|
Befall mit MS Removal Tool Hallo miteinander, ich hatte einen Befall mit dem MS Removal Tool. Ich bin vorgegangen wie in Eurer Anleitung "MS Removal Tool entfernen" beschrieben. Seitdem ist es anscheinend verschwunden, jedenfalls merke ich nichts mehr. Möglicherweise ist mein PC aber wohl noch nicht sicher (Rootkits etc....). Vielleicht könnte von den Profis noch mal jemand schauen? Logs wie in Anleitung beschrieben anbei. Ich bedanke mich recht herzlich im Voraus. |
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. |
Hallo cosinus, vielen Dank für die Rückmeldung. Ja, es gibt noch ein weiteres nach der Beseitigung. Das habe ich noch angehängt. |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. |
Hallo cosinus, habe alles erledigt. All processes killed ========== OTL ========== Prefs.js: " 89.106.13.93" removed from network.proxy.http Prefs.js: 80 removed from network.proxy.http_port Prefs.js: 0 removed from network.proxy.type HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. H:\AUTOEXEC.BAT moved successfully. H:\Autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f9d76c-2707-11db-aabe-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10f9d76c-2707-11db-aabe-0016ec967427}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a5711f6-1159-11dd-ac09-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a5711f6-1159-11dd-ac09-0016ec967427}\ not found. File .\TrueCrypt\TC_Loader.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4320ea5c-dc18-11de-ad41-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4320ea5c-dc18-11de-ad41-0016ec967427}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666282c4-d8a3-11db-ab32-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666282c4-d8a3-11db-ab32-0016ec967427}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{707f6805-73af-11de-ab24-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707f6805-73af-11de-ab24-806d6172696f}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95cb9b05-6906-11de-b519-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95cb9b05-6906-11de-b519-806d6172696f}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccf62c6b-223e-11df-a458-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccf62c6b-223e-11df-a458-0016ec967427}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff3388fb-24b3-11db-bd62-0016ec967427}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff3388fb-24b3-11db-bd62-0016ec967427}\ not found. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Splash.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ deleted successfully. File .\Encryption Tool\MaxtorEncryption.exe not found. Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lDk20402pGfMe20402\ not found. C:\WINDOWS\tasks\B133E1F091F493A4.job moved successfully. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 30130 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: HP_Besitzer ->Temp folder emptied: 7458901 bytes ->Temporary Internet Files folder emptied: 1169100 bytes ->Java cache emptied: 13794 bytes ->FireFox cache emptied: 162573434 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 682123 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1867776 bytes %systemroot%\System32 .tmp files removed: 22637056 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 2250824 bytes Total Files Cleaned = 190,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04152011_222120 Files\Folders moved on Reboot... File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. Registry entries deleted on Reboot... |
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif |
Hallo, hab ich erledigt. 2011/04/15 22:42:52.0078 2300 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/15 22:42:52.0343 2300 ================================================================================ 2011/04/15 22:42:52.0343 2300 SystemInfo: 2011/04/15 22:42:52.0343 2300 2011/04/15 22:42:52.0343 2300 OS Version: 5.1.2600 ServicePack: 2.0 2011/04/15 22:42:52.0343 2300 Product type: Workstation 2011/04/15 22:42:52.0343 2300 ComputerName: NAME-CD5FDA878D 2011/04/15 22:42:52.0343 2300 UserName: HP_Besitzer 2011/04/15 22:42:52.0343 2300 Windows directory: C:\WINDOWS 2011/04/15 22:42:52.0343 2300 System windows directory: C:\WINDOWS 2011/04/15 22:42:52.0343 2300 Processor architecture: Intel x86 2011/04/15 22:42:52.0343 2300 Number of processors: 2 2011/04/15 22:42:52.0343 2300 Page size: 0x1000 2011/04/15 22:42:52.0343 2300 Boot type: Normal boot 2011/04/15 22:42:52.0343 2300 ================================================================================ 2011/04/15 22:42:53.0140 2300 Initialize success 2011/04/15 22:42:56.0562 2084 ================================================================================ 2011/04/15 22:42:56.0562 2084 Scan started 2011/04/15 22:42:56.0562 2084 Mode: Manual; 2011/04/15 22:42:56.0562 2084 ================================================================================ 2011/04/15 22:43:00.0250 2084 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/15 22:43:00.0296 2084 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/15 22:43:00.0359 2084 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/04/15 22:43:00.0406 2084 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/04/15 22:43:00.0578 2084 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/15 22:43:00.0703 2084 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/15 22:43:00.0718 2084 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/15 22:43:00.0765 2084 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/15 22:43:00.0796 2084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/15 22:43:00.0859 2084 AVerPola (5b7297abcea83c058ce1713849642804) C:\WINDOWS\system32\DRIVERS\AVerPola.sys 2011/04/15 22:43:00.0968 2084 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 2011/04/15 22:43:01.0000 2084 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/04/15 22:43:01.0031 2084 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/04/15 22:43:01.0046 2084 AVPolCIR (ae130449d9562183ad1bcc070de93fbc) C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys 2011/04/15 22:43:01.0078 2084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/15 22:43:01.0125 2084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/15 22:43:01.0156 2084 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/04/15 22:43:01.0203 2084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/15 22:43:01.0218 2084 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/15 22:43:01.0250 2084 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/15 22:43:01.0453 2084 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/15 22:43:01.0515 2084 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/15 22:43:01.0546 2084 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/15 22:43:01.0578 2084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/15 22:43:01.0625 2084 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/15 22:43:01.0765 2084 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/15 22:43:01.0843 2084 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/15 22:43:01.0890 2084 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/15 22:43:01.0906 2084 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/15 22:43:01.0937 2084 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/15 22:43:01.0968 2084 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/15 22:43:02.0000 2084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/15 22:43:02.0031 2084 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/15 22:43:02.0078 2084 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/15 22:43:02.0125 2084 HCWBT8XX (0ecfcbebbf5acbade184bde2dc16d9f9) C:\WINDOWS\system32\drivers\HCWBT8XX.sys 2011/04/15 22:43:02.0171 2084 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/15 22:43:02.0203 2084 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/15 22:43:02.0281 2084 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/15 22:43:02.0359 2084 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/15 22:43:02.0406 2084 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/15 22:43:02.0578 2084 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/15 22:43:02.0703 2084 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/04/15 22:43:02.0734 2084 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/15 22:43:02.0750 2084 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/15 22:43:02.0781 2084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/15 22:43:02.0796 2084 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/15 22:43:02.0843 2084 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/15 22:43:02.0859 2084 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/15 22:43:02.0890 2084 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/15 22:43:02.0937 2084 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/15 22:43:03.0000 2084 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/15 22:43:03.0031 2084 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/15 22:43:03.0062 2084 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/15 22:43:03.0093 2084 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/15 22:43:03.0171 2084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/15 22:43:03.0218 2084 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/15 22:43:03.0250 2084 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/15 22:43:03.0265 2084 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/15 22:43:03.0296 2084 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/15 22:43:03.0328 2084 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys 2011/04/15 22:43:03.0390 2084 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/15 22:43:03.0437 2084 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/15 22:43:03.0468 2084 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/15 22:43:03.0515 2084 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/15 22:43:03.0546 2084 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/15 22:43:03.0578 2084 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/15 22:43:03.0609 2084 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/15 22:43:03.0625 2084 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/04/15 22:43:03.0656 2084 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/15 22:43:03.0703 2084 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys 2011/04/15 22:43:03.0718 2084 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/04/15 22:43:03.0750 2084 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/15 22:43:03.0765 2084 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/04/15 22:43:03.0796 2084 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/15 22:43:03.0828 2084 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/15 22:43:03.0843 2084 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/15 22:43:03.0875 2084 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/15 22:43:03.0890 2084 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/15 22:43:03.0921 2084 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/15 22:43:03.0968 2084 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/15 22:43:04.0031 2084 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/15 22:43:04.0078 2084 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/15 22:43:04.0156 2084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/15 22:43:04.0437 2084 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/15 22:43:04.0687 2084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/15 22:43:04.0703 2084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/15 22:43:04.0750 2084 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/15 22:43:04.0796 2084 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/15 22:43:04.0828 2084 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/15 22:43:04.0859 2084 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/15 22:43:04.0953 2084 PCD5SRVC{8A863ACB-F5F6CC6A-05010003} (8e8a962565d46855f031ecbf23ace17a) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 2011/04/15 22:43:04.0984 2084 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/15 22:43:05.0031 2084 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/15 22:43:05.0078 2084 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/15 22:43:05.0265 2084 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys 2011/04/15 22:43:05.0328 2084 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/15 22:43:05.0359 2084 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/04/15 22:43:05.0375 2084 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/15 22:43:05.0406 2084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/15 22:43:05.0437 2084 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/04/15 22:43:05.0578 2084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/15 22:43:05.0609 2084 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/15 22:43:05.0640 2084 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/15 22:43:05.0656 2084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/15 22:43:05.0703 2084 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/15 22:43:05.0718 2084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/15 22:43:05.0765 2084 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/15 22:43:05.0843 2084 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/15 22:43:05.0906 2084 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 2011/04/15 22:43:05.0953 2084 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/04/15 22:43:05.0968 2084 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/04/15 22:43:06.0031 2084 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/04/15 22:43:06.0093 2084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/15 22:43:06.0125 2084 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/15 22:43:06.0171 2084 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/15 22:43:06.0187 2084 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/15 22:43:06.0265 2084 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/04/15 22:43:06.0296 2084 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/04/15 22:43:06.0359 2084 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/15 22:43:06.0421 2084 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/15 22:43:06.0421 2084 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/15 22:43:06.0437 2084 sptd - detected Locked file (1) 2011/04/15 22:43:06.0453 2084 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/15 22:43:06.0500 2084 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/15 22:43:06.0546 2084 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/04/15 22:43:06.0640 2084 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/04/15 22:43:06.0671 2084 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/15 22:43:06.0687 2084 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/15 22:43:06.0828 2084 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/15 22:43:06.0875 2084 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/15 22:43:06.0921 2084 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/15 22:43:06.0937 2084 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/15 22:43:06.0984 2084 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/15 22:43:07.0031 2084 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2011/04/15 22:43:07.0078 2084 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys 2011/04/15 22:43:07.0156 2084 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys 2011/04/15 22:43:07.0218 2084 TSMPacket (7c1367bff5587cf49c0ed2e664f6eac0) C:\WINDOWS\system32\DRIVERS\tsmpkt.sys 2011/04/15 22:43:07.0265 2084 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/15 22:43:07.0328 2084 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/15 22:43:07.0390 2084 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/15 22:43:07.0421 2084 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/15 22:43:07.0453 2084 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/15 22:43:07.0484 2084 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/15 22:43:07.0515 2084 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/15 22:43:07.0546 2084 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/15 22:43:07.0562 2084 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/15 22:43:07.0625 2084 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys 2011/04/15 22:43:07.0656 2084 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/04/15 22:43:07.0718 2084 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/04/15 22:43:07.0734 2084 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/15 22:43:07.0796 2084 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/15 22:43:07.0859 2084 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/15 22:43:07.0968 2084 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/15 22:43:07.0984 2084 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/04/15 22:43:08.0031 2084 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/04/15 22:43:08.0062 2084 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/04/15 22:43:08.0234 2084 ================================================================================ 2011/04/15 22:43:08.0234 2084 Scan finished 2011/04/15 22:43:08.0234 2084 ================================================================================ 2011/04/15 22:43:08.0250 2076 Detected object count: 1 2011/04/15 22:43:42.0281 2076 Locked file(sptd) - User select action: Skip 2011/04/15 22:44:19.0406 2496 ================================================================================ 2011/04/15 22:44:19.0406 2496 Scan started 2011/04/15 22:44:19.0406 2496 Mode: Manual; 2011/04/15 22:44:19.0406 2496 ================================================================================ 2011/04/15 22:44:19.0906 2496 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/15 22:44:19.0937 2496 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/15 22:44:19.0984 2496 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/04/15 22:44:20.0031 2496 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/04/15 22:44:20.0187 2496 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/15 22:44:20.0312 2496 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/15 22:44:20.0343 2496 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/15 22:44:20.0390 2496 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/15 22:44:20.0421 2496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/15 22:44:20.0484 2496 AVerPola (5b7297abcea83c058ce1713849642804) C:\WINDOWS\system32\DRIVERS\AVerPola.sys 2011/04/15 22:44:20.0578 2496 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 2011/04/15 22:44:20.0625 2496 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/04/15 22:44:20.0656 2496 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/04/15 22:44:20.0687 2496 AVPolCIR (ae130449d9562183ad1bcc070de93fbc) C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys 2011/04/15 22:44:20.0734 2496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/15 22:44:20.0781 2496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/15 22:44:20.0796 2496 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/04/15 22:44:20.0859 2496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/15 22:44:20.0875 2496 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/15 22:44:20.0921 2496 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/15 22:44:21.0109 2496 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/15 22:44:21.0156 2496 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/15 22:44:21.0187 2496 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/15 22:44:21.0218 2496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/15 22:44:21.0250 2496 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/15 22:44:21.0296 2496 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/15 22:44:21.0359 2496 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/15 22:44:21.0390 2496 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/15 22:44:21.0437 2496 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/15 22:44:21.0453 2496 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/15 22:44:21.0484 2496 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/15 22:44:21.0500 2496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/15 22:44:21.0531 2496 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/15 22:44:21.0562 2496 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/15 22:44:21.0671 2496 HCWBT8XX (0ecfcbebbf5acbade184bde2dc16d9f9) C:\WINDOWS\system32\drivers\HCWBT8XX.sys 2011/04/15 22:44:21.0703 2496 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/15 22:44:21.0734 2496 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/15 22:44:21.0812 2496 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/15 22:44:21.0890 2496 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/15 22:44:21.0921 2496 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/15 22:44:22.0093 2496 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/15 22:44:22.0140 2496 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/04/15 22:44:22.0171 2496 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/15 22:44:22.0203 2496 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/15 22:44:22.0218 2496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/15 22:44:22.0250 2496 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/15 22:44:22.0281 2496 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/15 22:44:22.0296 2496 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/15 22:44:22.0328 2496 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/15 22:44:22.0343 2496 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/15 22:44:22.0375 2496 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/15 22:44:22.0406 2496 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/15 22:44:22.0437 2496 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/15 22:44:22.0500 2496 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/15 22:44:22.0593 2496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/15 22:44:22.0640 2496 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/15 22:44:22.0671 2496 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/15 22:44:22.0703 2496 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/15 22:44:22.0718 2496 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/15 22:44:22.0750 2496 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys 2011/04/15 22:44:22.0812 2496 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/15 22:44:22.0859 2496 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/15 22:44:22.0921 2496 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/15 22:44:22.0984 2496 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/15 22:44:23.0015 2496 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/15 22:44:23.0046 2496 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/15 22:44:23.0093 2496 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/15 22:44:23.0109 2496 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/04/15 22:44:23.0140 2496 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/15 22:44:23.0187 2496 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys 2011/04/15 22:44:23.0203 2496 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/04/15 22:44:23.0234 2496 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/15 22:44:23.0250 2496 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/04/15 22:44:23.0281 2496 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/15 22:44:23.0312 2496 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/15 22:44:23.0328 2496 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/15 22:44:23.0359 2496 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/15 22:44:23.0375 2496 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/15 22:44:23.0421 2496 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/15 22:44:23.0468 2496 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/15 22:44:23.0531 2496 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/15 22:44:23.0578 2496 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/15 22:44:23.0656 2496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/15 22:44:23.0953 2496 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/15 22:44:24.0031 2496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/15 22:44:24.0062 2496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/15 22:44:24.0109 2496 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/15 22:44:24.0156 2496 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/15 22:44:24.0171 2496 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/15 22:44:24.0203 2496 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/15 22:44:24.0296 2496 PCD5SRVC{8A863ACB-F5F6CC6A-05010003} (8e8a962565d46855f031ecbf23ace17a) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 2011/04/15 22:44:24.0328 2496 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/15 22:44:24.0375 2496 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/15 22:44:24.0421 2496 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/15 22:44:24.0656 2496 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys 2011/04/15 22:44:24.0718 2496 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/15 22:44:24.0734 2496 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/04/15 22:44:24.0765 2496 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/15 22:44:24.0781 2496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/15 22:44:24.0812 2496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/04/15 22:44:24.0968 2496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/15 22:44:25.0015 2496 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/15 22:44:25.0031 2496 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/15 22:44:25.0062 2496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/15 22:44:25.0093 2496 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/15 22:44:25.0125 2496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/15 22:44:25.0187 2496 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/15 22:44:25.0218 2496 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/15 22:44:25.0296 2496 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 2011/04/15 22:44:25.0343 2496 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/04/15 22:44:25.0375 2496 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/04/15 22:44:25.0421 2496 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/04/15 22:44:25.0484 2496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/15 22:44:25.0515 2496 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/15 22:44:25.0546 2496 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/15 22:44:25.0593 2496 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/15 22:44:25.0656 2496 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/04/15 22:44:25.0687 2496 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/04/15 22:44:25.0750 2496 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/15 22:44:25.0812 2496 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/15 22:44:25.0812 2496 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/15 22:44:25.0828 2496 sptd - detected Locked file (1) 2011/04/15 22:44:25.0843 2496 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/15 22:44:25.0906 2496 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/15 22:44:26.0000 2496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/04/15 22:44:26.0046 2496 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/04/15 22:44:26.0078 2496 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/15 22:44:26.0093 2496 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/15 22:44:26.0234 2496 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/15 22:44:26.0281 2496 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/15 22:44:26.0312 2496 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/15 22:44:26.0343 2496 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/15 22:44:26.0359 2496 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/15 22:44:26.0406 2496 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2011/04/15 22:44:26.0453 2496 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys 2011/04/15 22:44:26.0546 2496 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys 2011/04/15 22:44:26.0609 2496 TSMPacket (7c1367bff5587cf49c0ed2e664f6eac0) C:\WINDOWS\system32\DRIVERS\tsmpkt.sys 2011/04/15 22:44:26.0640 2496 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/15 22:44:26.0703 2496 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/15 22:44:26.0765 2496 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/15 22:44:26.0781 2496 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/15 22:44:26.0812 2496 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/15 22:44:26.0828 2496 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/15 22:44:26.0859 2496 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/15 22:44:26.0890 2496 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/15 22:44:26.0906 2496 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/15 22:44:26.0968 2496 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys 2011/04/15 22:44:27.0000 2496 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/04/15 22:44:27.0031 2496 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/04/15 22:44:27.0046 2496 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/15 22:44:27.0093 2496 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/15 22:44:27.0218 2496 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/15 22:44:27.0312 2496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/15 22:44:28.0000 2496 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/04/15 22:44:28.0734 2496 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/04/15 22:44:28.0750 2496 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/04/15 22:44:29.0265 2496 ================================================================================ 2011/04/15 22:44:29.0265 2496 Scan finished 2011/04/15 22:44:29.0265 2496 ================================================================================ 2011/04/15 22:44:29.0296 2440 Detected object count: 1 2011/04/15 22:44:46.0859 2440 Locked file(sptd) - User select action: Skip |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
Hallo cosinus, habe ich auch erledigt. Combofix Logfile: Code: ComboFix 11-04-15.06 - HP_Besitzer 16.04.2011 19:35:53.1.2 - x86 |
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
|
Hallo Cosinus, hier einmal das GMER Protokoll GMER Logfile: Code: GMER 1.0.15.15570 - hxxp://www.gmer.net |
Dann haben wir OSAM OSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Und MBR MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x00003efc Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E3000 \WINDOWS\system32\hal.dll 0xF7A5C000 \WINDOWS\system32\KDCOM.DLL 0xF796C000 \WINDOWS\system32\BOOTVID.dll 0xF7368000 spkg.sys 0xF7A5E000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF7350000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF7321000 ACPI.sys 0xF7310000 pci.sys 0xF755C000 isapnp.sys 0xF756C000 ohci1394.sys 0xF757C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7B24000 pciide.sys 0xF77DC000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7A60000 viaide.sys 0xF7A62000 intelide.sys 0xF758C000 MountMgr.sys 0xF72F1000 ftdisk.sys 0xF77E4000 PartMgr.sys 0xF759C000 VolSnap.sys 0xF72D9000 atapi.sys 0xF75AC000 disk.sys 0xF75BC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF72B9000 fltMgr.sys 0xF72A7000 sr.sys 0xF75CC000 PxHelp20.sys 0xF7290000 KSecDD.sys 0xF7203000 Ntfs.sys 0xF71D6000 NDIS.sys 0xF7177000 timntr.sys 0xF715E000 snapman.sys 0xF75DC000 sbp2port.sys 0xF7143000 Mup.sys 0xF767C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF60F9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF60E5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF790C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF60C2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7914000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF768C000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF70E3000 \SystemRoot\system32\drivers\pfc.sys 0xF769C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76AC000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF609F000 \SystemRoot\system32\DRIVERS\ks.sys 0xF607A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6066000 \SystemRoot\system32\DRIVERS\parport.sys 0xF76BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF791C000 \SystemRoot\system32\DRIVERS\PS2.sys 0xF7924000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF792C000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF5FE8000 \SystemRoot\system32\drivers\HCWBT8XX.sys 0xF76CC000 \SystemRoot\system32\drivers\STREAM.SYS 0xF5FD4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xF76DC000 \SystemRoot\system32\DRIVERS\mxopswd.sys 0xF76EC000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF5F9B000 \SystemRoot\System32\Drivers\adrqkzvc.SYS 0xF7BCB000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF70CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5F84000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF770C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF771C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF785C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5F73000 \SystemRoot\system32\DRIVERS\psched.sys 0xF772C000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7864000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF786C000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF774C000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A86000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5DDE000 \SystemRoot\system32\DRIVERS\update.sys 0xF70BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF70B7000 \SystemRoot\system32\DRIVERS\tsmpkt.sys 0xF775C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF777C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A90000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF3102000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xF30E0000 \SystemRoot\system32\drivers\portcls.sys 0xF3766000 \SystemRoot\system32\drivers\drmk.sys 0xF7A98000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C70000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A9A000 \SystemRoot\System32\Drivers\Beep.SYS 0xF78F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF78FC000 \SystemRoot\System32\drivers\vga.sys 0xF7A9E000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7AA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7904000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7934000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF5F57000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF3085000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF302D000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3005000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF2FBC000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF2F9A000 \SystemRoot\System32\drivers\afd.sys 0xF3756000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF3746000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF2F65000 \SystemRoot\System32\drivers\truecrypt.sys 0xF3736000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF793C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xF2F3A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF2ECB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF3726000 \SystemRoot\System32\Drivers\Fips.SYS 0xF2EA5000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7AA8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF7954000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF795C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF2E5A000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF2DE5000 \SystemRoot\system32\DRIVERS\AVerPola.sys 0xF5F5B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0xF3625000 \SystemRoot\system32\DRIVERS\AVPolCIR.sys 0xF3615000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF3605000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF2E7D000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF2D7D000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7ADE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF2DE1000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7884000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B55000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB7F31000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF36AD000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0xB7F56000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB7C5D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB7C20000 \SystemRoot\system32\drivers\wdmaud.sys 0xF3585000 \SystemRoot\system32\drivers\sysaudio.sys 0xB78D3000 \SystemRoot\system32\DRIVERS\srv.sys 0xF36B5000 \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 0xB6E4C000 \??\C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys 0xB6DE1000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\DAEMON Tools Lite\Engine.dll Processes (total 37): 0 System Idle Process 4 System 860 C:\WINDOWS\system32\smss.exe 1064 csrss.exe 1092 C:\WINDOWS\system32\winlogon.exe 1136 C:\WINDOWS\system32\services.exe 1148 C:\WINDOWS\system32\lsass.exe 1348 C:\WINDOWS\system32\nvsvc32.exe 1380 C:\WINDOWS\system32\svchost.exe 1428 svchost.exe 1528 C:\WINDOWS\system32\svchost.exe 1612 svchost.exe 1764 svchost.exe 2024 C:\WINDOWS\system32\spoolsv.exe 352 C:\Programme\Avira\AntiVir Desktop\sched.exe 364 C:\WINDOWS\explorer.exe 696 C:\WINDOWS\system32\rundll32.exe 752 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 776 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 788 C:\WINDOWS\system32\ctfmon.exe 832 C:\Programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe 1372 C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 1468 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe 1484 C:\Programme\Avira\AntiVir Desktop\avguard.exe 1504 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe 1520 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe 1740 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 1752 C:\Programme\Java\jre6\bin\jqs.exe 1824 C:\WINDOWS\system32\oodag.exe 1940 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE 2044 C:\WINDOWS\system32\svchost.exe 2088 C:\Programme\Buhl\WISO Börse 2011\bin\watchdog.exe 2388 C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe 3296 alg.exe 3020 C:\Programme\Mozilla Firefox\firefox.exe 3532 C:\Programme\Mozilla Firefox\plugin-container.exe 1056 C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`0d284e00 (NTFS) \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000005`895b1600 (FAT32) \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21 PhysicalDrive1 Model Number: MaxtorOneTouch, Rev: 0121 Size Device Name MBR Status -------------------------------------------- 279 GB \\.\PhysicalDrive0 Legit MBR code detected SHA1: E68294B13179B1693F581515E9DF034C786D5AEE 931 GB \\.\PhysicalDrive1 |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Hallo Cosinus, anbei die Vollscans. MFG SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/25/2011 at 09:20 PM Application Version : 4.51.1000 Core Rules Database Version : 6917 Trace Rules Database Version: 4729 Scan type : Complete Scan Total Scan Time : 00:55:36 Memory items scanned : 478 Memory threats detected : 0 Registry items scanned : 7421 Registry threats detected : 0 File items scanned : 63776 File threats detected : 1 Trojan.Agent/Gen-UsrMgr C:\SYSTEM VOLUME INFORMATION\_RESTORE{2005CC72-E1D4-412C-8599-FDC32E05059E}\RP1044\A0539947.EXE Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6399 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 19.04.2011 22:30:38 mbam-log-2011-04-19 (22-30-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 201455 Laufzeit: 30 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:43 Uhr. |
Copyright ©2000-2025, Trojaner-Board