Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA Trojaner (https://www.trojaner-board.de/110045-bka-trojaner.html)

DaniSahne 16.02.2012 17:13
BKA Trojaner
 
Hallo,

Leider hat es wie anscheinend schon einige hier auch heute mich getroffen mit diesem verfluchten BKA-Trojaner.
Habe dann mit einem anderen Laptop im Internet nach Lösungswegen gesucht und eine Anleitung gefunden, die ich Schritt für Schritt durchgearbeitet habe:

blog.botfrei.de/2012/01/bka-trojaner-1-03-entfernen-windows-7-windows-vista/

Habe es so nun wieder hinbekommen, dass ich mein System normal benutzen kann. Da ich aber der Ruhe nicht ganz traue, wüsste ich jetzt gerne: Wie kann ich restliche Überbleibsel des Trojaners finden und entfernen?
Lasse gerade schon MalwareBytes AntiMalware einen Vollscan durchführen und würde dann das Logfile hier posten. Sonst noch irgendwelche Maßnahmen ?

Lg,

DaniSahne

Chris4You 16.02.2012 18:40
Hi,

mal sehen was noch übrig ist...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

DaniSahne 18.02.2012 17:46
Ok, hier wären also schonmal die Logfiles von OTL. Die OTL-Datei war zu groß, daher hab ich sie in 2 Teile gesplittet.
Lasse jetzt noch das andere von dir genannte Programm scannen und poste dann die Logfile hier.

Danke schonmal!

Liebe Grüße

DaniSahne 18.02.2012 18:04
OK, hier nun der Bericht vom TDSS Killer:

Code:
17:52:19.0898 7360        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:52:20.0122 7360        ============================================================
17:52:20.0122 7360        Current date / time: 2012/02/18 17:52:20.0122
17:52:20.0122 7360        SystemInfo:
17:52:20.0122 7360       
17:52:20.0122 7360        OS Version: 6.1.7601 ServicePack: 1.0
17:52:20.0122 7360        Product type: Workstation
17:52:20.0122 7360        ComputerName: DANIEL-PC
17:52:20.0122 7360        UserName: Daniel
17:52:20.0122 7360        Windows directory: C:\Windows
17:52:20.0122 7360        System windows directory: C:\Windows
17:52:20.0122 7360        Running under WOW64
17:52:20.0123 7360        Processor architecture: Intel x64
17:52:20.0123 7360        Number of processors: 4
17:52:20.0123 7360        Page size: 0x1000
17:52:20.0123 7360        Boot type: Normal boot
17:52:20.0123 7360        ============================================================
17:52:20.0799 7360        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:20.0809 7360        \Device\Harddisk0\DR0:
17:52:20.0809 7360        MBR used
17:52:20.0809 7360        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
17:52:20.0809 7360        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
17:52:20.0932 7360        Initialize success
17:52:20.0932 7360        ============================================================
17:53:31.0776 2444        ============================================================
17:53:31.0776 2444        Scan started
17:53:31.0776 2444        Mode: Manual; SigCheck; TDLFS;
17:53:31.0776 2444        ============================================================
17:53:33.0957 2444        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:53:34.0254 2444        1394ohci - ok
17:53:34.0318 2444        Acceler        (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
17:53:34.0390 2444        Acceler - ok
17:53:34.0466 2444        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:53:34.0512 2444        ACPI - ok
17:53:34.0571 2444        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:53:34.0648 2444        AcpiPmi - ok
17:53:34.0749 2444        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:53:34.0787 2444        adp94xx - ok
17:53:34.0838 2444        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:53:34.0885 2444        adpahci - ok
17:53:34.0927 2444        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:53:34.0954 2444        adpu320 - ok
17:53:35.0056 2444        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:53:35.0129 2444        AFD - ok
17:53:35.0185 2444        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:53:35.0202 2444        agp440 - ok
17:53:35.0260 2444        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:53:35.0274 2444        aliide - ok
17:53:35.0399 2444        ALSysIO - ok
17:53:35.0444 2444        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:53:35.0456 2444        amdide - ok
17:53:35.0506 2444        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:53:35.0542 2444        AmdK8 - ok
17:53:35.0582 2444        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:53:35.0626 2444        AmdPPM - ok
17:53:35.0670 2444        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:53:35.0690 2444        amdsata - ok
17:53:35.0728 2444        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:53:35.0743 2444        amdsbs - ok
17:53:35.0774 2444        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:53:35.0784 2444        amdxata - ok
17:53:35.0847 2444        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:53:36.0029 2444        AppID - ok
17:53:36.0070 2444        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:53:36.0094 2444        arc - ok
17:53:36.0130 2444        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:53:36.0152 2444        arcsas - ok
17:53:36.0257 2444        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
17:53:36.0275 2444        aswFsBlk - ok
17:53:36.0356 2444        aswMonFlt      (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
17:53:36.0374 2444        aswMonFlt - ok
17:53:36.0403 2444        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
17:53:36.0421 2444        aswRdr - ok
17:53:36.0481 2444        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
17:53:36.0526 2444        aswSnx - ok
17:53:36.0565 2444        aswSP          (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
17:53:36.0581 2444        aswSP - ok
17:53:36.0610 2444        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
17:53:36.0628 2444        aswTdi - ok
17:53:36.0674 2444        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:53:36.0804 2444        AsyncMac - ok
17:53:36.0855 2444        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:53:36.0876 2444        atapi - ok
17:53:36.0984 2444        athur          (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys
17:53:37.0066 2444        athur - ok
17:53:37.0159 2444        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:53:37.0216 2444        b06bdrv - ok
17:53:37.0257 2444        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:53:37.0302 2444        b57nd60a - ok
17:53:37.0354 2444        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:53:37.0429 2444        Beep - ok
17:53:37.0482 2444        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:53:37.0520 2444        blbdrive - ok
17:53:37.0568 2444        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:53:37.0603 2444        bowser - ok
17:53:37.0637 2444        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:53:37.0681 2444        BrFiltLo - ok
17:53:37.0692 2444        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:53:37.0720 2444        BrFiltUp - ok
17:53:37.0798 2444        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:53:37.0859 2444        Brserid - ok
17:53:37.0872 2444        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:53:37.0909 2444        BrSerWdm - ok
17:53:37.0925 2444        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:53:37.0971 2444        BrUsbMdm - ok
17:53:37.0986 2444        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:53:38.0053 2444        BrUsbSer - ok
17:53:38.0071 2444        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:53:38.0088 2444        BTHMODEM - ok
17:53:38.0129 2444        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:53:38.0172 2444        cdfs - ok
17:53:38.0223 2444        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:53:38.0271 2444        cdrom - ok
17:53:38.0325 2444        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:53:38.0365 2444        circlass - ok
17:53:38.0406 2444        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:53:38.0436 2444        CLFS - ok
17:53:38.0479 2444        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:53:38.0516 2444        CmBatt - ok
17:53:38.0550 2444        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:53:38.0568 2444        cmdide - ok
17:53:38.0636 2444        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:53:38.0685 2444        CNG - ok
17:53:38.0742 2444        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:53:38.0766 2444        Compbatt - ok
17:53:38.0856 2444        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:53:38.0914 2444        CompositeBus - ok
17:53:39.0038 2444        cpuz130 - ok
17:53:39.0074 2444        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:53:39.0091 2444        crcdisk - ok
17:53:39.0143 2444        CtClsFlt        (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:53:39.0192 2444        CtClsFlt - ok
17:53:39.0260 2444        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:53:39.0353 2444        DfsC - ok
17:53:39.0404 2444        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:53:39.0456 2444        discache - ok
17:53:39.0482 2444        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:53:39.0494 2444        Disk - ok
17:53:39.0541 2444        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:53:39.0584 2444        drmkaud - ok
17:53:39.0653 2444        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:53:39.0676 2444        dtsoftbus01 - ok
17:53:39.0734 2444        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:53:39.0780 2444        DXGKrnl - ok
17:53:39.0885 2444        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:53:40.0006 2444        ebdrv - ok
17:53:40.0062 2444        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:53:40.0085 2444        elxstor - ok
17:53:40.0126 2444        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:53:40.0166 2444        ErrDev - ok
17:53:40.0252 2444        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:53:40.0317 2444        exfat - ok
17:53:40.0341 2444        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:53:40.0412 2444        fastfat - ok
17:53:40.0438 2444        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:53:40.0473 2444        fdc - ok
17:53:40.0504 2444        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:53:40.0517 2444        FileInfo - ok
17:53:40.0530 2444        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:53:40.0584 2444        Filetrace - ok
17:53:40.0621 2444        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:53:40.0640 2444        flpydisk - ok
17:53:40.0709 2444        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:53:40.0740 2444        FltMgr - ok
17:53:40.0824 2444        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:53:40.0844 2444        FsDepends - ok
17:53:40.0866 2444        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:53:40.0876 2444        Fs_Rec - ok
17:53:40.0948 2444        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:53:40.0979 2444        fvevol - ok
17:53:41.0010 2444        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:53:41.0031 2444        gagp30kx - ok
17:53:41.0108 2444        GPU-Z - ok
17:53:41.0152 2444        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:53:41.0169 2444        hamachi - ok
17:53:41.0196 2444        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:53:41.0223 2444        hcw85cir - ok
17:53:41.0267 2444        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:53:41.0301 2444        HdAudAddService - ok
17:53:41.0355 2444        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:53:41.0399 2444        HDAudBus - ok
17:53:41.0445 2444        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:53:41.0463 2444        HECIx64 - ok
17:53:41.0489 2444        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:53:41.0517 2444        HidBatt - ok
17:53:41.0541 2444        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:53:41.0589 2444        HidBth - ok
17:53:41.0634 2444        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:53:41.0678 2444        HidIr - ok
17:53:41.0747 2444        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:53:41.0782 2444        HidUsb - ok
17:53:41.0827 2444        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:53:41.0848 2444        HpSAMD - ok
17:53:41.0937 2444        HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
17:53:41.0954 2444        HssDrv - ok
17:53:42.0067 2444        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:53:42.0173 2444        HTTP - ok
17:53:42.0219 2444        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:53:42.0239 2444        hwpolicy - ok
17:53:42.0292 2444        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:53:42.0319 2444        i8042prt - ok
17:53:42.0362 2444        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
17:53:42.0378 2444        iaStor - ok
17:53:42.0441 2444        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:53:42.0469 2444        iaStorV - ok
17:53:42.0755 2444        igfx            (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:53:43.0069 2444        igfx - ok
17:53:43.0134 2444        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:53:43.0157 2444        iirsp - ok
17:53:43.0194 2444        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:53:43.0219 2444        Impcd - ok
17:53:43.0327 2444        IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
17:53:43.0433 2444        IntcAzAudAddService - ok
17:53:43.0493 2444        IntcDAud        (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:53:43.0549 2444        IntcDAud - ok
17:53:43.0613 2444        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:53:43.0635 2444        intelide - ok
17:53:43.0691 2444        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:53:43.0728 2444        intelppm - ok
17:53:43.0809 2444        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:53:43.0894 2444        IpFilterDriver - ok
17:53:43.0928 2444        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:53:43.0954 2444        IPMIDRV - ok
17:53:43.0981 2444        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:53:44.0041 2444        IPNAT - ok
17:53:44.0078 2444        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:53:44.0158 2444        IRENUM - ok
17:53:44.0227 2444        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:53:44.0239 2444        isapnp - ok
17:53:44.0272 2444        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:53:44.0290 2444        iScsiPrt - ok
17:53:44.0404 2444        ISODrive        (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
17:53:44.0426 2444        ISODrive - ok
17:53:44.0520 2444        Iviaspi        (cfe46dd772cc2e158ce8107416bee5c6) C:\Windows\system32\drivers\Iviaspi.sys
17:53:44.0537 2444        Iviaspi - ok
17:53:44.0604 2444        JMCR            (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys
17:53:44.0624 2444        JMCR - ok
17:53:44.0674 2444        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:53:44.0695 2444        kbdclass - ok
17:53:44.0749 2444        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:53:44.0798 2444        kbdhid - ok
17:53:44.0839 2444        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:53:44.0862 2444        KSecDD - ok
17:53:44.0935 2444        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:53:44.0957 2444        KSecPkg - ok
17:53:44.0988 2444        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:53:45.0061 2444        ksthunk - ok
17:53:45.0110 2444        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:53:45.0178 2444        lltdio - ok
17:53:45.0236 2444        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:53:45.0249 2444        LSI_FC - ok
17:53:45.0288 2444        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:53:45.0315 2444        LSI_SAS - ok
17:53:45.0333 2444        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:53:45.0345 2444        LSI_SAS2 - ok
17:53:45.0393 2444        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:53:45.0405 2444        LSI_SCSI - ok
17:53:45.0422 2444        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:53:45.0476 2444        luafv - ok
17:53:45.0540 2444        lvpepf64        (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
17:53:45.0556 2444        lvpepf64 - ok
17:53:45.0616 2444        LVRS64          (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
17:53:45.0666 2444        LVRS64 - ok
17:53:45.0732 2444        LVUSBS64        (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
17:53:45.0749 2444        LVUSBS64 - ok
17:53:45.0781 2444        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:53:45.0793 2444        megasas - ok
17:53:45.0823 2444        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:53:45.0839 2444        MegaSR - ok
17:53:45.0890 2444        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:53:45.0956 2444        Modem - ok
17:53:45.0991 2444        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:53:46.0032 2444        monitor - ok
17:53:46.0073 2444        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:53:46.0095 2444        mouclass - ok
17:53:46.0112 2444        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:53:46.0129 2444        mouhid - ok
17:53:46.0200 2444        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:53:46.0222 2444        mountmgr - ok
17:53:46.0271 2444        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:53:46.0297 2444        mpio - ok
17:53:46.0335 2444        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:53:46.0383 2444        mpsdrv - ok
17:53:46.0449 2444        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:53:46.0487 2444        MRxDAV - ok
17:53:46.0542 2444        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:53:46.0597 2444        mrxsmb - ok
17:53:46.0636 2444        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:53:46.0686 2444        mrxsmb10 - ok
17:53:46.0725 2444        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:53:46.0752 2444        mrxsmb20 - ok
17:53:46.0793 2444        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:53:46.0816 2444        msahci - ok
17:53:46.0864 2444        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:53:46.0890 2444        msdsm - ok
17:53:46.0928 2444        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:53:46.0967 2444        Msfs - ok
17:53:47.0024 2444        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:53:47.0075 2444        mshidkmdf - ok
17:53:47.0090 2444        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:53:47.0102 2444        msisadrv - ok
17:53:47.0136 2444        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:53:47.0195 2444        MSKSSRV - ok
17:53:47.0226 2444        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:53:47.0291 2444        MSPCLOCK - ok
17:53:47.0328 2444        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:53:47.0396 2444        MSPQM - ok
17:53:47.0469 2444        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:53:47.0523 2444        MsRPC - ok
17:53:47.0588 2444        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:53:47.0602 2444        mssmbios - ok
17:53:47.0657 2444        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:53:47.0726 2444        MSTEE - ok
17:53:47.0761 2444        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:53:47.0794 2444        MTConfig - ok
17:53:47.0844 2444        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:53:47.0856 2444        Mup - ok
17:53:47.0946 2444        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:53:48.0004 2444        NativeWifiP - ok
17:53:48.0080 2444        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:53:48.0138 2444        NDIS - ok
17:53:48.0173 2444        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:53:48.0243 2444        NdisCap - ok
17:53:48.0277 2444        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:53:48.0329 2444        NdisTapi - ok
17:53:48.0369 2444        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:53:48.0449 2444        Ndisuio - ok
17:53:48.0500 2444        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:53:48.0582 2444        NdisWan - ok
17:53:48.0736 2444        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:53:48.0854 2444        NDProxy - ok
17:53:48.0909 2444        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:53:48.0985 2444        NetBIOS - ok
17:53:49.0047 2444        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:53:49.0132 2444        NetBT - ok
17:53:49.0315 2444        NETw5s64        (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:53:49.0567 2444        NETw5s64 - ok
17:53:49.0654 2444        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:53:49.0676 2444        nfrd960 - ok
17:53:49.0718 2444        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:53:49.0769 2444        Npfs - ok
17:53:49.0810 2444        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:53:49.0876 2444        nsiproxy - ok
17:53:49.0968 2444        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:53:50.0044 2444        Ntfs - ok
17:53:50.0078 2444        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:53:50.0132 2444        Null - ok
17:53:50.0207 2444        nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:53:50.0250 2444        nusb3hub - ok
17:53:50.0320 2444        nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:53:50.0373 2444        nusb3xhc - ok
17:53:50.0402 2444        NVHDA          (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
17:53:50.0421 2444        NVHDA - ok
17:53:50.0679 2444        nvlddmkm        (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:53:51.0122 2444        nvlddmkm - ok
17:53:51.0144 2444        nvpciflt        (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:53:51.0153 2444        nvpciflt - ok
17:53:51.0188 2444        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:53:51.0214 2444        nvraid - ok
17:53:51.0237 2444        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:53:51.0250 2444        nvstor - ok
17:53:51.0320 2444        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:53:51.0344 2444        nv_agp - ok
17:53:51.0393 2444        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:53:51.0427 2444        ohci1394 - ok
17:53:51.0491 2444        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:53:51.0519 2444        Parport - ok
17:53:51.0555 2444        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:53:51.0579 2444        partmgr - ok
17:53:51.0626 2444        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:53:51.0653 2444        pci - ok
17:53:51.0690 2444        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:53:51.0710 2444        pciide - ok
17:53:51.0734 2444        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:53:51.0760 2444        pcmcia - ok
17:53:51.0781 2444        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:53:51.0797 2444        pcw - ok
17:53:51.0826 2444        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:53:51.0903 2444        PEAUTH - ok
17:53:52.0026 2444        PID_PEPI        (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
17:53:52.0122 2444        PID_PEPI - ok
17:53:52.0191 2444        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:53:52.0260 2444        PptpMiniport - ok
17:53:52.0278 2444        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:53:52.0327 2444        Processor - ok
17:53:52.0377 2444        PROCEXP151 - ok
17:53:52.0424 2444        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:53:52.0474 2444        Psched - ok
17:53:52.0534 2444        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:53:52.0551 2444        PxHlpa64 - ok
17:53:52.0585 2444        qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
17:53:52.0599 2444        qicflt - ok
17:53:52.0669 2444        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:53:52.0740 2444        ql2300 - ok
17:53:52.0774 2444        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:53:52.0789 2444        ql40xx - ok
17:53:52.0814 2444        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:53:52.0869 2444        QWAVEdrv - ok
17:53:52.0901 2444        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:53:52.0954 2444        RasAcd - ok
17:53:52.0994 2444        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:53:53.0069 2444        RasAgileVpn - ok
17:53:53.0110 2444        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:53:53.0170 2444        Rasl2tp - ok
17:53:53.0204 2444        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:53:53.0281 2444        RasPppoe - ok
17:53:53.0317 2444        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:53:53.0376 2444        RasSstp - ok
17:53:53.0425 2444        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:53:53.0486 2444        rdbss - ok
17:53:53.0517 2444        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:53:53.0548 2444        rdpbus - ok
17:53:53.0582 2444        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:53:53.0645 2444        RDPCDD - ok
17:53:53.0663 2444        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:53:53.0718 2444        RDPENCDD - ok
17:53:53.0750 2444        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:53:53.0791 2444        RDPREFMP - ok
17:53:53.0839 2444        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:53:53.0888 2444        RDPWD - ok
17:53:53.0925 2444        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:53:53.0941 2444        rdyboost - ok
17:53:53.0986 2444        regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
17:53:54.0003 2444        regi - ok
17:53:54.0136 2444        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:53:54.0208 2444        rspndr - ok
17:53:54.0260 2444        RTL8167        (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:53:54.0277 2444        RTL8167 - ok
17:53:54.0309 2444        SANDRA - ok
17:53:54.0358 2444        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:53:54.0379 2444        sbp2port - ok
17:53:54.0422 2444        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:53:54.0504 2444        scfilter - ok
17:53:54.0555 2444        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:53:54.0599 2444        sdbus - ok
17:53:54.0649 2444        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:53:54.0705 2444        secdrv - ok
17:53:54.0773 2444        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:53:54.0811 2444        Serenum - ok
17:53:54.0833 2444        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:53:54.0861 2444        Serial - ok
17:53:54.0924 2444        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:53:54.0970 2444        sermouse - ok
17:53:55.0028 2444        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:53:55.0057 2444        sffdisk - ok
17:53:55.0106 2444        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:53:55.0131 2444        sffp_mmc - ok
17:53:55.0174 2444        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:53:55.0216 2444        sffp_sd - ok
17:53:55.0271 2444        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:53:55.0319 2444        sfloppy - ok
17:53:55.0367 2444        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:53:55.0389 2444        SiSRaid2 - ok
17:53:55.0414 2444        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:53:55.0427 2444        SiSRaid4 - ok
17:53:55.0459 2444        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:53:55.0530 2444        Smb - ok
17:53:55.0565 2444        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:53:55.0583 2444        spldr - ok
17:53:55.0637 2444        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:53:55.0664 2444        srv - ok
17:53:55.0694 2444        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:53:55.0739 2444        srv2 - ok
17:53:55.0765 2444        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:53:55.0791 2444        srvnet - ok
17:53:55.0843 2444        sscdbus        (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
17:53:55.0857 2444        sscdbus - ok
17:53:55.0903 2444        sscdmdfl        (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:53:55.0915 2444        sscdmdfl - ok
17:53:55.0968 2444        sscdmdm        (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
17:53:55.0986 2444        sscdmdm - ok
17:53:56.0041 2444        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
17:53:56.0050 2444        stdcfltn - ok
17:53:56.0122 2444        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:53:56.0137 2444        stexstor - ok
17:53:56.0232 2444        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:53:56.0258 2444        swenum - ok
17:53:56.0346 2444        SynasUSB        (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
17:53:56.0356 2444        SynasUSB - ok
17:53:56.0468 2444        SynTP          (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
17:53:56.0540 2444        SynTP - ok
17:53:56.0592 2444        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
17:53:56.0607 2444        taphss - ok
17:53:56.0703 2444        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:53:56.0800 2444        Tcpip - ok
17:53:56.0860 2444        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:53:56.0916 2444        TCPIP6 - ok
17:53:56.0987 2444        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:53:57.0086 2444        tcpipreg - ok
17:53:57.0122 2444        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:53:57.0169 2444        TDPIPE - ok
17:53:57.0182 2444        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:53:57.0219 2444        TDTCP - ok
17:53:57.0281 2444        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:53:57.0334 2444        tdx - ok
17:53:57.0444 2444        teamviewervpn  (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
17:53:57.0455 2444        teamviewervpn - ok
17:53:57.0491 2444        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:53:57.0516 2444        TermDD - ok
17:53:57.0572 2444        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
17:53:57.0582 2444        TFsExDisk - ok
17:53:57.0647 2444        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:53:57.0694 2444        tssecsrv - ok
17:53:57.0764 2444        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:53:57.0786 2444        TsUsbFlt - ok
17:53:57.0848 2444        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:53:57.0937 2444        tunnel - ok
17:53:58.0008 2444        TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
17:53:58.0025 2444        TurboB - ok
17:53:58.0071 2444        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:53:58.0098 2444        uagp35 - ok
17:53:58.0141 2444        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:53:58.0224 2444        udfs - ok
17:53:58.0274 2444        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:53:58.0297 2444        uliagpkx - ok
17:53:58.0339 2444        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:53:58.0365 2444        umbus - ok
17:53:58.0386 2444        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:53:58.0411 2444        UmPass - ok
17:53:58.0469 2444        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:53:58.0527 2444        usbaudio - ok
17:53:58.0569 2444        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:53:58.0594 2444        usbccgp - ok
17:53:58.0643 2444        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:53:58.0692 2444        usbcir - ok
17:53:58.0715 2444        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:53:58.0745 2444        usbehci - ok
17:53:58.0773 2444        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:53:58.0806 2444        usbhub - ok
17:53:58.0860 2444        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:53:58.0901 2444        usbohci - ok
17:53:58.0946 2444        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:53:58.0986 2444        usbprint - ok
17:53:59.0098 2444        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:53:59.0161 2444        usbscan - ok
17:53:59.0211 2444        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:53:59.0248 2444        USBSTOR - ok
17:53:59.0282 2444        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:53:59.0310 2444        usbuhci - ok
17:53:59.0373 2444        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:53:59.0413 2444        usbvideo - ok
17:53:59.0461 2444        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:53:59.0473 2444        vdrvroot - ok
17:53:59.0518 2444        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:53:59.0548 2444        vga - ok
17:53:59.0568 2444        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:53:59.0624 2444        VgaSave - ok
17:53:59.0667 2444        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:53:59.0683 2444        vhdmp - ok
17:53:59.0744 2444        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:53:59.0767 2444        viaide - ok
17:53:59.0797 2444        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:53:59.0817 2444        volmgr - ok
17:53:59.0874 2444        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:53:59.0901 2444        volmgrx - ok
17:53:59.0931 2444        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:53:59.0948 2444        volsnap - ok
17:53:59.0983 2444        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:53:59.0997 2444        vsmraid - ok
17:54:00.0037 2444        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:00.0079 2444        vwifibus - ok
17:54:00.0130 2444        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:00.0167 2444        vwififlt - ok
17:54:00.0204 2444        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:54:00.0224 2444        vwifimp - ok
17:54:00.0245 2444        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:54:00.0274 2444        WacomPen - ok
17:54:00.0336 2444        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:00.0395 2444        WANARP - ok
17:54:00.0408 2444        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:00.0446 2444        Wanarpv6 - ok
17:54:00.0481 2444        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:54:00.0493 2444        Wd - ok
17:54:00.0524 2444        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:54:00.0558 2444        Wdf01000 - ok
17:54:00.0594 2444        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:00.0631 2444        WfpLwf - ok
17:54:00.0666 2444        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:54:00.0680 2444        WimFltr - ok
17:54:00.0703 2444        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:54:00.0715 2444        WIMMount - ok
17:54:00.0782 2444        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:00.0809 2444        WinUsb - ok
17:54:00.0880 2444        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:54:00.0896 2444        WmiAcpi - ok
17:54:00.0950 2444        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:54:01.0013 2444        ws2ifsl - ok
17:54:01.0067 2444        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:54:01.0123 2444        WudfPf - ok
17:54:01.0147 2444        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:01.0190 2444        WUDFRd - ok
17:54:01.0281 2444        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:54:01.0655 2444        \Device\Harddisk0\DR0 - ok
17:54:01.0660 2444        Boot (0x1200)  (99f9837437d34b6b5d1b4f0f9ffadfc4) \Device\Harddisk0\DR0\Partition0
17:54:01.0662 2444        \Device\Harddisk0\DR0\Partition0 - ok
17:54:01.0696 2444        Boot (0x1200)  (03ed0fe4860f185857e58aa50e90c3ae) \Device\Harddisk0\DR0\Partition1
17:54:01.0711 2444        \Device\Harddisk0\DR0\Partition1 - ok
17:54:01.0712 2444        ============================================================
17:54:01.0712 2444        Scan finished
17:54:01.0712 2444        ============================================================
17:54:01.0730 7956        Detected object count: 0
17:54:01.0730 7956        Actual detected object count: 0

Chris4You 18.02.2012 18:22
Hi,

das gefällt mir nicht...


Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\Daniel\AppData\Roaming\Mav\ahqiak.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{93F80FDE-18D6-7D57-2AA3-63B54B6DDB5B}] C:\Users\Daniel\AppData\Roaming\Mav\ahqiak.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
@Alternate Data Stream - 972 bytes -> C:\ProgramData\Microsoft:D3UKthXYh5vxmW0mPrNUJSv8SDMHMn
@Alternate Data Stream - 16 bytes -> C:\Users\Daniel\Downloads:Shareaza.GUID
@Alternate Data Stream - 1132 bytes -> C:\Users\Daniel\AppData\Local\uer4TD8i6Y68fch:Kq3LrH0mbokdpqfbhgv1
@Alternate Data Stream - 1066 bytes -> C:\ProgramData\Microsoft:fy0BhQb7mTN9N7sxKOwkbFEzgU9L00
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:YF1SgqveABNIz9OQOVcikL

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

DaniSahne 18.02.2012 19:37
So, hier das Ergebnis von Virustotal:

Code:

SHA256:
7e3bf28fca97a9abfd37873868b620a3de1cbee43edc4e8f762745fd469c266d

SHA1:
715dea9f0d2041b8e3a7107a66908c6540fdb9c3

MD5:
b5c25271f45f0bd97b458cd59a2ef1df

File size:
168.1 KB ( 172095 bytes )

File name:
ahqiak.exe

File type:
Win32 EXE

Detection ratio:
2 / 43

Analysis date:
 2012-02-18 18:18:29 UTC ( 2 Minuten ago )

Antivirus        Result        Update
AhnLab-V3        -        20120216
AntiVir        -        20120217
Antiy-AVL        -        20120213
Avast        -        20120218
AVG        -        20120218
BitDefender        -        20120218
ByteHero        -        20120218
CAT-QuickHeal        -        20120218
ClamAV        -        20120218
Commtouch        -        20120218
Comodo        -        20120217
DrWeb        -        20120218
Emsisoft        -        20120218
eSafe        -        20120216
eTrust-Vet        -        20120217
F-Prot        -        20120218
F-Secure        -        20120218
Fortinet        -        20120218
GData        -        20120218
Ikarus        -        20120218
Jiangmin        -        20120218
K7AntiVirus        -        20120217
Kaspersky        Trojan-Dropper.Win32.Injector.csul        20120218
McAfee        -        20120218
McAfee-GW-Edition        -        20120217
Microsoft        -        20120218
NOD32        Win32/Spy.Zbot.YW        20120218
Norman        -        20120218
nProtect        -        20120218
Panda        -        20120218
PCTools        -        20120217
Prevx        -        20120218
Rising        -        20120217
Sophos        -        20120218
SUPERAntiSpyware        -        20120206
Symantec        -        20120218
TheHacker        -        20120218
TrendMicro        -        20120218
TrendMicro-HouseCall        -        20120218
VBA32        -        20120217
VIPRE        -        20120218
ViRobot        -        20120218
VirusBuster        -        20120218





ssdeep
 3072:QxiVnI3ffXWp9ozlnAxntGkAR5PHuT+s8LCRiLojc7ufN55ETYC4NWCq3zjsGp:2iRMffGwxItEHPHznLxo55E4NSzjnp



TrID
 Win32 Executable Generic (42.3%)
 Win32 Dynamic Link Library (generic) (37.6%)
 Generic Win/DOS Executable (9.9%)
 DOS Executable Generic (9.9%)
 Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
 



ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2012:02:12 16:45:14+01:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 28672
LinkerVersion............: 6.0
EntryPoint...............: 0x7424
InitializedDataSize......: 794624
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 0
 



Portable Executable structural information
PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096        26260    28672    6.34  2d0415d4e2f89472c5f2b99a6f419d15
.rdata                32768        77378    77824    7.26  6583ced02ef320fa057a568c747ab487
.data                110592        713884    61440    7.88  be7395f6d5256c1550f3403d9d2ef6ca

PE Imports....................:

mgmtapi.dll
        SnmpMgrGetTrap, SnmpMgrOpen, SnmpMgrClose, SnmpMgrCtl, SnmpMgrRequest

KERNEL32.dll
        GetStartupInfoA, GetModuleHandleA, lstrcmpA, GetComputerNameA, SetTapePosition, GlobalFree, GlobalAlloc, MulDiv, MoveFileExA, GetCurrentProcessId, GetFileTime, GetDiskFreeSpaceA, DeviceIoControl, GetCurrentProcess, Sleep, FreeLibrary, LoadLibraryA, GetProcAddress, CreatePipe

MSVCRT.dll
        _controlfp, __dllonexit, _onexit, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _strdup, malloc

MPRAPI.dll
        MprConfigServerGetInfo, MprConfigInterfaceTransportGetInfo, MprConfigInterfaceTransportGetHandle, MprConfigInterfaceTransportEnum, MprConfigInterfaceTransportAdd, MprConfigInterfaceSetInfo, MprConfigInterfaceGetInfo, MprConfigInterfaceGetHandle, MprAdminUserSetInfo, MprAdminUserGetInfo, MprAdminTransportSetInfo, MprAdminTransportGetInfo, MprAdminTransportCreate, MprAdminPortReset, MprAdminPortGetInfo, MprAdminPortEnum, MprConfigServerInstall, MprAdminPortClearStats, MprAdminMIBServerDisconnect, MprAdminMIBBufferFree, MprAdminIsServiceRunning, MprAdminIsDomainRasServer, MprAdminInterfaceUpdateRoutes, MprAdminInterfaceUpdatePhonebookInfo, MprAdminInterfaceTransportSetInfo, MprAdminInterfaceTransportRemove, MprAdminInterfaceTransportGetInfo, MprAdminInterfaceGetInfo, MprAdminInterfaceGetHandle, MprAdminInterfaceGetCredentialsEx, MprAdminInterfaceGetCredentials, MprAdminInterfaceEnum, MprAdminInterfaceDisconnect, MprAdminDeregisterConnectionNotification, MprAdminConnectionGetInfo, MprAdminConnectionEnum, MprAdminConnectionClearStats, MprAdminBufferFree, MprConfigServerRefresh, MprConfigServerRestore, MprConfigTransportCreate, MprConfigTransportDelete, MprConfigTransportEnum, MprConfigTransportGetHandle, MprConfigTransportGetInfo, MprConfigTransportSetInfo, MprInfoBlockAdd, MprInfoBlockFind, MprInfoDelete, MprInfoDuplicate, MprInfoRemoveAll, MprAdminPortDisconnect



First seen by VirusTotal
 2012-02-18 18:18:29 UTC ( 1 Minute ago )



Last seen by VirusTotal
 2012-02-18 18:18:29 UTC ( 1 Minute ago )

DaniSahne 18.02.2012 20:24
Leider hat mir OTL keine Results angezeigt, da ja in diesem Fix-Code ein Neustart integriert war... Nach dem Neustart wurde das Programm auch nicht mehr geöffnet.

Weder im Windows Ordner, noch unter: C:\_OTL\Moved Files ist eine txt-datei mit der Fix-Log zu finden.
Lasse jetzt Malwarebytes drüber laufen..

DaniSahne 18.02.2012 22:29
Hier der Bericht von Malwarebytes AntiMalware:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [Administrator]

18.02.2012 21:01:56
mbam-log-2012-02-18 (21-01-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492571
Laufzeit: 1 Stunde(n), 24 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Chris4You 19.02.2012 17:30
Hi,

da lief was falsch, wahrscheinlich hast Du einen Tropper auf Deinem Rechner...

Bist Du genau der Anweisung für den Fix gefolgt (in das Fix-Fenster kopiert, dann "Run-Fixes"?

Wieder hole das noch mal im abgesicherten Modus...

Wenn das nicht geht, bitte ein neues OTL-Log erstellen und posten!

MAM findet nichts, daher cureit:
Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

DaniSahne 19.02.2012 18:32
OK, das is merkwürdig... bei dem Fix-Versuch von OTL gestern ist ja anscheinend irgendwas schief gelaufen....die Datei ahqiak.exe wurde dabei wohl samt Ordnerstruktur in den Ordner C:\_OTL\Moved Files verschoben....
Demensprechend konnte OTL es jetzt beim 2. Versuch im abgesicherten Modus nicht löschen...Hier trotzdem die Log:

Code:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{93F80FDE-18D6-7D57-2AA3-63B54B6DDB5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93F80FDE-18D6-7D57-2AA3-63B54B6DDB5B}\ not found.
File C:\Users\Daniel\AppData\Roaming\Mav\ahqiak.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Unable to delete ADS C:\ProgramData\Microsoft:D3UKthXYh5vxmW0mPrNUJSv8SDMHMn .
Unable to delete ADS C:\Users\Daniel\Downloads:Shareaza.GUID .
Unable to delete ADS C:\Users\Daniel\AppData\Local\uer4TD8i6Y68fch:Kq3LrH0mbokdpqfbhgv1 .
Unable to delete ADS C:\ProgramData\Microsoft:fy0BhQb7mTN9N7sxKOwkbFEzgU9L00 .
Unable to delete ADS C:\ProgramData\Microsoft:YF1SgqveABNIz9OQOVcikL .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Daniel
->Temp folder emptied: 32275060 bytes
->Temporary Internet Files folder emptied: 363265412 bytes
->Java cache emptied: 6190844 bytes
->FireFox cache emptied: 23880007 bytes
->Flash cache emptied: 2785798 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: HP_Besitzer
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17619592 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 426,00 mb
 
 
OTL by OldTimer - Version 3.2.32.0 log created on 02192012_182127

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
lasse jetzt cureit drüber scannen...

Chris4You 19.02.2012 19:24
Hm,

es sieht tatsächlich so aus, als ob OTL sie noch erwischt hat...
Bin gespannt was Cureit von sich gibt...

chris

DaniSahne 19.02.2012 19:58
Muss der Scan mit CureIt zwingend im abgesicherten Modus erfolgen ?

Chris4You 19.02.2012 21:12
Hi,

nein...

chris

DaniSahne 20.02.2012 17:53
Da der Scan anscheinend ca. 7 Stunden dauert, wirds noch en paar Tage dauern bis ich den Scan komplett durchführen kann und das Ergebnis posten kann...

Chris4You 21.02.2012 09:01
Hi,

ok...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131