ============================================================
11:40:09.0765 1800        Scan started
11:40:09.0765 1800        Mode: Manual; SigCheck; TDLFS;
11:40:09.0765 1800        ============================================================
11:40:10.0125 1800        Abiosdsk - ok
11:40:10.0171 1800        ACPI            (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:40:10.0828 1800        ACPI - ok
11:40:10.0906 1800        ACPIEC          (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:40:10.0984 1800        ACPIEC - ok
11:40:11.0000 1800        adpu160m - ok
11:40:11.0000 1800        adpu320 - ok
11:40:11.0062 1800        aec            (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
11:40:11.0109 1800        aec - ok
11:40:11.0156 1800        AeLookupSvc    (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
11:40:11.0203 1800        AeLookupSvc - ok
11:40:11.0265 1800        AFD            (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
11:40:11.0281 1800        AFD - ok
11:40:11.0281 1800        aic78u2 - ok
11:40:11.0281 1800        aic78xx - ok
11:40:11.0296 1800        Alerter        (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
11:40:11.0328 1800        Alerter - ok
11:40:11.0343 1800        ALG            (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
11:40:11.0375 1800        ALG - ok
11:40:11.0390 1800        AliIde - ok
11:40:11.0406 1800        AmdIde - ok
11:40:11.0421 1800        AppMgmt        (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
11:40:11.0453 1800        AppMgmt - ok
11:40:11.0453 1800        arc - ok
11:40:11.0500 1800        Arp1394        (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:40:11.0531 1800        Arp1394 - ok
11:40:11.0656 1800        aspnet_state    (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
11:40:11.0671 1800        aspnet_state - ok
11:40:11.0687 1800        AsyncMac        (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:40:11.0750 1800        AsyncMac - ok
11:40:11.0796 1800        atapi          (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:40:11.0828 1800        atapi - ok
11:40:11.0843 1800        Atdisk - ok
11:40:11.0859 1800        Atmarpc        (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:40:11.0890 1800        Atmarpc - ok
11:40:11.0937 1800        AudioSrv        (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
11:40:11.0968 1800        AudioSrv - ok
11:40:12.0015 1800        audstub        (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:40:12.0046 1800        audstub - ok
11:40:12.0187 1800        AVP            (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
11:40:12.0187 1800        AVP - ok
11:40:12.0234 1800        Beep            (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
11:40:12.0296 1800        Beep - ok
11:40:12.0343 1800        BITS            (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
11:40:12.0468 1800        BITS - ok
11:40:12.0515 1800        Browser        (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
11:40:12.0562 1800        Browser - ok
11:40:12.0562 1800        BTCFilterService - ok
11:40:12.0609 1800        CdaC15BA        (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
11:40:12.0671 1800        CdaC15BA - ok
11:40:12.0671 1800        CdaD10BA        (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
11:40:12.0703 1800        CdaD10BA - ok
11:40:12.0750 1800        Cdfs            (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
11:40:12.0796 1800        Cdfs - ok
11:40:12.0843 1800        Cdrom          (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:40:12.0906 1800        Cdrom - ok
11:40:12.0906 1800        Changer - ok
11:40:12.0921 1800        CiSvc          (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
11:40:12.0968 1800        CiSvc - ok
11:40:12.0984 1800        ClipSrv        (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
11:40:13.0015 1800        ClipSrv - ok
11:40:13.0093 1800        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:40:13.0093 1800        clr_optimization_v2.0.50727_32 - ok
11:40:13.0156 1800        clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:40:13.0171 1800        clr_optimization_v2.0.50727_64 - ok
11:40:13.0171 1800        CmdIde - ok
11:40:13.0187 1800        COMSysApp - ok
11:40:13.0187 1800        crcdisk        (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
11:40:13.0234 1800        crcdisk - ok
11:40:13.0265 1800        CryptSvc        (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
11:40:13.0359 1800        CryptSvc - ok
11:40:13.0390 1800        DcomLaunch      (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:40:13.0468 1800        DcomLaunch - ok
11:40:13.0546 1800        Dhcp            (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
11:40:13.0593 1800        Dhcp - ok
11:40:13.0640 1800        Disk            (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
11:40:13.0687 1800        Disk - ok
11:40:13.0687 1800        dmadmin - ok
11:40:13.0734 1800        dmboot          (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
11:40:13.0796 1800        dmboot - ok
11:40:13.0796 1800        dmio            (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
11:40:13.0843 1800        dmio - ok
11:40:13.0843 1800        dmload          (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
11:40:13.0906 1800        dmload - ok
11:40:13.0921 1800        dmserver        (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
11:40:13.0953 1800        dmserver - ok
11:40:14.0000 1800        Dnscache        (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
11:40:14.0031 1800        Dnscache - ok
11:40:14.0031 1800        dpti2o - ok
11:40:14.0046 1800        ERSvc          (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
11:40:14.0093 1800        ERSvc - ok
11:40:14.0156 1800        Eventlog        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:40:14.0171 1800        Eventlog - ok
11:40:14.0218 1800        EventSystem    (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
11:40:14.0234 1800        EventSystem - ok
11:40:14.0296 1800        Fastfat        (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
11:40:14.0343 1800        Fastfat - ok
11:40:14.0390 1800        Fdc            (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:40:14.0437 1800        Fdc - ok
11:40:14.0468 1800        Fips            (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
11:40:14.0500 1800        Fips - ok
11:40:14.0546 1800        fireface        (37b768e10a86f7c26f5d144b87e5170c) C:\WINDOWS\system32\drivers\fireface_64.sys
11:40:14.0546 1800        fireface ( UnsignedFile.Multi.Generic ) - warning
11:40:14.0546 1800        fireface - detected UnsignedFile.Multi.Generic (1)
11:40:14.0562 1800        Flpydisk        (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:40:14.0609 1800        Flpydisk - ok
11:40:14.0640 1800        FltMgr          (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:40:14.0671 1800        FltMgr - ok
11:40:14.0843 1800        FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
11:40:14.0843 1800        FontCache3.0.0.0 - ok
11:40:14.0875 1800        Fs_Rec          (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:40:14.0921 1800        Fs_Rec - ok
11:40:14.0937 1800        Ftdisk          (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:40:15.0000 1800        Ftdisk - ok
11:40:15.0015 1800        Gpc            (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:40:15.0046 1800        Gpc - ok
11:40:15.0156 1800        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:40:15.0171 1800        gupdate - ok
11:40:15.0218 1800        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:40:15.0234 1800        gupdatem - ok
11:40:15.0265 1800        hamachi - ok
11:40:15.0265 1800        Hamachi2Svc - ok
11:40:15.0312 1800        HDAudBus        (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:40:15.0343 1800        HDAudBus - ok
11:40:15.0406 1800        helpsvc        (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:40:15.0453 1800        helpsvc - ok
11:40:15.0484 1800        HidServ        (9648ad494be12b39acc2db638e2340a0) C:\WINDOWS\System32\hidserv.dll
11:40:15.0531 1800        HidServ - ok
11:40:15.0578 1800        hidusb          (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:40:15.0609 1800        hidusb - ok
11:40:15.0656 1800        HTTP            (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
11:40:15.0687 1800        HTTP - ok
11:40:15.0718 1800        HTTPFilter      (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
11:40:15.0765 1800        HTTPFilter - ok
11:40:15.0765 1800        i2omgmt - ok
11:40:15.0828 1800        i8042prt        (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:40:15.0859 1800        i8042prt - ok
11:40:15.0906 1800        IASJet - ok
11:40:16.0046 1800        idsvc          (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:40:16.0093 1800        idsvc - ok
11:40:16.0093 1800        iirsp - ok
11:40:16.0125 1800        imapi          (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:40:16.0187 1800        imapi - ok
11:40:16.0234 1800        ImapiService    (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
11:40:16.0296 1800        ImapiService - ok
11:40:16.0500 1800        IntcAzAudAddService (fc000101e3d3aef951a57e8d32f0aed9) C:\WINDOWS\system32\drivers\RTKHDA64.SYS
11:40:16.0937 1800        IntcAzAudAddService - ok
11:40:16.0984 1800        IntelIde - ok
11:40:17.0031 1800        intelppm        (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:40:17.0078 1800        intelppm - ok
11:40:17.0109 1800        Ip6Fw          (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:40:17.0171 1800        Ip6Fw - ok
11:40:17.0187 1800        IpFilterDriver  (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:40:17.0250 1800        IpFilterDriver - ok
11:40:17.0250 1800        IpInIp - ok
11:40:17.0265 1800        IpNat          (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:40:17.0328 1800        IpNat - ok
11:40:17.0375 1800        IPSec          (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:40:17.0500 1800        IPSec - ok
11:40:17.0531 1800        IRENUM          (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:40:17.0578 1800        IRENUM - ok
11:40:17.0625 1800        isapnp          (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:40:17.0671 1800        isapnp - ok
11:40:17.0781 1800        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files (x86)\Java\jre6\bin\jqs.exe
11:40:17.0796 1800        JavaQuickStarterService - ok
11:40:17.0828 1800        JRAID          (50b9060d11c4c2aaebacb2263972eff2) C:\WINDOWS\system32\DRIVERS\jraid.sys
11:40:17.0875 1800        JRAID - ok
11:40:17.0906 1800        Kbdclass        (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:40:17.0953 1800        Kbdclass - ok
11:40:18.0015 1800        KL1            (e656fe10d6d27794afa08136685a69e8) C:\WINDOWS\system32\DRIVERS\kl1.sys
11:40:18.0031 1800        KL1 - ok
11:40:18.0046 1800        kl2            (d865dd8b0448e3f963d68c04c532858f) C:\WINDOWS\system32\DRIVERS\kl2.sys
11:40:18.0062 1800        kl2 - ok
11:40:18.0093 1800        KLIF            (b86a9608c9e07caf205d44d53182e5f5) C:\WINDOWS\system32\DRIVERS\klif.sys
11:40:18.0109 1800        KLIF - ok
11:40:18.0171 1800        klim5          (bc18d092961889f4b9eb095721edfbdd) C:\WINDOWS\system32\DRIVERS\klim5.sys
11:40:18.0171 1800        klim5 - ok
11:40:18.0203 1800        klmouflt        (f34f151ac2400b82c2a314dbe8684661) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
11:40:18.0218 1800        klmouflt - ok
11:40:18.0265 1800        kmixer          (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
11:40:18.0312 1800        kmixer - ok
11:40:18.0359 1800        KORGUMDS        (a96473f1c76bb29849cb947c6c350445) C:\WINDOWS\system32\Drivers\KORGUM64.SYS
11:40:18.0359 1800        KORGUMDS - ok
11:40:18.0406 1800        KSecDD          (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
11:40:18.0406 1800        KSecDD - ok
11:40:18.0468 1800        ksthunk        (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
11:40:18.0515 1800        ksthunk - ok
11:40:18.0531 1800        L8042Kbd        (3fb80db5ec01b6153572d27438fbea20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
11:40:18.0531 1800        L8042Kbd - ok
11:40:18.0562 1800        L8042mou        (d3693364aa9ac82fb0b78680bc7f423b) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
11:40:18.0562 1800        L8042mou - ok
11:40:18.0609 1800        lanmanserver    (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
11:40:18.0625 1800        lanmanserver - ok
11:40:18.0671 1800        lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
11:40:18.0703 1800        lanmanworkstation - ok
11:40:18.0703 1800        LBeepKE        (2c5f11ee4f699b9a5e464053c99bcd21) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:40:18.0718 1800        LBeepKE - ok
11:40:18.0781 1800        LBTServ        (3f98db70009e420c332f48891de39fba) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:40:18.0796 1800        LBTServ - ok
11:40:18.0828 1800        LHidFilt        (b45686101f9473b52d7a501c544dda5d) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:40:18.0843 1800        LHidFilt - ok
11:40:18.0890 1800        LmHosts        (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
11:40:18.0937 1800        LmHosts - ok
11:40:18.0953 1800        LMouFilt        (9980bb086248ca45772eff2559aa62d3) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:40:18.0968 1800        LMouFilt - ok
11:40:18.0984 1800        LMouKE          (0d9eb835d2be6545dca23bf9bbfd437e) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
11:40:18.0984 1800        LMouKE - ok
11:40:19.0015 1800        LUsbFilt        (a1eb1db073972c7ce252daa3456bbbe7) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:40:19.0031 1800        LUsbFilt - ok
11:40:19.0046 1800        Messenger      (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
11:40:19.0093 1800        Messenger - ok
11:40:19.0140 1800        mnmdd          (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
11:40:19.0187 1800        mnmdd - ok
11:40:19.0187 1800        mnmsrvc - ok
11:40:19.0234 1800        Modem          (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
11:40:19.0281 1800        Modem - ok
11:40:19.0312 1800        motccgp - ok
11:40:19.0328 1800        motccgpfl - ok
11:40:19.0328 1800        motmodem - ok
11:40:19.0328 1800        MotoSwitchService - ok
11:40:19.0343 1800        Motousbnet - ok
11:40:19.0343 1800        motusbdevice - ok
11:40:19.0406 1800        Mouclass        (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:40:19.0437 1800        Mouclass - ok
11:40:19.0468 1800        mouhid          (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:40:19.0515 1800        mouhid - ok
11:40:19.0562 1800        MountMgr        (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
11:40:19.0609 1800        MountMgr - ok
11:40:19.0625 1800        mraid35x - ok
11:40:19.0656 1800        MRxDAV          (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:40:19.0671 1800        MRxDAV - ok
11:40:19.0750 1800        MRxSmb          (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:40:19.0796 1800        MRxSmb - ok
11:40:19.0843 1800        MSDTC          (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
11:40:19.0859 1800        MSDTC - ok
11:40:19.0859 1800        Msfs            (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
11:40:19.0921 1800        Msfs - ok
11:40:19.0921 1800        MSIServer - ok
11:40:19.0953 1800        MSKSSRV        (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:40:20.0015 1800        MSKSSRV - ok
11:40:20.0046 1800        MSPCLOCK        (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:40:20.0078 1800        MSPCLOCK - ok
11:40:20.0093 1800        MSPQM          (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
11:40:20.0125 1800        MSPQM - ok
11:40:20.0171 1800        mssmbios        (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:40:20.0203 1800        mssmbios - ok
11:40:20.0250 1800        Mup            (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
11:40:20.0281 1800        Mup - ok
11:40:20.0312 1800        NDIS            (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
11:40:20.0375 1800        NDIS - ok
11:40:20.0421 1800        NdisTapi        (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:40:20.0437 1800        NdisTapi - ok
11:40:20.0484 1800        Ndisuio        (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:40:20.0531 1800        Ndisuio - ok
11:40:20.0531 1800        NdisWan        (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:40:20.0578 1800        NdisWan - ok
11:40:20.0625 1800        NDProxy        (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
11:40:20.0640 1800        NDProxy - ok
11:40:20.0656 1800        NetBIOS        (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:40:20.0703 1800        NetBIOS - ok
11:40:20.0718 1800        NetBT          (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:40:20.0781 1800        NetBT - ok
11:40:20.0812 1800        NetDDE          (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:40:20.0875 1800        NetDDE - ok
11:40:20.0906 1800        NetDDEdsdm      (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:40:20.0937 1800        NetDDEdsdm - ok
11:40:20.0968 1800        Netlogon        (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:21.0015 1800        Netlogon - ok
11:40:21.0031 1800        Netman          (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
11:40:21.0078 1800        Netman - ok
11:40:21.0218 1800        NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:40:21.0218 1800        NetTcpPortSharing - ok
11:40:21.0250 1800        NIC1394        (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:40:21.0296 1800        NIC1394 - ok
11:40:21.0359 1800        Nla            (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
11:40:21.0375 1800        Nla - ok
11:40:21.0421 1800        Npfs            (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
11:40:21.0484 1800        Npfs - ok
11:40:21.0531 1800        Ntfs            (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
11:40:21.0656 1800        Ntfs - ok
11:40:21.0687 1800        NtLmSsp        (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:21.0718 1800        NtLmSsp - ok
11:40:21.0750 1800        NtmsSvc        (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
11:40:21.0843 1800        NtmsSvc - ok
11:40:21.0890 1800        Null            (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
11:40:21.0937 1800        Null - ok
11:40:22.0187 1800        nv              (feab08c326e11a23ab6fe87b3ced56fd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:40:22.0859 1800        nv - ok
11:40:23.0062 1800        NvnUsbAudio    (3e63dec87b07659f1276c5dc01b5aa5a) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
11:40:23.0109 1800        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
11:40:23.0109 1800        NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
11:40:23.0203 1800        NVSvc          (c8a613978f184b15ae0ff2903e7f0930) C:\WINDOWS\system32\nvsvc64.exe
11:40:23.0281 1800        NVSvc - ok
11:40:23.0312 1800        nvUpdatusService - ok
11:40:23.0593 1800        odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:40:23.0609 1800        odserv - ok
11:40:23.0671 1800        ohci1394        (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:40:23.0703 1800        ohci1394 - ok
11:40:23.0734 1800        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:40:23.0750 1800        ose - ok
11:40:23.0781 1800        Parport        (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
11:40:23.0843 1800        Parport - ok
11:40:23.0875 1800        PartMgr        (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
11:40:23.0937 1800        PartMgr - ok
11:40:23.0953 1800        PCI            (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
11:40:24.0015 1800        PCI - ok
11:40:24.0031 1800        PCIIde          (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:40:24.0062 1800        PCIIde - ok
11:40:24.0093 1800        Pcmcia          (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:40:24.0156 1800        Pcmcia - ok
11:40:24.0156 1800        PDCOMP - ok
11:40:24.0171 1800        PDFRAME - ok
11:40:24.0171 1800        PDRELI - ok
11:40:24.0171 1800        PDRFRAME - ok
11:40:24.0234 1800        PlugPlay        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:40:24.0234 1800        PlugPlay - ok
11:40:24.0250 1800        PnkBstrA - ok
11:40:24.0296 1800        PolicyAgent    (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:24.0328 1800        PolicyAgent - ok
11:40:24.0375 1800        PptpMiniport    (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:40:24.0421 1800        PptpMiniport - ok
11:40:24.0421 1800        PQNTDrv - ok
11:40:24.0437 1800        ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:24.0468 1800        ProtectedStorage - ok
11:40:24.0500 1800        PSched          (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
11:40:24.0531 1800        PSched - ok
11:40:24.0531 1800        Ptilink        (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:40:24.0578 1800        Ptilink - ok
11:40:24.0640 1800        PxHlpa64        (a6bf0a9b5a30d743623ca0d3be35df05) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
11:40:24.0640 1800        PxHlpa64 - ok
11:40:24.0656 1800        RasAcd          (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:40:24.0687 1800        RasAcd - ok
11:40:24.0734 1800        RasAuto        (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
11:40:24.0796 1800        RasAuto - ok
11:40:24.0843 1800        Rasl2tp        (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:40:24.0890 1800        Rasl2tp - ok
11:40:24.0921 1800        RasMan          (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
11:40:24.0968 1800        RasMan - ok
11:40:24.0968 1800        RasPppoe        (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:40:25.0015 1800        RasPppoe - ok
11:40:25.0015 1800        Raspti          (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:40:25.0062 1800        Raspti - ok
11:40:25.0109 1800        Rdbss          (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:40:25.0156 1800        Rdbss - ok
11:40:25.0171 1800        RDPCDD          (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:40:25.0218 1800        RDPCDD - ok
11:40:25.0265 1800        rdpdr          (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:40:25.0328 1800        rdpdr - ok
11:40:25.0390 1800        RDPWD          (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
11:40:25.0421 1800        RDPWD - ok
11:40:25.0437 1800        RDSessMgr      (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
11:40:25.0484 1800        RDSessMgr - ok
11:40:25.0531 1800        redbook        (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:40:25.0578 1800        redbook - ok
11:40:25.0609 1800        RemoteAccess    (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
11:40:25.0656 1800        RemoteAccess - ok
11:40:25.0718 1800        RemoteRegistry  (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
11:40:25.0781 1800        RemoteRegistry - ok
11:40:25.0812 1800        RpcLocator      (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
11:40:25.0843 1800        RpcLocator - ok
11:40:25.0890 1800        RpcSs          (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:40:25.0906 1800        RpcSs - ok
11:40:25.0968 1800        RTL8023x64      (548464910350423cc178c80bf9501c7a) C:\WINDOWS\system32\DRIVERS\Rtnic64.sys
11:40:26.0031 1800        RTL8023x64 - ok
11:40:26.0078 1800        SamSs          (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:40:26.0109 1800        SamSs - ok
11:40:26.0156 1800        SCardSvr        (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
11:40:26.0203 1800        SCardSvr - ok
11:40:26.0250 1800        Schedule        (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
11:40:26.0296 1800        Schedule - ok
11:40:26.0312 1800        SCR33x USB Smart Card Reader - ok
11:40:26.0359 1800        Secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:40:26.0375 1800        Secdrv - ok
11:40:26.0390 1800        seclogon        (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
11:40:26.0421 1800        seclogon - ok
11:40:26.0453 1800        SENS            (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
11:40:26.0500 1800        SENS - ok
11:40:26.0546 1800        Serial          (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys
11:40:26.0593 1800        Serial - ok
11:40:26.0625 1800        Sfloppy        (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:40:26.0656 1800        Sfloppy - ok
11:40:26.0703 1800        SharedAccess    (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
11:40:26.0796 1800        SharedAccess - ok
11:40:26.0828 1800        ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:40:26.0859 1800        ShellHWDetection - ok
11:40:26.0859 1800        Simbad - ok
11:40:26.0906 1800        splitter        (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
11:40:26.0937 1800        splitter - ok
11:40:26.0984 1800        Spooler        (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
11:40:27.0000 1800        Spooler - ok
11:40:27.0062 1800        sr              (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
11:40:27.0093 1800        sr - ok
11:40:27.0140 1800        srservice      (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll
11:40:27.0187 1800        srservice - ok
11:40:27.0234 1800        Srv            (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
11:40:27.0250 1800        Srv - ok
11:40:27.0265 1800        SSDPSRV        (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll
11:40:27.0296 1800        SSDPSRV - ok
11:40:27.0296 1800        STC2DFU - ok
11:40:27.0328 1800        stisvc          (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
11:40:27.0500 1800        stisvc - ok
11:40:27.0625 1800        swenum          (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:40:27.0656 1800        swenum - ok
11:40:27.0703 1800        swmidi          (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
11:40:27.0750 1800        swmidi - ok
11:40:27.0781 1800        swprv          (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll
11:40:27.0859 1800        swprv - ok
11:40:27.0875 1800        symc8xx - ok
11:40:27.0875 1800        symmpi - ok
11:40:27.0875 1800        sym_hi - ok
11:40:27.0890 1800        sym_u3 - ok
11:40:27.0953 1800        SynasUSB        (48156ccd87e8b2961d8d4ef4021f952f) C:\WINDOWS\syswow64\drivers\SynUSB64.sys
11:40:27.0984 1800        SynasUSB ( UnsignedFile.Multi.Generic ) - warning
11:40:27.0984 1800        SynasUSB - detected UnsignedFile.Multi.Generic (1)
11:40:28.0031 1800        sysaudio        (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
11:40:28.0078 1800        sysaudio - ok
11:40:28.0109 1800        SysmonLog      (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
11:40:28.0156 1800        SysmonLog - ok
11:40:28.0187 1800        TapiSrv        (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
11:40:28.0234 1800        TapiSrv - ok
11:40:28.0281 1800        Tcpip          (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:40:28.0343 1800        Tcpip - ok
11:40:28.0375 1800        TDPIPE          (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:40:28.0437 1800        TDPIPE - ok
11:40:28.0468 1800        TDTCP          (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
11:40:28.0515 1800        TDTCP - ok
11:40:28.0562 1800        TermDD          (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:40:28.0609 1800        TermDD - ok
11:40:28.0625 1800        TermService    (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
11:40:28.0687 1800        TermService - ok
11:40:28.0734 1800        Themes          (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:40:28.0750 1800        Themes - ok
11:40:28.0781 1800        TlntSvr        (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
11:40:28.0812 1800        TlntSvr - ok
11:40:28.0828 1800        TosIde - ok
11:40:28.0875 1800        TrkWks          (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
11:40:28.0921 1800        TrkWks - ok
11:40:28.0968 1800        TuneUp.Defrag  (4b858c3960076ce0c2bd154612be1ef8) C:\WINDOWS\System32\TuneUpDefragService.exe
11:40:28.0984 1800        TuneUp.Defrag - ok
11:40:29.0000 1800        Udfs            (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
11:40:29.0046 1800        Udfs - ok
11:40:29.0093 1800        UGURU          (580641196846b0f594f675c07faad2bc) C:\WINDOWS\system32\drivers\uGuru.sys
11:40:29.0109 1800        UGURU ( UnsignedFile.Multi.Generic ) - warning
11:40:29.0109 1800        UGURU - detected UnsignedFile.Multi.Generic (1)
11:40:29.0109 1800        ultra - ok
11:40:29.0140 1800        UMWdf          (c306cea0f1477240a5d9a7e61db2f3e1) C:\WINDOWS\system32\wdfmgr.exe
11:40:29.0171 1800        UMWdf - ok
11:40:29.0203 1800        Update          (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys
11:40:29.0218 1800        Update - ok
11:40:29.0265 1800        upnphost        (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll
11:40:29.0296 1800        upnphost - ok
11:40:29.0328 1800        UPS            (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
11:40:29.0375 1800        UPS - ok
11:40:29.0406 1800        usbaudio        (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
11:40:29.0437 1800        usbaudio - ok
11:40:29.0453 1800        usbccgp        (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:40:29.0500 1800        usbccgp - ok
11:40:29.0546 1800        USBCCID        (a83d36d8bdd4c15ff7792642dfde4bd3) C:\WINDOWS\system32\DRIVERS\usbccid.sys
11:40:29.0593 1800        USBCCID - ok
11:40:29.0640 1800        usbehci        (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:40:29.0703 1800        usbehci - ok
11:40:29.0734 1800        usbhub          (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:40:29.0781 1800        usbhub - ok
11:40:29.0812 1800        usbscan        (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:40:29.0843 1800        usbscan - ok
11:40:29.0875 1800        USBSTOR        (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:40:29.0906 1800        USBSTOR - ok
11:40:29.0921 1800        usbuhci        (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:40:29.0968 1800        usbuhci - ok
11:40:30.0000 1800        UxTuneUp        (7f760efb9bbc5f8ac223d35dcdc35098) C:\WINDOWS\System32\uxtuneup.dll
11:40:30.0015 1800        UxTuneUp - ok
11:40:30.0062 1800        vds            (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
11:40:30.0156 1800        vds - ok
11:40:30.0203 1800        vga            (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
11:40:30.0250 1800        vga - ok
11:40:30.0296 1800        VgaSave        (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
11:40:30.0328 1800        VgaSave - ok
11:40:30.0343 1800        ViaIde - ok
11:40:30.0390 1800        VolSnap        (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
11:40:30.0421 1800        VolSnap - ok
11:40:30.0484 1800        VSS            (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
11:40:30.0578 1800        VSS - ok
11:40:30.0640 1800        W32Time        (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
11:40:30.0687 1800        W32Time - ok
11:40:30.0750 1800        Wanarp          (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:40:30.0796 1800        Wanarp - ok
11:40:30.0843 1800        Wdf01000        (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:40:30.0890 1800        Wdf01000 - ok
11:40:30.0890 1800        WDICA - ok
11:40:30.0953 1800        wdmaud          (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
11:40:31.0000 1800        wdmaud - ok
11:40:31.0046 1800        WebClient      (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
11:40:31.0078 1800        WebClient - ok
11:40:31.0109 1800        WinHttpAutoProxySvc - ok
11:40:31.0156 1800        winmgmt        (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:40:31.0218 1800        winmgmt - ok
11:40:31.0328 1800        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:40:31.0609 1800        wlidsvc - ok
11:40:31.0859 1800        WmdmPmSN        (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\SysWOW64\mspmsnsv.dll
11:40:31.0921 1800        WmdmPmSN - ok
11:40:31.0984 1800        Wmi            (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll
11:40:32.0062 1800        Wmi - ok
11:40:32.0093 1800        WmiApSrv        (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:40:32.0156 1800        WmiApSrv - ok
11:40:32.0218 1800        WpdUsb          (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:40:32.0265 1800        WpdUsb - ok
11:40:32.0312 1800        wscsvc          (82960ce97c1898c28d7ae62ba6721d27) C:\WINDOWS\system32\wscsvc.dll
11:40:32.0343 1800        wscsvc - ok
11:40:32.0359 1800        wuauserv        (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
11:40:32.0406 1800        wuauserv - ok
11:40:32.0562 1800        WZCSVC          (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
11:40:32.0625 1800        WZCSVC - ok
11:40:32.0656 1800        xmlprov        (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
11:40:32.0718 1800        xmlprov - ok
11:40:32.0781 1800        xusb21          (9176c0822faa649e45121875be32f5d2) C:\WINDOWS\system32\DRIVERS\xusb21.sys
11:40:32.0781 1800        xusb21 - ok
11:40:32.0796 1800        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:40:33.0046 1800        \Device\Harddisk0\DR0 - ok
11:40:33.0078 1800        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:40:33.0125 1800        \Device\Harddisk1\DR1 - ok
11:40:33.0125 1800        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
11:40:33.0171 1800        \Device\Harddisk2\DR2 - ok
11:40:33.0171 1800        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR6
11:40:33.0781 1800        \Device\Harddisk3\DR6 - ok
11:40:33.0781 1800        Boot (0x1200)  (303956f4b7d031e2ab50e9091c03fdae) \Device\Harddisk0\DR0\Partition0
11:40:33.0781 1800        \Device\Harddisk0\DR0\Partition0 - ok
11:40:33.0781 1800        Boot (0x1200)  (eec7c32bed8c61244fa2ee05b1990b56) \Device\Harddisk1\DR1\Partition0
11:40:33.0781 1800        \Device\Harddisk1\DR1\Partition0 - ok
11:40:33.0781 1800        Boot (0x1200)  (92aa6e58bdf76968c27ba8f6b6318ede) \Device\Harddisk2\DR2\Partition0
11:40:33.0781 1800        \Device\Harddisk2\DR2\Partition0 - ok
11:40:33.0781 1800        Boot (0x1200)  (d91824221575654b1eaca7f31b4e6e8f) \Device\Harddisk3\DR6\Partition0
11:40:33.0781 1800        \Device\Harddisk3\DR6\Partition0 - ok
11:40:33.0796 1800        ============================================================
11:40:33.0796 1800        Scan finished
11:40:33.0796 1800        ============================================================
11:40:33.0890 2928        Detected object count: 4
11:40:33.0890 2928        Actual detected object count: 4
11:40:48.0156 2928        fireface ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928        fireface ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:48.0156 2928        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:48.0156 2928        SynasUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928        SynasUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:48.0156 2928        UGURU ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:48.0156 2928        UGURU ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:55.0296 3920        Deinitialize success

cosinus 22.03.2012 13:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bundeshase 22.03.2012 14:40
Hi Arne, ComboFix unterstützt leider Windows XP64bit nicht...wir brauchen wohl eine andere Lösung :(

cosinus 22.03.2012 15:38
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Bundeshase 22.03.2012 16:15
Hier der Log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 15:43:10
-----------------------------
15:43:10.015 OS Version: Windows x64 5.2.3790 Service Pack 2
15:43:10.015 Number of processors: 4 586 0x1707
15:43:10.015 ComputerName: GREGSEN UserName:
15:43:11.562 Initialize success
15:45:03.859 AVAST engine defs: 12032000
15:45:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:45:09.593 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
15:45:09.593 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.609 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
15:45:09.609 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
15:45:09.625 Disk 0 MBR read successfully
15:45:09.625 Disk 0 MBR scan
15:45:09.750 Disk 0 Windows XP default MBR code
15:45:09.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:45:09.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:45:17.546 Service scanning
15:45:31.500 Modules scanning
15:45:31.500 Disk 0 trace - called modules:
15:45:31.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
15:45:31.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
15:45:31.500 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
15:45:31.500 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
15:45:32.156 AVAST engine scan C:\WINDOWS
15:45:49.343 AVAST engine scan C:\WINDOWS\system32
15:47:47.515 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:58.187 AVAST engine scan C:\Documents and Settings\Administrator
15:52:24.843 File: C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]
15:58:57.281 AVAST engine scan C:\Documents and Settings\All Users
16:03:13.968 Scan finished successfully
16:14:33.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:14:33.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

cosinus 22.03.2012 16:29
Zitat:
C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]
Wo hast du das Teil denn her? :balla:

Bundeshase 22.03.2012 16:30
...ich hab's nie runtergeladen O_o ich weiß nichtmal, was das ist!

cosinus 22.03.2012 16:32
Lösch bitte den Ordner \CryptLoad in C:\Documents and Settings\Administrator\My Documents\Downloads

Mach danach ein neues Log mit aswMBR

Bundeshase 22.03.2012 17:05
Hi Arne, hier der neue Log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 16:37:55
-----------------------------
16:37:55.062 OS Version: Windows x64 5.2.3790 Service Pack 2
16:37:55.062 Number of processors: 4 586 0x1707
16:37:55.062 ComputerName: GREGSEN UserName:
16:37:56.640 Initialize success
16:40:45.156 AVAST engine defs: 12032000
16:42:13.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:42:13.781 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
16:42:13.781 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
16:42:13.781 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
16:42:13.796 Disk 0 MBR read successfully
16:42:13.796 Disk 0 MBR scan
16:42:13.843 Disk 0 Windows XP default MBR code
16:42:13.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
16:42:13.906 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:24.562 Service scanning
16:42:37.203 Modules scanning
16:42:37.203 Disk 0 trace - called modules:
16:42:37.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
16:42:37.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
16:42:37.234 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
16:42:37.234 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
16:42:38.078 AVAST engine scan C:\WINDOWS
16:42:49.687 AVAST engine scan C:\WINDOWS\system32
16:44:58.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:45:07.812 AVAST engine scan C:\Documents and Settings\Administrator
16:54:03.625 AVAST engine scan C:\Documents and Settings\All Users
16:57:34.437 Scan finished successfully
17:04:57.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:04:57.875 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

cosinus 23.03.2012 20:42
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Bundeshase 24.03.2012 17:11
Hallo Arne,

super, tausend Dank dir. Hier die Vollscan-Logs von Malwarebytes, SuperAntiSpyware und ESET:


Malwarebytes:


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.23.05

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GREGSEN [Administrator]

24.03.2012 11:56:25
mbam-log-2012-03-24 (13-13-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 580111
Laufzeit: 1 Stunde(n), 12 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Ende)


SASW:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/24/2012 at 03:52 AM

Application Version : 5.0.1146

Core Rules Database Version : 8376
Trace Rules Database Version: 6188

Scan type : Complete Scan
Total Scan Time : 03:21:52

Operating System Information
Windows XP Professional 64-bit, Service Pack 2 (Build 5.02.3790)
Administrator

Memory items scanned : 367
Memory threats detected : 0
Registry items scanned : 65153
Registry threats detected : 1
File items scanned : 454056
File threats detected : 1

Disabled.SecurityCenterOption
(x64) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY


Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA



ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77f868b0b0ef86439fed1a800ffabf5c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-24 03:49:01
# local_time=2012-03-24 04:49:01 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 347743 347743 0 0
# compatibility_mode=8192 67108863 100 0 3798 3798 0 0
# scanned=453568
# found=3
# cleaned=0
# scan_time=12625
C:\Documents and Settings\Administrator\My Documents\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I

cosinus 24.03.2012 18:54
Zitat:
Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA
Aus welcher Quelle stammt das?

Bundeshase 24.03.2012 19:10
Hi Arne,

soweit ich das sehen kann ist das eine ganz normale Datei, die zum Spiel "Dawn of War" gehört - das zocke ich ab und zu mal. Sieht für meine Begriffe nicht verdächtig aus...was meinst du?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:04 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131