lvvm.exe und div. andere Trojaner legen Laptop lahm

Hoschi2k · 24.11.2011, 11:29

Hallo,
ich bin der Oli und hab da ein Problem.
Eine Freundin hat mir ihren Laptop (Win Vista) gebracht da dieser plötzlich furchtbar langsam wurde. Sie schreibt in einer Woche irgendwelche Prüfungen und dafür braucht sie ihn. Deswegen kann ich ihn auch nicht so einfach neu aufsetzten.
Ich habe dann festgestellt das kein Antivirenprogramm installiert war.
Auch war keine Verbindung mit dem Internet mehr möglich (hab ich behoben durch die Proxy Löschung)
Dann habe ich mir die Tasks mal angeschaut und dort einige Unregelmäßigkeiten festgestellt.(doppelte Tasks/falsch geschriebene Wintasks/ und unter anderem lvvm.exe)
Also habe ich erst mal versucht Avira zu installieren, mehr schlecht als recht.
Die Installation lief zwar durch aber am Ende kam nicht der obligatorische Update versuch und der Systemscan wurde auch nicht gemacht.
Als ich dann Neustarten wollte kam dieses BKA-Warnung-Dingsda!
Nichts ging mehr. Nach einem Kill/Start-Manöver war das allerdings weg.
Aber Avira und Windows Updates gehen immer noch nicht.
Ich habe jetzt defogger otl und GMER laufen lassen.
Hoffe ihr könnt mir helfen.
Mit bestem Dank im voraus

markusg · 24.11.2011, 12:29

hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
F3 - HKCU WinNT: Load - (C:\Users\Alina\AppData\Roaming\9B929\lvvm.exe) -C:\Users\Alina\AppData\Roaming\9B929\lvvm.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\Alina\AppData\Roaming\6619B\F53D4.exe) -C:\Users\Alina\AppData\Roaming\6619B\F53D4.exe ()
[2011.11.24 08:10:49 | 000,000,000 | ---D | C] -- C:\Users\Alina\AppData\Roaming\9B929
[2011.11.24 08:09:26 | 000,000,000 | ---D | C] -- C:\Users\Alina\AppData\Roaming\6619B
[2011.11.23 16:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\9B929
[2011.11.17 08:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.16 21:03:40 | 000,000,000 | RHSD | C] -- C:\Users\Alina\50-8270-5705-5150
:Files
C:\Users\Alina\AppData\Roaming\9B929
C:\Users\Alina\AppData\Roaming\6619B
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html

Hoschi2k · 24.11.2011, 13:13

! C:\_OTL\MovedFiles.rar: Konnte C:\_OTL\MovedFiles\11242011_123841\C_Program Files\9B929\lvvm.exe nicht öffnen.
Zugriff verweigert

kam beim packen von MovedFiles.rar

Zitat:

========== OTL ==========
File \Users\Alina\AppData\Roaming\9B929\lvvm.exe) -C:\Users\Alina\AppData\Roaming\9B929\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Alina\AppData\Roaming\9B929\lvvm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Alina\AppData\Roaming\6619B\F53D4.exe deleted successfully.
File \Users\Alina\AppData\Roaming\6619B\F53D4.exe) -C:\Users\Alina\AppData\Roaming\6619B\F53D4.exe not found.
Folder move failed. C:\Users\Alina\AppData\Roaming\9B929 scheduled to be moved on reboot.
Folder move failed. C:\Users\Alina\AppData\Roaming\6619B scheduled to be moved on reboot.
Folder C:\Program Files\9B929\ not found.
Folder C:\Program Files\LP\ not found.
Folder C:\Users\Alina\50-8270-5705-5150\ not found.
========== FILES ==========
Folder move failed. C:\Users\Alina\AppData\Roaming\9B929 scheduled to be moved on reboot.
Folder move failed. C:\Users\Alina\AppData\Roaming\6619B scheduled to be moved on reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11242011_125913

Files\Folders moved on Reboot...
C:\Users\Alina\AppData\Roaming\9B929 folder moved successfully.
C:\Users\Alina\AppData\Roaming\6619B folder moved successfully.

Registry entries deleted on Reboot...

markusg · 24.11.2011, 13:33

hi danke für den upload.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Hoschi2k · 24.11.2011, 14:10

Erstmal vielen Danke für die schnelle Hilfe hier. Das iss mal krasser Service.

Ich musste nach dem ComboFix fertig war den Laptop neustarten da weder Mozilla noch IE funktionierten.

So wie gewünscht...

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-23.03 - Alina 24.11.2011  13:42:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3038.1844 [GMT 1:00]
ausgeführt von:: c:\users\Alina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\hasdfkasif.exe\hasdfkasif.exe
c:\users\Alina\AppData\Roaming\6619B
c:\users\Alina\AppData\Roaming\6619B\B929.619
c:\users\Alina\AppData\Roaming\6619B\F53D4.exe
c:\users\Alina\AppData\Roaming\chrtmp
c:\users\Alina\AppData\Roaming\Firefox.exe
c:\users\Alina\AppData\Roaming\Microsoft\D496\DBA.exe
c:\users\Alina\AppData\Roaming\wmplayer.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-24 bis 2011-11-24  ))))))))))))))))))))))))))))))
.
.
2011-11-24 12:49 . 2011-11-24 12:53	--------	d-----w-	c:\users\Alina\AppData\Local\temp
2011-11-24 12:49 . 2011-11-24 12:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-24 12:07 . 2011-11-24 12:08	--------	d-----w-	c:\users\Alina\AppData\Roaming\9B929
2011-11-24 12:07 . 2011-11-24 12:07	99840	----a-w-	c:\users\Alina\AppData\Roaming\Microsoft\D496\FBAD.tmp
2011-11-24 11:46 . 2011-11-24 11:46	99840	----a-w-	c:\users\Alina\AppData\Roaming\Microsoft\D496\E63A.tmp
2011-11-24 11:38 . 2011-11-24 12:10	--------	d-----w-	C:\_OTL
2011-11-24 07:29 . 2011-11-24 07:29	--------	d-----w-	c:\users\Alina\AppData\Roaming\QuickScan
2011-11-24 07:09 . 2011-11-24 07:09	99840	----a-w-	c:\users\Alina\AppData\Roaming\Microsoft\D496\96C2.tmp
2011-11-23 16:15 . 2011-11-23 16:15	--------	d-----w-	c:\users\Alina\AppData\Roaming\Avira
2011-11-23 16:03 . 2011-10-18 00:28	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63E89EF8-36A5-4586-8AF1-9EF2E2AD032C}\mpengine.dll
2011-11-23 16:03 . 2011-05-24 17:14	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-23 16:00 . 2011-10-19 15:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-23 16:00 . 2011-10-19 15:56	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-23 16:00 . 2011-10-19 15:56	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-23 16:00 . 2011-11-23 16:00	--------	d-----w-	c:\programdata\Avira
2011-11-23 16:00 . 2011-11-23 16:00	--------	d-----w-	c:\program files\Avira
2011-11-23 15:52 . 2011-11-23 15:52	--------	d-----w-	c:\windows\PIF
2011-11-23 15:25 . 2011-11-23 15:25	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-23 15:25 . 2011-11-23 15:25	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-23 15:25 . 2011-11-23 15:25	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-23 15:25 . 2011-11-23 15:25	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-11-23 15:25 . 2011-11-23 15:25	801752	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-23 15:25 . 2011-11-23 15:25	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-23 15:25 . 2011-11-23 15:25	1989592	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-11-23 15:25 . 2011-11-23 15:25	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-23 15:22 . 2011-11-23 15:25	719832	----a-w-	c:\program files\Mozilla Firefox\mozcpp19.dll
2011-11-23 15:22 . 2011-11-23 15:25	16856	----a-w-	c:\program files\Mozilla Firefox\plugin-container.exe
2011-11-17 09:42 . 2011-11-17 09:57	--------	d-----w-	c:\users\Alina\AppData\Roaming\T-Mobile Internet Manager
2011-11-17 09:40 . 2009-10-20 17:47	112640	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2011-11-17 09:40 . 2009-10-12 14:22	101120	----a-w-	c:\windows\system32\drivers\ewusbdev.sys
2011-11-17 09:40 . 2009-09-10 13:55	102912	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2011-11-17 09:40 . 2007-08-09 03:06	23424	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2011-11-17 09:40 . 2011-11-17 09:40	--------	d-----w-	c:\users\Alina\AppData\Roaming\T-Mobile
2011-11-17 09:40 . 2008-10-09 12:52	294912	----a-w-	c:\windows\system32\bminstall.dll
2011-11-17 09:40 . 2008-10-09 12:51	126976	----a-w-	c:\windows\system32\bmdumpd.bin
2011-11-17 09:40 . 2008-10-09 12:50	22528	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2011-11-17 09:40 . 2008-10-09 12:50	18816	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2011-11-17 09:40 . 2008-02-11 16:05	8464	----a-w-	c:\windows\system32\sporder.dll
2011-11-17 09:40 . 2008-02-11 16:05	719360	----a-w-	c:\windows\system32\bmutil.dll
2011-11-17 09:39 . 2011-11-17 09:39	--------	d-----w-	c:\program files\T-Mobile
2011-11-10 11:19 . 2011-11-10 13:49	--------	d-----w-	c:\users\Alina\AppData\Roaming\SAP
2011-11-10 11:18 . 2010-02-26 04:02	946176	----a-w-	c:\windows\system32\icuuc34.dll
2011-11-10 11:18 . 2010-03-16 02:05	4813824	----a-w-	c:\windows\system32\librfc32u.dll
2011-11-10 11:16 . 2011-11-10 13:47	--------	d-----w-	c:\users\Alina\AppData\Local\SAP
2011-11-10 11:16 . 1999-05-07 11:24	209408	----a-w-	c:\windows\system32\tabctl32.ocx
2011-11-10 11:16 . 1999-05-07 11:24	438800	----a-w-	c:\windows\system32\mshflxgd.ocx
2011-11-10 11:16 . 1999-05-07 11:24	244232	----a-w-	c:\windows\system32\msflxgrd.ocx
2011-11-10 11:16 . 1998-06-24 09:57	67376	----a-w-	c:\windows\system32\sysinfo.ocx
2011-11-10 11:16 . 1999-05-07 11:24	262152	----a-w-	c:\windows\system32\msdatgrd.ocx
2011-11-10 11:16 . 2000-05-22 15:58	203976	----a-w-	c:\windows\system32\richtx32.ocx
2011-11-10 11:16 . 1998-06-26 19:22	94744	----a-w-	c:\windows\system32\grid32.ocx
2011-11-10 11:16 . 1998-06-18 04:49	153600	----a-w-	c:\windows\system32\tlbinf32.dll
2011-11-10 11:16 . 1999-04-29 11:04	1355776	----a-w-	c:\windows\system32\msvbvm50.dll
2011-11-10 11:16 . 1995-05-19 07:15	133904	----a-w-	c:\windows\system32\mfcans32.dll
2011-11-10 11:15 . 2011-11-10 11:16	--------	d-----w-	c:\program files\SAP
2011-11-08 16:51 . 2011-11-23 18:57	--------	d-sh--r-	c:\users\Alina\M-1-52-5782-8752-5245
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 15:25 . 2011-11-23 15:25	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-07 11:14 . 2010-07-07 11:14	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-05-22 26112]
"DocCreatorClient"="c:\program files\Global Graphics\gDoc\DocCreatorClient.exe" [2009-11-24 292248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-11-17 253952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-07 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 DCMessages;DCMessages;c:\windows\System32\DCMessages.exe [2009-11-24 99720]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{80F93F21-F4C3-4009-A3A0-903D5D0B5F68}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyServer = http=127.0.0.1:61455
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\tfpkrk08.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://plasmoo.com/result.htm?q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61455
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKCU-Run-hasdfkasif.exe - c:\hasdfkasif.exe\hasdfkasif.exe
HKCU-Run-DBA.exe - c:\users\Alina\AppData\Roaming\Microsoft\D496\DBA.exe
HKLM-Run-DBA.exe - c:\program files\LP\D496\DBA.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?mp?CE\Co)??#t?????*???*?/??$}???(?2?????????????????????W??]{????:*???*?am Files\T-Mobile\T-Mobile Internet Manager\????c:\users????v???c:\Program Files\T-Mobile\T-Mobile Internet Mana 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\Alina\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\LogonUI.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-24  14:00:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-24 12:59
.
Vor Suchlauf: 11 Verzeichnis(se), 214.225.743.872 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 214.516.912.128 Bytes frei
.
- - End Of File - - F8C02249181A6B0B904677CEB85DC840

--- --- ---

markusg · 24.11.2011, 14:19

hi, kannst du mal c:\qoobox öffnen und quarantain packen, und dann das archiv ebenfalls im upload channel hochladen bitte?

Hoschi2k · 24.11.2011, 14:23

Beim packen kam das

Zitat:

! C:\Qoobox\Quarantine.rar: Konnte C:\Qoobox\Quarantine\C\Users\Alina\AppData\Roaming\Firefox.exe.vir nicht öffnen.
Zugriff verweigert
! C:\Qoobox\Quarantine.rar: Konnte C:\Qoobox\Quarantine\C\Users\Alina\AppData\Roaming\Microsoft\D496\DBA.exe.vir nicht öffnen.
Zugriff verweigert
! C:\Qoobox\Quarantine.rar: Konnte C:\Qoobox\Quarantine\C\Users\Alina\AppData\Roaming\wmplayer.exe.vir nicht öffnen.
Zugriff verweigert

markusg · 24.11.2011, 14:31

danke für info und upload.

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hoschi2k · 24.11.2011, 16:43

So da iss er

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8231

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.11.2011 16:42:30
mbam-log-2011-11-24 (16-42-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Durchsuchte Objekte: 307714
Laufzeit: 2 Stunde(n), 1 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Alina\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\Alina\AppData\Roaming\firefox.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Alina\AppData\Roaming\wmplayer.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Alina\AppData\Roaming\6619B\f53d4.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Alina\AppData\Roaming\microsoft\D496\dba.exe.vir (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Alina\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1\339e0381-48390196 (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
c:\Users\Alina\AppData\Roaming\9B929\lvvm.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Alina\AppData\Roaming\microsoft\D496\96C2.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Alina\AppData\Roaming\microsoft\D496\E63A.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\Alina\AppData\Roaming\microsoft\D496\FBAD.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11242011_123841\c_program files\9B929\lvvm.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11242011_125913\C_Users\Alina\AppData\Roaming\6619B\F53D4.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\11242011_125913\C_Users\Alina\AppData\Roaming\9B929\lvvm.exe (Malware.Packer) -> Quarantined and deleted successfully.

markusg · 24.11.2011, 16:52

start programme zubehör editor reinkopieren:
killall::
Folder::
c:\Users\Alina\AppData\Roaming\microsoft\D496
c:\Users\Alina\AppData\Roaming\9B929
c:\Users\Alina\AppData\Roaming\microsoft\D496

datei speichern unter,
ort dort wo sich combofix.exe befindet.
typ, alle dateien, name
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten.

Hoschi2k · 24.11.2011, 18:51

So bitte sehr
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-23.03 - Alina 24.11.2011  17:55:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3038.1985 [GMT 1:00]
ausgeführt von:: c:\users\Alina\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Alina\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alina\AppData\Roaming\9B929
c:\users\Alina\AppData\Roaming\microsoft\D496
c:\users\Alina\AppData\Roaming\microsoft\D496\3332.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\51B8.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\6385.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\A7C6.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\AAAF.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\AFD1.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\D133.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\E512.tmp
c:\users\Alina\AppData\Roaming\microsoft\D496\EB2B.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-24 bis 2011-11-24  ))))))))))))))))))))))))))))))
.
.
2011-11-24 17:02 . 2011-11-24 17:33	--------	d-----w-	c:\users\Alina\AppData\Local\temp
2011-11-24 17:02 . 2011-11-24 17:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-24 16:10 . 2011-11-24 16:10	--------	d-----w-	c:\windows\system32\EventProviders
2011-11-24 14:03 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2011-11-24 13:34 . 2011-11-24 13:34	--------	d-----w-	c:\users\Alina\AppData\Roaming\Malwarebytes
2011-11-24 13:33 . 2011-11-24 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-24 13:33 . 2011-11-24 13:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-24 13:33 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-24 11:38 . 2011-11-24 12:10	--------	d-----w-	C:\_OTL
2011-11-24 07:29 . 2011-11-24 07:29	--------	d-----w-	c:\users\Alina\AppData\Roaming\QuickScan
2011-11-23 16:15 . 2011-11-23 16:15	--------	d-----w-	c:\users\Alina\AppData\Roaming\Avira
2011-11-23 16:03 . 2011-10-18 00:28	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63E89EF8-36A5-4586-8AF1-9EF2E2AD032C}\mpengine.dll
2011-11-23 16:03 . 2011-05-24 17:14	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-23 16:00 . 2011-10-19 15:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-23 16:00 . 2011-10-19 15:56	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-23 16:00 . 2011-10-19 15:56	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-23 16:00 . 2011-11-23 16:00	--------	d-----w-	c:\programdata\Avira
2011-11-23 16:00 . 2011-11-23 16:00	--------	d-----w-	c:\program files\Avira
2011-11-23 15:52 . 2011-11-23 15:52	--------	d-----w-	c:\windows\PIF
2011-11-23 15:25 . 2011-11-23 15:25	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-23 15:25 . 2011-11-23 15:25	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-23 15:25 . 2011-11-23 15:25	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-23 15:25 . 2011-11-23 15:25	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-11-23 15:25 . 2011-11-23 15:25	801752	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-23 15:25 . 2011-11-23 15:25	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-23 15:25 . 2011-11-23 15:25	1989592	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-11-23 15:25 . 2011-11-23 15:25	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-23 15:22 . 2011-11-23 15:25	719832	----a-w-	c:\program files\Mozilla Firefox\mozcpp19.dll
2011-11-23 15:22 . 2011-11-23 15:25	16856	----a-w-	c:\program files\Mozilla Firefox\plugin-container.exe
2011-11-17 09:42 . 2011-11-17 09:57	--------	d-----w-	c:\users\Alina\AppData\Roaming\T-Mobile Internet Manager
2011-11-17 09:40 . 2009-10-20 17:47	112640	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2011-11-17 09:40 . 2009-10-12 14:22	101120	----a-w-	c:\windows\system32\drivers\ewusbdev.sys
2011-11-17 09:40 . 2009-09-10 13:55	102912	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2011-11-17 09:40 . 2007-08-09 03:06	23424	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2011-11-17 09:40 . 2011-11-17 09:40	--------	d-----w-	c:\users\Alina\AppData\Roaming\T-Mobile
2011-11-17 09:40 . 2008-10-09 12:52	294912	----a-w-	c:\windows\system32\bminstall.dll
2011-11-17 09:40 . 2008-10-09 12:51	126976	----a-w-	c:\windows\system32\bmdumpd.bin
2011-11-17 09:40 . 2008-10-09 12:50	22528	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2011-11-17 09:40 . 2008-10-09 12:50	18816	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2011-11-17 09:40 . 2008-02-11 16:05	8464	----a-w-	c:\windows\system32\sporder.dll
2011-11-17 09:40 . 2008-02-11 16:05	719360	----a-w-	c:\windows\system32\bmutil.dll
2011-11-17 09:39 . 2011-11-17 09:39	--------	d-----w-	c:\program files\T-Mobile
2011-11-10 11:19 . 2011-11-10 13:49	--------	d-----w-	c:\users\Alina\AppData\Roaming\SAP
2011-11-10 11:18 . 2010-02-26 04:02	946176	----a-w-	c:\windows\system32\icuuc34.dll
2011-11-10 11:18 . 2010-03-16 02:05	4813824	----a-w-	c:\windows\system32\librfc32u.dll
2011-11-10 11:16 . 2011-11-10 13:47	--------	d-----w-	c:\users\Alina\AppData\Local\SAP
2011-11-10 11:16 . 1999-05-07 11:24	209408	----a-w-	c:\windows\system32\tabctl32.ocx
2011-11-10 11:16 . 1999-05-07 11:24	438800	----a-w-	c:\windows\system32\mshflxgd.ocx
2011-11-10 11:16 . 1999-05-07 11:24	244232	----a-w-	c:\windows\system32\msflxgrd.ocx
2011-11-10 11:16 . 1998-06-24 09:57	67376	----a-w-	c:\windows\system32\sysinfo.ocx
2011-11-10 11:16 . 1999-05-07 11:24	262152	----a-w-	c:\windows\system32\msdatgrd.ocx
2011-11-10 11:16 . 2000-05-22 15:58	203976	----a-w-	c:\windows\system32\richtx32.ocx
2011-11-10 11:16 . 1998-06-26 19:22	94744	----a-w-	c:\windows\system32\grid32.ocx
2011-11-10 11:16 . 1998-06-18 04:49	153600	----a-w-	c:\windows\system32\tlbinf32.dll
2011-11-10 11:16 . 1999-04-29 11:04	1355776	----a-w-	c:\windows\system32\msvbvm50.dll
2011-11-10 11:16 . 1995-05-19 07:15	133904	----a-w-	c:\windows\system32\mfcans32.dll
2011-11-10 11:15 . 2011-11-10 11:16	--------	d-----w-	c:\program files\SAP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 15:25 . 2011-11-23 15:25	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-07 11:14 . 2010-07-07 11:14	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-11-17 253952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DocCreatorClient]
2009-11-24 09:56	292248	----a-w-	c:\program files\Global Graphics\gDoc\DocCreatorClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2009-05-22 12:25	26112	----a-w-	c:\program files\sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DCMessages;DCMessages;c:\windows\System32\DCMessages.exe [2009-11-24 99720]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-20 112640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-07 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{80F93F21-F4C3-4009-A3A0-903D5D0B5F68}.job
- c:\windows\system32\msfeedssync.exe [2011-11-24 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\tfpkrk08.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://plasmoo.com/result.htm?q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61455
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-24 18:34
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?mp?CE\Co)??#t?????*???*?/??$}???(?2?????????????????????W??]{????:*???*?am Files\T-Mobile\T-Mobile Internet Manager\????c:\users????v???c:\Program Files\T-Mobile\T-Mobile Internet Mana 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-24  18:37:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-24 17:37
ComboFix2.txt  2011-11-24 13:00
.
Vor Suchlauf: 13 Verzeichnis(se), 209.718.493.184 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 209.584.328.704 Bytes frei
.
- - End Of File - - B2C27F9E69514CFB45042A0CE02E9354

--- --- ---

markusg · 24.11.2011, 19:01

ok nen zwischenstand bitte, wie läuft das system, welche probleme gibts noch

Hoschi2k · 24.11.2011, 19:08

So, ich seh keine Verdächtigen Tasks mehr.
Ich konnte Avira updaten und würde jetzt mal die Windowsupdates fahren.
Mir scheint er zwar noch etwas langsam aber ich weiss auch nicht wie der vorher lief.

markusg · 24.11.2011, 19:43

jo wir sind ja noch nicht durch.

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
lösche niths, nur log posten

Hoschi2k · 24.11.2011, 19:54

Bitte schön

TDSSKILLER Log

Zitat:

19:48:43.0899 4948 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:48:44.0211 4948 ============================================================
19:48:44.0211 4948 Current date / time: 2011/11/24 19:48:44.0211
19:48:44.0211 4948 SystemInfo:
19:48:44.0211 4948
19:48:44.0211 4948 OS Version: 6.0.6001 ServicePack: 1.0
19:48:44.0211 4948 Product type: Workstation
19:48:44.0211 4948 ComputerName: ALINA-LAPTOP
19:48:44.0211 4948 UserName: Alina
19:48:44.0211 4948 Windows directory: C:\Windows
19:48:44.0211 4948 System windows directory: C:\Windows
19:48:44.0211 4948 Processor architecture: Intel x86
19:48:44.0211 4948 Number of processors: 2
19:48:44.0211 4948 Page size: 0x1000
19:48:44.0211 4948 Boot type: Normal boot
19:48:44.0211 4948 ============================================================
19:48:44.0991 4948 Initialize success
19:49:09.0186 5596 ============================================================
19:49:09.0186 5596 Scan started
19:49:09.0186 5596 Mode: Manual; SigCheck; TDLFS;
19:49:09.0186 5596 ============================================================
19:49:11.0136 5596 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
19:49:11.0495 5596 61883 - ok
19:49:11.0651 5596 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:49:11.0667 5596 ACPI - ok
19:49:11.0776 5596 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:49:11.0854 5596 adp94xx - ok
19:49:12.0072 5596 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:49:12.0135 5596 adpahci - ok
19:49:12.0337 5596 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:49:12.0400 5596 adpu160m - ok
19:49:12.0509 5596 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:49:12.0556 5596 adpu320 - ok
19:49:12.0712 5596 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
19:49:12.0805 5596 AFD - ok
19:49:12.0961 5596 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:49:12.0977 5596 agp440 - ok
19:49:13.0055 5596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:49:13.0071 5596 aic78xx - ok
19:49:13.0164 5596 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:49:13.0180 5596 aliide - ok
19:49:13.0273 5596 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:49:13.0289 5596 amdagp - ok
19:49:13.0414 5596 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:49:13.0445 5596 amdide - ok
19:49:13.0523 5596 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:49:13.0617 5596 AmdK7 - ok
19:49:13.0788 5596 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:49:13.0866 5596 AmdK8 - ok
19:49:14.0007 5596 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:49:14.0022 5596 arc - ok
19:49:14.0085 5596 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:49:14.0116 5596 arcsas - ok
19:49:14.0209 5596 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:49:14.0303 5596 ArcSoftKsUFilter - ok
19:49:14.0381 5596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:49:14.0475 5596 AsyncMac - ok
19:49:14.0553 5596 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:49:14.0584 5596 atapi - ok
19:49:14.0740 5596 athr (1ea05449220e3d755477ce517a83846b) C:\Windows\system32\DRIVERS\athr.sys
19:49:14.0911 5596 athr - ok
19:49:15.0255 5596 atikmdag (9f66d1ba97911731133e46212539a08d) C:\Windows\system32\DRIVERS\atikmdag.sys
19:49:15.0613 5596 atikmdag - ok
19:49:15.0832 5596 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
19:49:15.0925 5596 Avc - ok
19:49:16.0097 5596 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:49:16.0113 5596 avgntflt - ok
19:49:16.0222 5596 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
19:49:16.0237 5596 avipbb - ok
19:49:16.0378 5596 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:49:16.0378 5596 avkmgr - ok
19:49:16.0503 5596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:49:16.0565 5596 Beep - ok
19:49:16.0752 5596 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:49:16.0799 5596 blbdrive - ok
19:49:17.0220 5596 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
19:49:17.0267 5596 BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:49:17.0267 5596 BMLoad - detected UnsignedFile.Multi.Generic (1)
19:49:17.0407 5596 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
19:49:17.0485 5596 bowser - ok
19:49:17.0751 5596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:49:17.0875 5596 BrFiltLo - ok
19:49:18.0000 5596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:49:18.0063 5596 BrFiltUp - ok
19:49:18.0187 5596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:49:18.0499 5596 Brserid - ok
19:49:18.0624 5596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:49:18.0718 5596 BrSerWdm - ok
19:49:18.0827 5596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:49:18.0905 5596 BrUsbMdm - ok
19:49:19.0014 5596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:49:19.0092 5596 BrUsbSer - ok
19:49:19.0279 5596 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:49:19.0357 5596 BTHMODEM - ok
19:49:19.0404 5596 catchme - ok
19:49:19.0513 5596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:49:19.0560 5596 cdfs - ok
19:49:19.0685 5596 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:49:19.0763 5596 cdrom - ok
19:49:20.0028 5596 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:49:20.0106 5596 circlass - ok
19:49:20.0340 5596 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:49:20.0418 5596 CLFS - ok
19:49:20.0683 5596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:49:20.0746 5596 CmBatt - ok
19:49:20.0871 5596 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:49:20.0902 5596 cmdide - ok
19:49:21.0105 5596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:49:21.0136 5596 Compbatt - ok
19:49:21.0354 5596 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:49:21.0385 5596 crcdisk - ok
19:49:21.0619 5596 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:49:21.0697 5596 Crusoe - ok
19:49:21.0978 5596 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
19:49:22.0009 5596 DfsC - ok
19:49:22.0243 5596 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:49:22.0275 5596 disk - ok
19:49:22.0399 5596 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
19:49:22.0415 5596 DMICall - ok
19:49:22.0571 5596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:49:22.0665 5596 drmkaud - ok
19:49:22.0805 5596 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
19:49:22.0914 5596 DXGKrnl - ok
19:49:23.0086 5596 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:49:23.0133 5596 E1G60 - ok
19:49:23.0304 5596 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:49:23.0351 5596 Ecache - ok
19:49:23.0523 5596 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:49:23.0632 5596 elxstor - ok
19:49:23.0788 5596 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:49:23.0850 5596 ErrDev - ok
19:49:24.0084 5596 ewusbnet (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:49:24.0147 5596 ewusbnet - ok
19:49:24.0303 5596 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:49:24.0365 5596 exfat - ok
19:49:24.0521 5596 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:49:24.0583 5596 fastfat - ok
19:49:24.0864 5596 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:49:24.0958 5596 fdc - ok
19:49:25.0161 5596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:49:25.0192 5596 FileInfo - ok
19:49:25.0332 5596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:49:25.0426 5596 Filetrace - ok
19:49:25.0551 5596 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:49:25.0613 5596 flpydisk - ok
19:49:25.0800 5596 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:49:25.0863 5596 FltMgr - ok
19:49:26.0065 5596 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:49:26.0128 5596 Fs_Rec - ok
19:49:26.0284 5596 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:49:26.0331 5596 gagp30kx - ok
19:49:26.0533 5596 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:49:26.0674 5596 HdAudAddService - ok
19:49:26.0845 5596 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:49:26.0955 5596 HDAudBus - ok
19:49:27.0173 5596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:49:27.0251 5596 HidBth - ok
19:49:27.0454 5596 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:49:27.0532 5596 HidIr - ok
19:49:27.0641 5596 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
19:49:27.0688 5596 HidUsb - ok
19:49:27.0844 5596 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:49:27.0859 5596 HpCISSs - ok
19:49:28.0203 5596 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:49:28.0249 5596 HSFHWAZL - ok
19:49:28.0421 5596 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:49:28.0577 5596 HSF_DPV - ok
19:49:28.0702 5596 HSXHWAZL - ok
19:49:28.0811 5596 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
19:49:28.0905 5596 HTTP - ok
19:49:29.0061 5596 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:49:29.0185 5596 hwdatacard - ok
19:49:29.0388 5596 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
19:49:29.0451 5596 hwusbdev - ok
19:49:29.0653 5596 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:49:29.0700 5596 i2omp - ok
19:49:29.0872 5596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:49:29.0934 5596 i8042prt - ok
19:49:30.0075 5596 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
19:49:30.0090 5596 iaStor - ok
19:49:30.0184 5596 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:49:30.0231 5596 iaStorV - ok
19:49:30.0465 5596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:49:30.0511 5596 iirsp - ok
19:49:30.0714 5596 IntcAzAudAddService (3aa1f82efa2b0454af163124c9920d16) C:\Windows\system32\drivers\RTKVHDA.sys
19:49:30.0933 5596 IntcAzAudAddService - ok
19:49:31.0073 5596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:49:31.0104 5596 intelide - ok
19:49:31.0229 5596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:49:31.0276 5596 intelppm - ok
19:49:31.0447 5596 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:49:31.0494 5596 IpFilterDriver - ok
19:49:31.0666 5596 IpInIp - ok
19:49:31.0759 5596 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:49:31.0837 5596 IPMIDRV - ok
19:49:31.0993 5596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:49:32.0071 5596 IPNAT - ok
19:49:32.0196 5596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:49:32.0274 5596 IRENUM - ok
19:49:32.0399 5596 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:49:32.0430 5596 isapnp - ok
19:49:32.0617 5596 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:49:32.0649 5596 iScsiPrt - ok
19:49:32.0820 5596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:49:32.0851 5596 iteatapi - ok
19:49:32.0945 5596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:49:32.0961 5596 iteraid - ok
19:49:33.0085 5596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:49:33.0117 5596 kbdclass - ok
19:49:33.0226 5596 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:49:33.0273 5596 kbdhid - ok
19:49:33.0397 5596 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
19:49:33.0491 5596 KSecDD - ok
19:49:33.0709 5596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:49:33.0772 5596 lltdio - ok
19:49:33.0912 5596 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:49:33.0943 5596 LSI_FC - ok
19:49:34.0084 5596 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:49:34.0115 5596 LSI_SAS - ok
19:49:34.0302 5596 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:49:34.0333 5596 LSI_SCSI - ok
19:49:34.0677 5596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:49:34.0770 5596 luafv - ok
19:49:34.0926 5596 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:49:34.0973 5596 MBAMProtector - ok
19:49:35.0145 5596 MBAMSwissArmy - ok
19:49:35.0457 5596 mdmxsdk - ok
19:49:35.0691 5596 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:49:35.0737 5596 megasas - ok
19:49:35.0940 5596 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:49:36.0096 5596 MegaSR - ok
19:49:36.0315 5596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:49:36.0377 5596 Modem - ok
19:49:36.0517 5596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:49:36.0564 5596 monitor - ok
19:49:36.0689 5596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:49:36.0720 5596 mouclass - ok
19:49:36.0845 5596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:49:36.0907 5596 mouhid - ok
19:49:37.0048 5596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:49:37.0079 5596 MountMgr - ok
19:49:37.0188 5596 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:49:37.0219 5596 mpio - ok
19:49:37.0609 5596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:49:37.0734 5596 mpsdrv - ok
19:49:38.0077 5596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:49:38.0202 5596 Mraid35x - ok
19:49:38.0343 5596 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:49:38.0421 5596 MRxDAV - ok
19:49:38.0530 5596 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:49:38.0592 5596 mrxsmb - ok
19:49:38.0748 5596 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:49:38.0889 5596 mrxsmb10 - ok
19:49:39.0013 5596 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:49:39.0060 5596 mrxsmb20 - ok
19:49:39.0201 5596 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:49:39.0247 5596 msahci - ok
19:49:39.0372 5596 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:49:39.0435 5596 msdsm - ok
19:49:39.0575 5596 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
19:49:39.0637 5596 MSDV - ok
19:49:39.0762 5596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:49:39.0825 5596 Msfs - ok
19:49:39.0965 5596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:49:39.0996 5596 msisadrv - ok
19:49:40.0230 5596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:49:40.0277 5596 MSKSSRV - ok
19:49:40.0542 5596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:49:40.0589 5596 MSPCLOCK - ok
19:49:40.0792 5596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:49:40.0839 5596 MSPQM - ok
19:49:40.0995 5596 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:49:41.0026 5596 MsRPC - ok
19:49:41.0307 5596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:49:41.0307 5596 mssmbios - ok
19:49:41.0431 5596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:49:41.0494 5596 MSTEE - ok
19:49:41.0775 5596 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:49:41.0821 5596 Mup - ok
19:49:41.0915 5596 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
19:49:41.0977 5596 NativeWifiP - ok
19:49:42.0321 5596 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
19:49:42.0383 5596 NDIS - ok
19:49:42.0523 5596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:49:42.0570 5596 NdisTapi - ok
19:49:42.0664 5596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:49:42.0711 5596 Ndisuio - ok
19:49:42.0851 5596 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:49:42.0898 5596 NdisWan - ok
19:49:42.0976 5596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:49:43.0023 5596 NDProxy - ok
19:49:43.0132 5596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:49:43.0179 5596 NetBIOS - ok
19:49:43.0272 5596 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:49:43.0335 5596 netbt - ok
19:49:43.0537 5596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:49:43.0553 5596 nfrd960 - ok
19:49:43.0678 5596 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:49:43.0725 5596 Npfs - ok
19:49:43.0834 5596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:49:43.0865 5596 nsiproxy - ok
19:49:44.0005 5596 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:49:44.0130 5596 Ntfs - ok
19:49:44.0255 5596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:49:44.0333 5596 ntrigdigi - ok
19:49:44.0442 5596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:49:44.0505 5596 Null - ok
19:49:44.0723 5596 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:49:44.0739 5596 nvraid - ok
19:49:44.0926 5596 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:49:44.0941 5596 nvstor - ok
19:49:45.0051 5596 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:49:45.0082 5596 nv_agp - ok
19:49:45.0160 5596 NwlnkFlt - ok
19:49:45.0253 5596 NwlnkFwd - ok
19:49:45.0394 5596 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:49:45.0425 5596 ohci1394 - ok
19:49:45.0581 5596 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:49:45.0659 5596 Parport - ok
19:49:45.0815 5596 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:49:45.0877 5596 partmgr - ok
19:49:45.0987 5596 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:49:46.0065 5596 Parvdm - ok
19:49:46.0189 5596 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:49:46.0205 5596 pci - ok
19:49:46.0361 5596 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:49:46.0392 5596 pciide - ok
19:49:46.0533 5596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:49:46.0611 5596 pcmcia - ok
19:49:46.0767 5596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:49:46.0954 5596 PEAUTH - ok
19:49:47.0328 5596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:49:47.0391 5596 PptpMiniport - ok
19:49:47.0625 5596 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:49:47.0749 5596 Processor - ok
19:49:48.0077 5596 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
19:49:48.0186 5596 PSched - ok
19:49:48.0826 5596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
19:49:48.0873 5596 PxHelp20 - ok
19:49:49.0169 5596 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:49:49.0512 5596 ql2300 - ok
19:49:49.0621 5596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:49:49.0653 5596 ql40xx - ok
19:49:49.0793 5596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:49:49.0855 5596 QWAVEdrv - ok
19:49:49.0933 5596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:49:49.0996 5596 RasAcd - ok
19:49:50.0105 5596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:49:50.0183 5596 Rasl2tp - ok
19:49:50.0479 5596 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:49:50.0526 5596 RasPppoe - ok
19:49:50.0713 5596 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:49:50.0760 5596 RasSstp - ok
19:49:50.0916 5596 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:49:50.0994 5596 rdbss - ok
19:49:51.0103 5596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:49:51.0150 5596 RDPCDD - ok
19:49:51.0291 5596 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:49:51.0431 5596 rdpdr - ok
19:49:51.0587 5596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:49:51.0634 5596 RDPENCDD - ok
19:49:51.0759 5596 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:49:51.0852 5596 RDPWD - ok
19:49:51.0977 5596 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
19:49:51.0993 5596 regi - ok
19:49:52.0133 5596 rimsptsk (f7d9ecf41ebd3cf6c65944368150f66b) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:49:52.0149 5596 rimsptsk - ok
19:49:52.0320 5596 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
19:49:52.0351 5596 risdptsk - ok
19:49:52.0617 5596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:49:52.0663 5596 rspndr - ok
19:49:52.0788 5596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:49:52.0804 5596 sbp2port - ok
19:49:52.0913 5596 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:49:52.0975 5596 sdbus - ok
19:49:53.0038 5596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:49:53.0147 5596 secdrv - ok
19:49:53.0303 5596 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:49:53.0365 5596 Serenum - ok
19:49:53.0537 5596 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:49:53.0646 5596 Serial - ok
19:49:53.0865 5596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:49:53.0911 5596 sermouse - ok
19:49:54.0099 5596 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
19:49:54.0145 5596 SFEP - ok
19:49:54.0223 5596 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:49:54.0286 5596 sffdisk - ok
19:49:54.0364 5596 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:49:54.0442 5596 sffp_mmc - ok
19:49:54.0567 5596 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:49:54.0613 5596 sffp_sd - ok
19:49:54.0738 5596 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
19:49:54.0769 5596 sfloppy - ok
19:49:54.0941 5596 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:49:55.0066 5596 Sftfs - ok
19:49:55.0222 5596 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:49:55.0284 5596 Sftplay - ok
19:49:55.0393 5596 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:49:55.0393 5596 Sftredir - ok
19:49:55.0534 5596 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:49:55.0549 5596 Sftvol - ok
19:49:55.0643 5596 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:49:55.0674 5596 sisagp - ok
19:49:55.0783 5596 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:49:55.0815 5596 SiSRaid2 - ok
19:49:55.0924 5596 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:49:55.0955 5596 SiSRaid4 - ok
19:49:56.0142 5596 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:49:56.0189 5596 Smb - ok
19:49:56.0361 5596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:49:56.0392 5596 spldr - ok
19:49:56.0548 5596 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
19:49:56.0595 5596 srv - ok
19:49:56.0673 5596 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
19:49:56.0735 5596 srv2 - ok
19:49:56.0844 5596 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
19:49:56.0907 5596 srvnet - ok
19:49:56.0985 5596 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:49:57.0031 5596 ssmdrv - ok
19:49:57.0156 5596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:49:57.0172 5596 swenum - ok
19:49:57.0234 5596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:49:57.0265 5596 Symc8xx - ok
19:49:57.0375 5596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:49:57.0406 5596 Sym_hi - ok
19:49:57.0546 5596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:49:57.0562 5596 Sym_u3 - ok
19:49:57.0687 5596 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
19:49:57.0718 5596 SynTP - ok
19:49:57.0858 5596 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
19:49:57.0967 5596 Tcpip - ok
19:49:58.0123 5596 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
19:49:58.0201 5596 Tcpip6 - ok
19:49:58.0451 5596 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
19:49:58.0467 5596 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:49:58.0467 5596 tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:49:58.0498 5596 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:49:58.0545 5596 tcpipreg - ok
19:49:58.0810 5596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:49:58.0857 5596 TDPIPE - ok
19:49:58.0950 5596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:49:59.0044 5596 TDTCP - ok
19:49:59.0184 5596 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:49:59.0371 5596 tdx - ok
19:49:59.0496 5596 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:49:59.0527 5596 TermDD - ok
19:49:59.0590 5596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:59.0668 5596 tssecsrv - ok
19:49:59.0761 5596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:49:59.0808 5596 tunmp - ok
19:49:59.0902 5596 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
19:49:59.0933 5596 tunnel - ok
19:50:00.0011 5596 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:50:00.0027 5596 uagp35 - ok
19:50:00.0089 5596 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:50:00.0120 5596 udfs - ok
19:50:00.0183 5596 UIUSys - ok
19:50:00.0229 5596 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:50:00.0245 5596 uliagpkx - ok
19:50:00.0385 5596 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:50:00.0401 5596 uliahci - ok
19:50:00.0479 5596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:50:00.0495 5596 UlSata - ok
19:50:00.0651 5596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:50:00.0651 5596 ulsata2 - ok
19:50:00.0744 5596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:50:00.0807 5596 umbus - ok
19:50:00.0916 5596 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
19:50:01.0025 5596 usbccgp - ok
19:50:01.0072 5596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:50:01.0165 5596 usbcir - ok
19:50:01.0259 5596 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
19:50:01.0321 5596 usbehci - ok
19:50:01.0399 5596 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
19:50:01.0477 5596 usbhub - ok
19:50:01.0618 5596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:50:01.0680 5596 usbohci - ok
19:50:01.0758 5596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:50:01.0789 5596 usbprint - ok
19:50:01.0992 5596 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:50:02.0023 5596 USBSTOR - ok
19:50:02.0179 5596 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:50:02.0242 5596 usbuhci - ok
19:50:02.0367 5596 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:50:02.0445 5596 usbvideo - ok
19:50:02.0663 5596 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:50:02.0725 5596 vga - ok
19:50:02.0788 5596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:50:02.0835 5596 VgaSave - ok
19:50:02.0959 5596 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:50:02.0975 5596 viaagp - ok
19:50:03.0037 5596 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:50:03.0069 5596 ViaC7 - ok
19:50:03.0178 5596 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:50:03.0193 5596 viaide - ok
19:50:03.0318 5596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:50:03.0349 5596 volmgr - ok
19:50:03.0443 5596 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:50:03.0459 5596 volmgrx - ok
19:50:03.0599 5596 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:50:03.0708 5596 volsnap - ok
19:50:03.0880 5596 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:50:03.0927 5596 vsmraid - ok
19:50:04.0036 5596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:50:04.0129 5596 WacomPen - ok
19:50:04.0207 5596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:04.0270 5596 Wanarp - ok
19:50:04.0285 5596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:04.0301 5596 Wanarpv6 - ok
19:50:04.0426 5596 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:50:04.0441 5596 Wd - ok
19:50:04.0504 5596 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:50:04.0582 5596 Wdf01000 - ok
19:50:04.0722 5596 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:50:04.0753 5596 WimFltr - ok
19:50:04.0909 5596 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:50:04.0987 5596 winachsf - ok
19:50:05.0143 5596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:50:05.0190 5596 WmiAcpi - ok
19:50:05.0362 5596 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:50:05.0409 5596 WpdUsb - ok
19:50:05.0611 5596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:50:05.0658 5596 ws2ifsl - ok
19:50:05.0799 5596 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:50:05.0830 5596 WSDPrintDevice - ok
19:50:06.0048 5596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:50:06.0111 5596 WUDFRd - ok
19:50:06.0251 5596 XAudio - ok
19:50:06.0454 5596 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
19:50:06.0501 5596 yukonwlh - ok
19:50:06.0625 5596 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:50:06.0844 5596 \Device\Harddisk0\DR0 - ok
19:50:06.0891 5596 Boot (0x1200) (4f9c9023db902c05a6414596105d8046) \Device\Harddisk0\DR0\Partition0
19:50:06.0922 5596 \Device\Harddisk0\DR0\Partition0 - ok
19:50:06.0922 5596 ============================================================
19:50:06.0922 5596 Scan finished
19:50:06.0922 5596 ============================================================
19:50:06.0969 4872 Detected object count: 2
19:50:06.0969 4872 Actual detected object count: 2
19:51:25.0321 4872 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:25.0321 4872 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:25.0337 4872 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:25.0337 4872 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

24.11.2011, 14:19	#6
markusg /// Malware-holic	lvvm.exe und div. andere Trojaner legen Laptop lahm hi, kannst du mal c:\qoobox öffnen und quarantain packen, und dann das archiv ebenfalls im upload channel hochladen bitte? __________________ --> lvvm.exe und div. andere Trojaner legen Laptop lahm

lvvm.exe und div. andere Trojaner legen Laptop lahm

Log-Analyse und Auswertung: lvvm.exe und div. andere Trojaner legen Laptop lahm