Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery Malware. Halbwegs beseitigt.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.04.2011, 12:37   #1
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Hallo,
ich habe mich hier angemeldet, weil auch ich mir diesen Windows Recovery
Mist eingefangen hab. Nachdem im Internet empfohlen wurde, Trojan Killer
zu installieren, hab ich das gemacht. Aber anscheinend war das ein Fehler,
denn irgendwie scheint mir das Programm nicht ganz geheuer zu sein.
Jedenfalls bin ich dann auf dieses Forum gestoßen und habe mich ein bisschen
eingelesen. Ich hab natürlich den Thread zur Entfernung von Windows Recovery
gefunden es gab jedoch ein Problem:

Beim Ausführen von rkill.com (in iexplorer.exe) gibts nen blue screen.
Ich habe dann trotzdem Malwarebytes Anti-Malware ausgeführt und der hat
auch einiges gefunden. Allerdings sind immernoch alle Dateien auf C:\
versteckt und Avast meldet sich oft zu Wort, dass die Datei svhost.exe
auf eine bösartige Website will. Außerdem findet er öfter Dateien eines
RootKits.

Ich habe dann einen vollständigen Virenscan gemacht und mit OT Helper
alle Prozesse beendet und mit Anti-Malware nochmal einen Quickscan
gemacht, der jedoch nix gefunden hat. Jetzt bin ich Ratlos. Der Computer ist
ziemlich ausgelastet, außerdem sind alle Dateien versteckt und Avast meldet
sich oft. Also noch nix behoben. Kann mir jemand helfen?
Habe hier ein paar Logfiles angehängt:

Achso, die Extras.Txt ist zu groß. Hab die in meine Dropbox gestellt:

hxxp://dl.dropbox.com/u/16632825/Extras.Txt

Danke
Angehängte Dateien
Dateityp: txt mbam-log-2011-04-12 (21-40-17).txt (3,8 KB, 226x aufgerufen)
Dateityp: txt mbam-log-2011-04-12 (23-24-36).txt (1,9 KB, 199x aufgerufen)
Dateityp: txt mbam-log-2011-04-13 (10-27-10).txt (1,0 KB, 198x aufgerufen)
Dateityp: txt mbam-log-2011-04-13 (10-31-04).txt (1,0 KB, 224x aufgerufen)
Dateityp: txt OTL.Txt (93,3 KB, 268x aufgerufen)

Alt 13.04.2011, 14:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q="
FF - prefs.js..network.proxy.backup.ftp: "173.203.80.108"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "173.203.80.108"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "173.203.80.108"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "190.202.87.131"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "190.202.87.131"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "190.202.87.131"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "190.202.87.131"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.01.11 00:00:26 | 000,000,000 | ---D | M] - D:\AutoCAD 2010 -- [ NTFS ]
O32 - AutoRun File - [2011.01.12 23:55:25 | 000,000,000 | ---D | M] - D:\Autodesk Inventor -- [ NTFS ]
O32 - AutoRun File - [2009.02.21 17:25:05 | 000,000,000 | ---D | M] - D:\AutoIt3 -- [ NTFS ]
O32 - AutoRun File - [2009.10.13 13:03:14 | 000,000,000 | ---D | M] - D:\AutoMKV -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 15:35:41 | 000,000,000 | ---D | M] - D:\Autoplay Menu Designer 4.1 -- [ NTFS ]
O32 - AutoRun File - [2008.01.19 22:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{1482e1c1-9c76-11de-97f7-0023542c8080}\Shell\AutoRun\command - "" = Autorun.exe
O33 - MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{9de4f769-ff62-11dd-a6c9-0023542c8080}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\Shell\AutoRun\command - "" = F:\Startme.exe
[2011.04.12 18:55:24 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}
[2011.04.12 17:14:07 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{2100A5DA-0492-4CCB-AFF6-E303099387D1}
[2011.04.11 18:32:19 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{1879E83B-105A-49E0-A79C-B976DFD4575F}
[2011.04.10 20:31:09 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{D6F4CF8C-82FB-4F7E-81D0-2BFC0D88B323}
[2011.04.12 19:12:39 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000136r
[2011.04.12 19:12:39 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42000136
[2011.04.12 19:12:35 | 000,000,588 | -H-- | M] () -- C:\Users\Daniel\Desktop\Windows Restore.lnk
[2011.04.12 19:01:00 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000136
[2011.04.22 19:52:28 | 000,016,384 | -H-- | C] () -- C:\Windows\PCWNOBAR.EXE
[2011.04.22 19:52:28 | 000,003,079 | -H-- | C] () -- C:\Windows\PCWNOBAR.VBS
[2010.11.02 20:52:18 | 000,020,000 | -H-- | C] () -- C:\ProgramData\T09F8
[2010.11.02 20:44:57 | 000,020,000 | -H-- | C] () -- C:\ProgramData\V36QQ
@Alternate Data Stream - 24 bytes -> C:\Windows:118665A542D196CC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:52BA26F1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9FA1200D
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________

__________________

Alt 13.04.2011, 17:20   #3
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Hey, danke für deine Antwort
Ich habe also OTL gestartet und alle Programme vorher beendet (inkl. Virenscanner).
Hab dann den Text reinkopiert und auf FIX geklickt. Es passierte leider nicht viel:

Cannot create file
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\el7i34hd.default\prefs.js

Dann ist nichts mehr passiert ...
__________________

Alt 13.04.2011, 21:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Hast du OTL per Rechtsklick als Admin ausgeführt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 21:45   #5
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Oh man, oh man.
Hätt nicht gedacht, dass mir sowas passiert
Hier also die Logdatei:
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "173.203.80.108" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "173.203.80.108" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "173.203.80.108" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "190.202.87.131" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "190.202.87.131" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "190.202.87.131" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "190.202.87.131" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File  not found.
File  not found.
File  not found.
File  not found.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
File H:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1482e1c1-9c76-11de-97f7-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1482e1c1-9c76-11de-97f7-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9de4f769-ff62-11dd-a6c9-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9de4f769-ff62-11dd-a6c9-0023542c8080}\ not found.
File I:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
File H:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
File F:\Startme.exe not found.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A} folder moved successfully.
C:\Users\Daniel\AppData\Local\{2100A5DA-0492-4CCB-AFF6-E303099387D1} folder moved successfully.
C:\Users\Daniel\AppData\Local\{1879E83B-105A-49E0-A79C-B976DFD4575F} folder moved successfully.
C:\Users\Daniel\AppData\Local\{D6F4CF8C-82FB-4F7E-81D0-2BFC0D88B323} folder moved successfully.
C:\ProgramData\~42000136r moved successfully.
C:\ProgramData\~42000136 moved successfully.
C:\Users\Daniel\Desktop\Windows Restore.lnk moved successfully.
C:\ProgramData\42000136 moved successfully.
C:\Windows\PCWNOBAR.EXE moved successfully.
C:\Windows\PCWNOBAR.VBS moved successfully.
C:\ProgramData\T09F8 moved successfully.
C:\ProgramData\V36QQ moved successfully.
ADS C:\Windows:118665A542D196CC deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
ADS C:\ProgramData\TEMP:52BA26F1 deleted successfully.
ADS C:\ProgramData\TEMP:9FA1200D deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Birungueta
 
User: Daniel
->Temp folder emptied: 3349 bytes
->Temporary Internet Files folder emptied: 16689481 bytes
->Java cache emptied: 10746 bytes
->FireFox cache emptied: 182555906 bytes
->Apple Safari cache emptied: 192020480 bytes
->Opera cache emptied: 4693366 bytes
->Flash cache emptied: 2622000 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 49208 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757369 bytes
%systemroot%\System32 .tmp files removed: 879400 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6513720 bytes
RecycleBin emptied: 305462315 bytes
 
Total Files Cleaned = 679,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_213734

Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Herzlichsten Dank schonmal!


Alt 13.04.2011, 22:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten


Danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
--> Windows Recovery Malware. Halbwegs beseitigt.

Alt 13.04.2011, 22:22   #7
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



So, hat geklappt mit dem Upload. Einen Link zu der hochgeladenen Datei hab ich nicht
bekommen. Ist richtig so, oder? Desweiteren musste ich leider den Ordner auf den
Desktop kopieren, denn das Packen hat direkt in C: weder mit WinRar, noch mit 7zip
funktioniert. Jedesmal Zugriff Verweigert oder Cannot open File. Das Tool werde ich
dann gleich starten.

Alt 13.04.2011, 22:30   #8
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Und hier nochmal das Logfile (hat 2 Sachen gefunden (1 Rootkit)):

Code:
ATTFilter
2011/04/13 22:24:47.0462 1564	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 22:24:47.0765 1564	================================================================================
2011/04/13 22:24:47.0765 1564	SystemInfo:
2011/04/13 22:24:47.0765 1564	
2011/04/13 22:24:47.0765 1564	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/13 22:24:47.0765 1564	Product type: Workstation
2011/04/13 22:24:47.0765 1564	ComputerName: WAFFEL-ICE
2011/04/13 22:24:47.0765 1564	UserName: Daniel
2011/04/13 22:24:47.0765 1564	Windows directory: C:\Windows
2011/04/13 22:24:47.0765 1564	System windows directory: C:\Windows
2011/04/13 22:24:47.0765 1564	Processor architecture: Intel x86
2011/04/13 22:24:47.0765 1564	Number of processors: 2
2011/04/13 22:24:47.0765 1564	Page size: 0x1000
2011/04/13 22:24:47.0765 1564	Boot type: Normal boot
2011/04/13 22:24:47.0765 1564	================================================================================
2011/04/13 22:24:54.0543 1564	Initialize success
2011/04/13 22:24:57.0394 1488	================================================================================
2011/04/13 22:24:57.0394 1488	Scan started
2011/04/13 22:24:57.0394 1488	Mode: Manual; 
2011/04/13 22:24:57.0394 1488	================================================================================
2011/04/13 22:24:58.0755 1488	AbilisT         (bba404351f75beac27d9eb38db32f526) C:\Windows\system32\DRIVERS\AbilisBdaTuner.sys
2011/04/13 22:24:58.0871 1488	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/13 22:24:58.0954 1488	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/13 22:24:58.0995 1488	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/13 22:24:59.0030 1488	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/13 22:24:59.0064 1488	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/13 22:24:59.0115 1488	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/13 22:24:59.0176 1488	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/13 22:24:59.0207 1488	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/13 22:24:59.0245 1488	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/13 22:24:59.0288 1488	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/13 22:24:59.0316 1488	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 22:24:59.0343 1488	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/13 22:24:59.0370 1488	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/13 22:24:59.0518 1488	amdkmdag        (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 22:24:59.0647 1488	amdkmdap        (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/13 22:24:59.0751 1488	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/13 22:24:59.0783 1488	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/13 22:24:59.0819 1488	AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/04/13 22:24:59.0887 1488	aswFsBlk        (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/13 22:24:59.0931 1488	aswMonFlt       (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/13 22:24:59.0964 1488	aswRdr          (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/13 22:25:00.0010 1488	aswSnx          (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/13 22:25:00.0063 1488	aswSP           (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/13 22:25:00.0099 1488	aswTdi          (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/13 22:25:00.0138 1488	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 22:25:00.0168 1488	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/13 22:25:00.0246 1488	AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
2011/04/13 22:25:00.0381 1488	atikmdag        (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 22:25:00.0483 1488	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/13 22:25:00.0570 1488	avgio           (87828ecd657f81503465ac705e845076) C:\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/04/13 22:25:00.0598 1488	avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/04/13 22:25:00.0624 1488	avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/13 22:25:00.0673 1488	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/13 22:25:00.0704 1488	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/13 22:25:00.0737 1488	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 22:25:00.0789 1488	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/13 22:25:00.0817 1488	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/13 22:25:00.0847 1488	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/13 22:25:00.0879 1488	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/13 22:25:00.0911 1488	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/13 22:25:00.0933 1488	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/13 22:25:00.0956 1488	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/13 22:25:00.0990 1488	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 22:25:01.0036 1488	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 22:25:01.0074 1488	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/13 22:25:01.0115 1488	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/13 22:25:01.0183 1488	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 22:25:01.0215 1488	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/13 22:25:01.0240 1488	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/13 22:25:01.0278 1488	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/13 22:25:01.0336 1488	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/13 22:25:01.0411 1488	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 22:25:01.0492 1488	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/13 22:25:01.0548 1488	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/13 22:25:01.0587 1488	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/13 22:25:01.0610 1488	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/13 22:25:01.0664 1488	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 22:25:01.0710 1488	DroidCam        (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
2011/04/13 22:25:01.0801 1488	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 22:25:01.0872 1488	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/13 22:25:01.0924 1488	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/13 22:25:01.0967 1488	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/04/13 22:25:01.0998 1488	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/13 22:25:02.0047 1488	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/13 22:25:02.0083 1488	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/13 22:25:02.0149 1488	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/13 22:25:02.0203 1488	ezplay          (73e701e0fa4d2fc7d22efceff276c50a) C:\Windows\system32\Drivers\ezplay.sys
2011/04/13 22:25:02.0259 1488	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 22:25:02.0308 1488	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 22:25:02.0347 1488	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 22:25:02.0373 1488	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 22:25:02.0415 1488	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 22:25:02.0459 1488	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 22:25:02.0517 1488	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 22:25:02.0536 1488	fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 22:25:02.0596 1488	GA622T          (924206725fec3d529c4303e1d3186dde) C:\Windows\system32\DRIVERS\GA622ND5.SYS
2011/04/13 22:25:02.0627 1488	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/13 22:25:02.0679 1488	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 22:25:02.0732 1488	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/13 22:25:02.0764 1488	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/13 22:25:02.0823 1488	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 22:25:02.0873 1488	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 22:25:02.0902 1488	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/13 22:25:02.0928 1488	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/13 22:25:02.0965 1488	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 22:25:03.0002 1488	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/13 22:25:03.0060 1488	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 22:25:03.0086 1488	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/13 22:25:03.0119 1488	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 22:25:03.0161 1488	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/13 22:25:03.0200 1488	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/13 22:25:03.0309 1488	IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/13 22:25:03.0379 1488	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/13 22:25:03.0412 1488	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 22:25:03.0444 1488	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 22:25:03.0568 1488	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/13 22:25:03.0602 1488	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/13 22:25:03.0635 1488	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 22:25:03.0663 1488	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 22:25:03.0702 1488	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 22:25:03.0730 1488	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/13 22:25:03.0767 1488	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/13 22:25:03.0796 1488	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 22:25:03.0837 1488	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 22:25:03.0919 1488	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 22:25:03.0968 1488	L1E             (c61350992a67ea1edd3d314a11a99659) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/04/13 22:25:04.0034 1488	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/13 22:25:04.0058 1488	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 22:25:04.0105 1488	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/13 22:25:04.0139 1488	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/13 22:25:04.0166 1488	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/13 22:25:04.0185 1488	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/13 22:25:04.0250 1488	MDFSYSNT        (c7182501e051cc77f1bcaa1832a8c6ea) C:\Windows\system32\drivers\MDFSYSNT.sys
2011/04/13 22:25:04.0271 1488	MDPMGRNT        (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
2011/04/13 22:25:04.0304 1488	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/13 22:25:04.0332 1488	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/13 22:25:04.0390 1488	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/13 22:25:04.0410 1488	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 22:25:04.0432 1488	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 22:25:04.0453 1488	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 22:25:04.0489 1488	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 22:25:04.0526 1488	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/13 22:25:04.0548 1488	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 22:25:04.0574 1488	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/13 22:25:04.0634 1488	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 22:25:04.0673 1488	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 22:25:04.0702 1488	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 22:25:04.0719 1488	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 22:25:04.0746 1488	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/13 22:25:04.0767 1488	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 22:25:04.0803 1488	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 22:25:04.0825 1488	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 22:25:04.0866 1488	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 22:25:04.0917 1488	msloop          (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
2011/04/13 22:25:04.0953 1488	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 22:25:04.0978 1488	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 22:25:05.0002 1488	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 22:25:05.0050 1488	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 22:25:05.0101 1488	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 22:25:05.0188 1488	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/13 22:25:05.0207 1488	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/13 22:25:05.0251 1488	mv61xx          (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/13 22:25:05.0311 1488	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 22:25:05.0349 1488	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/13 22:25:05.0372 1488	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 22:25:05.0392 1488	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 22:25:05.0409 1488	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 22:25:05.0431 1488	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 22:25:05.0483 1488	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 22:25:05.0513 1488	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 22:25:05.0567 1488	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/13 22:25:05.0611 1488	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 22:25:05.0629 1488	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 22:25:05.0672 1488	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 22:25:05.0709 1488	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/13 22:25:05.0760 1488	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/13 22:25:05.0785 1488	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 22:25:05.0817 1488	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 22:25:05.0849 1488	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 22:25:05.0903 1488	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\Windows\system32\DRIVERS\nwlnkflt.sys
2011/04/13 22:25:05.0926 1488	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\Windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/13 22:25:05.0981 1488	NwlnkIpx        (79ea3fcda7067977625b3363a2657c80) C:\Windows\system32\DRIVERS\nwlnkipx.sys
2011/04/13 22:25:06.0037 1488	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/13 22:25:06.0109 1488	PAC207          (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/04/13 22:25:06.0154 1488	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/13 22:25:06.0187 1488	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 22:25:06.0214 1488	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/13 22:25:06.0277 1488	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/13 22:25:06.0300 1488	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/13 22:25:06.0325 1488	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/13 22:25:06.0366 1488	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/13 22:25:06.0410 1488	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/13 22:25:06.0471 1488	pfc             (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/04/13 22:25:06.0557 1488	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 22:25:06.0583 1488	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/13 22:25:06.0628 1488	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 22:25:06.0693 1488	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/13 22:25:06.0734 1488	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/13 22:25:06.0763 1488	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 22:25:06.0781 1488	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 22:25:06.0818 1488	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 22:25:06.0848 1488	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 22:25:06.0876 1488	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 22:25:06.0917 1488	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 22:25:06.0934 1488	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 22:25:06.0980 1488	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/13 22:25:07.0007 1488	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 22:25:07.0041 1488	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 22:25:07.0075 1488	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 22:25:07.0196 1488	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) D:\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
2011/04/13 22:25:07.0246 1488	SbieDrv         (a07d4747a6ebf15968cf5c891709d8f6) D:\Sandboxie\SbieDrv.sys
2011/04/13 22:25:07.0304 1488	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 22:25:07.0348 1488	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 22:25:07.0391 1488	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/13 22:25:07.0429 1488	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 22:25:07.0453 1488	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 22:25:07.0475 1488	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/13 22:25:07.0518 1488	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 22:25:07.0548 1488	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 22:25:07.0579 1488	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 22:25:07.0608 1488	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/13 22:25:07.0648 1488	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/13 22:25:07.0681 1488	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/13 22:25:07.0708 1488	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/13 22:25:07.0758 1488	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 22:25:07.0807 1488	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/13 22:25:07.0879 1488	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 22:25:07.0879 1488	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/13 22:25:07.0884 1488	sptd - detected Locked file (1)
2011/04/13 22:25:07.0950 1488	srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 22:25:07.0971 1488	srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 22:25:07.0988 1488	srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 22:25:08.0024 1488	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/13 22:25:08.0082 1488	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 22:25:08.0113 1488	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/13 22:25:08.0140 1488	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/13 22:25:08.0170 1488	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/13 22:25:08.0231 1488	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 22:25:08.0276 1488	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 22:25:08.0294 1488	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 22:25:08.0320 1488	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 22:25:08.0345 1488	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 22:25:08.0389 1488	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 22:25:08.0431 1488	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 22:25:08.0472 1488	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 22:25:08.0517 1488	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/13 22:25:08.0543 1488	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 22:25:08.0568 1488	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/13 22:25:08.0690 1488	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 22:25:08.0728 1488	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 22:25:08.0757 1488	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/13 22:25:08.0789 1488	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/13 22:25:08.0817 1488	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/13 22:25:08.0844 1488	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 22:25:08.0897 1488	UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) D:\Unlocker\UnlockerDriver5.sys
2011/04/13 22:25:08.0960 1488	USBAAPL         (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/13 22:25:09.0013 1488	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 22:25:09.0043 1488	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 22:25:09.0103 1488	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 22:25:09.0143 1488	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 22:25:09.0167 1488	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/13 22:25:09.0202 1488	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/13 22:25:09.0273 1488	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/13 22:25:09.0303 1488	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 22:25:09.0328 1488	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 22:25:09.0368 1488	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 22:25:09.0394 1488	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/13 22:25:09.0421 1488	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/13 22:25:09.0450 1488	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/13 22:25:09.0490 1488	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/13 22:25:09.0517 1488	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 22:25:09.0559 1488	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 22:25:09.0578 1488	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 22:25:09.0604 1488	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/13 22:25:09.0634 1488	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/13 22:25:09.0659 1488	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:25:09.0669 1488	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:25:09.0711 1488	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/13 22:25:09.0756 1488	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 22:25:09.0892 1488	WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/13 22:25:09.0950 1488	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 22:25:10.0012 1488	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/13 22:25:10.0047 1488	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 22:25:10.0091 1488	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/13 22:25:10.0126 1488	WSDScan         (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/13 22:25:10.0177 1488	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 22:25:10.0239 1488	zebrbus         (812a1e9b0dd3bf23606c32ce696d042b) C:\Windows\system32\DRIVERS\zebrbus.sys
2011/04/13 22:25:10.0284 1488	zebrmdfl        (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2011/04/13 22:25:10.0315 1488	zebrmdm         (5198070a595009871108091bc4b0e000) C:\Windows\system32\DRIVERS\zebrmdm.sys
2011/04/13 22:25:10.0345 1488	zebrmdmc        (29df5831f0d1ce863f23c53585736f32) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2011/04/13 22:25:10.0391 1488	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/13 22:25:11.0520 1488	================================================================================
2011/04/13 22:25:11.0520 1488	Scan finished
2011/04/13 22:25:11.0520 1488	================================================================================
2011/04/13 22:25:11.0529 4360	Detected object count: 2
2011/04/13 22:25:18.0443 4360	Locked file(sptd) - User select action: Skip 
2011/04/13 22:25:18.0503 4360	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 22:25:18.0503 4360	\HardDisk0 - ok
2011/04/13 22:25:18.0504 4360	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/13 22:25:23.0220 0600	Deinitialize success
         

Alt 14.04.2011, 09:13   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Zitat:
2011/04/13 22:25:11.0529 4360 Detected object count: 2
2011/04/13 22:25:18.0443 4360 Locked file(sptd) - User select action: Skip
2011/04/13 22:25:18.0503 4360 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 22:25:18.0503 4360 \HardDisk0 - ok
2011/04/13 22:25:18.0504 4360 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/13 22:25:23.0220 0600 Deinitialize success
TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2011, 13:21   #10
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Ok, er hat noch was gefunden. Hab noch nix angeklickt. Als präferierte Auswahl steht 'skip'.
Hier die Log-Datei:
Code:
ATTFilter
2011/04/14 13:29:26.0668 5128	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/14 13:29:26.0951 5128	================================================================================
2011/04/14 13:29:26.0952 5128	SystemInfo:
2011/04/14 13:29:26.0952 5128	
2011/04/14 13:29:26.0952 5128	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/14 13:29:26.0952 5128	Product type: Workstation
2011/04/14 13:29:26.0952 5128	ComputerName: WAFFEL-ICE
2011/04/14 13:29:26.0952 5128	UserName: Daniel
2011/04/14 13:29:26.0952 5128	Windows directory: C:\Windows
2011/04/14 13:29:26.0952 5128	System windows directory: C:\Windows
2011/04/14 13:29:26.0952 5128	Processor architecture: Intel x86
2011/04/14 13:29:26.0952 5128	Number of processors: 2
2011/04/14 13:29:26.0952 5128	Page size: 0x1000
2011/04/14 13:29:26.0952 5128	Boot type: Normal boot
2011/04/14 13:29:26.0952 5128	================================================================================
2011/04/14 13:29:29.0561 5128	Initialize success
2011/04/14 13:30:05.0569 5804	================================================================================
2011/04/14 13:30:05.0569 5804	Scan started
2011/04/14 13:30:05.0569 5804	Mode: Manual; 
2011/04/14 13:30:05.0569 5804	================================================================================
2011/04/14 13:30:06.0165 5804	AbilisT         (bba404351f75beac27d9eb38db32f526) C:\Windows\system32\DRIVERS\AbilisBdaTuner.sys
2011/04/14 13:30:06.0206 5804	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/14 13:30:06.0272 5804	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/14 13:30:06.0313 5804	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/14 13:30:06.0340 5804	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/14 13:30:06.0375 5804	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/14 13:30:06.0434 5804	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/14 13:30:06.0478 5804	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/14 13:30:06.0509 5804	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/14 13:30:06.0547 5804	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/14 13:30:06.0582 5804	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/14 13:30:06.0610 5804	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/14 13:30:06.0636 5804	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/14 13:30:06.0664 5804	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/14 13:30:06.0812 5804	amdkmdag        (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/14 13:30:06.0899 5804	amdkmdap        (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/14 13:30:07.0004 5804	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/14 13:30:07.0035 5804	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/14 13:30:07.0080 5804	AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/04/14 13:30:07.0164 5804	aswFsBlk        (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/14 13:30:07.0208 5804	aswMonFlt       (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/14 13:30:07.0232 5804	aswRdr          (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/14 13:30:07.0271 5804	aswSnx          (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/14 13:30:07.0315 5804	aswSP           (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/14 13:30:07.0351 5804	aswTdi          (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/14 13:30:07.0382 5804	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/14 13:30:07.0412 5804	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/14 13:30:07.0473 5804	AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
2011/04/14 13:30:07.0601 5804	atikmdag        (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/14 13:30:07.0702 5804	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/14 13:30:07.0781 5804	avgio           (87828ecd657f81503465ac705e845076) C:\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/04/14 13:30:07.0809 5804	avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/04/14 13:30:07.0835 5804	avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/14 13:30:07.0884 5804	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/14 13:30:07.0923 5804	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/14 13:30:07.0951 5804	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/14 13:30:07.0991 5804	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/14 13:30:08.0011 5804	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/14 13:30:08.0041 5804	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/14 13:30:08.0074 5804	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/14 13:30:08.0104 5804	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/14 13:30:08.0127 5804	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/14 13:30:08.0150 5804	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/14 13:30:08.0176 5804	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/14 13:30:08.0222 5804	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/14 13:30:08.0252 5804	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/14 13:30:08.0293 5804	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/14 13:30:08.0336 5804	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/14 13:30:08.0368 5804	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/14 13:30:08.0389 5804	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/14 13:30:08.0414 5804	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/14 13:30:08.0456 5804	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/14 13:30:08.0492 5804	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/14 13:30:08.0553 5804	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/14 13:30:08.0618 5804	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/14 13:30:08.0648 5804	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/14 13:30:08.0671 5804	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/14 13:30:08.0715 5804	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/14 13:30:08.0761 5804	DroidCam        (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
2011/04/14 13:30:08.0811 5804	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/14 13:30:08.0857 5804	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/14 13:30:08.0908 5804	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/14 13:30:08.0952 5804	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/04/14 13:30:08.0966 5804	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/14 13:30:09.0007 5804	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/14 13:30:09.0043 5804	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/14 13:30:09.0084 5804	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/14 13:30:09.0138 5804	ezplay          (73e701e0fa4d2fc7d22efceff276c50a) C:\Windows\system32\Drivers\ezplay.sys
2011/04/14 13:30:09.0185 5804	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/14 13:30:09.0219 5804	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/14 13:30:09.0257 5804	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/14 13:30:09.0283 5804	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/14 13:30:09.0309 5804	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/14 13:30:09.0336 5804	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/14 13:30:09.0394 5804	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/14 13:30:09.0413 5804	fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/14 13:30:09.0473 5804	GA622T          (924206725fec3d529c4303e1d3186dde) C:\Windows\system32\DRIVERS\GA622ND5.SYS
2011/04/14 13:30:09.0504 5804	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/14 13:30:09.0548 5804	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/14 13:30:09.0600 5804	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/14 13:30:09.0625 5804	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/14 13:30:09.0675 5804	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/14 13:30:09.0725 5804	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/14 13:30:09.0746 5804	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/14 13:30:09.0772 5804	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/14 13:30:09.0795 5804	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/14 13:30:09.0821 5804	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/14 13:30:09.0871 5804	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/14 13:30:09.0897 5804	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/14 13:30:09.0938 5804	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/14 13:30:09.0963 5804	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/14 13:30:09.0994 5804	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/14 13:30:10.0095 5804	IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/14 13:30:10.0148 5804	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/14 13:30:10.0173 5804	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/14 13:30:10.0205 5804	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/14 13:30:10.0255 5804	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/14 13:30:10.0280 5804	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/14 13:30:10.0304 5804	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/14 13:30:10.0333 5804	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/14 13:30:10.0380 5804	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/14 13:30:10.0408 5804	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/14 13:30:10.0445 5804	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/14 13:30:10.0466 5804	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/14 13:30:10.0515 5804	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/14 13:30:10.0580 5804	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/14 13:30:10.0637 5804	L1E             (c61350992a67ea1edd3d314a11a99659) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/04/14 13:30:10.0704 5804	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/14 13:30:10.0736 5804	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/14 13:30:10.0775 5804	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/14 13:30:10.0809 5804	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/14 13:30:10.0844 5804	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/14 13:30:10.0862 5804	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/14 13:30:10.0928 5804	MDFSYSNT        (c7182501e051cc77f1bcaa1832a8c6ea) C:\Windows\system32\drivers\MDFSYSNT.sys
2011/04/14 13:30:10.0958 5804	MDPMGRNT        (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
2011/04/14 13:30:10.0990 5804	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/14 13:30:11.0027 5804	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/14 13:30:11.0159 5804	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/14 13:30:11.0204 5804	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/14 13:30:11.0226 5804	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/14 13:30:11.0248 5804	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/14 13:30:11.0275 5804	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/14 13:30:11.0312 5804	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/14 13:30:11.0334 5804	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/14 13:30:11.0360 5804	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/14 13:30:11.0412 5804	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/14 13:30:11.0450 5804	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/14 13:30:11.0471 5804	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/14 13:30:11.0486 5804	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/14 13:30:11.0516 5804	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/14 13:30:11.0537 5804	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/14 13:30:11.0572 5804	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/14 13:30:11.0595 5804	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/14 13:30:11.0627 5804	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/14 13:30:11.0678 5804	msloop          (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
2011/04/14 13:30:11.0714 5804	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/14 13:30:11.0739 5804	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/14 13:30:11.0772 5804	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/14 13:30:11.0811 5804	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/14 13:30:11.0854 5804	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/14 13:30:11.0899 5804	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/14 13:30:11.0918 5804	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/14 13:30:11.0962 5804	mv61xx          (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/14 13:30:12.0014 5804	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/14 13:30:12.0060 5804	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/14 13:30:12.0092 5804	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/14 13:30:12.0111 5804	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/14 13:30:12.0129 5804	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/14 13:30:12.0150 5804	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/14 13:30:12.0194 5804	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/14 13:30:12.0216 5804	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/14 13:30:12.0270 5804	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/14 13:30:12.0305 5804	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/14 13:30:12.0323 5804	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/14 13:30:12.0367 5804	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/14 13:30:12.0395 5804	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/14 13:30:12.0422 5804	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/14 13:30:12.0446 5804	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/14 13:30:12.0470 5804	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/14 13:30:12.0502 5804	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/14 13:30:12.0548 5804	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\Windows\system32\DRIVERS\nwlnkflt.sys
2011/04/14 13:30:12.0570 5804	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\Windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/14 13:30:12.0617 5804	NwlnkIpx        (79ea3fcda7067977625b3363a2657c80) C:\Windows\system32\DRIVERS\nwlnkipx.sys
2011/04/14 13:30:12.0682 5804	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/14 13:30:12.0754 5804	PAC207          (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/04/14 13:30:12.0790 5804	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/14 13:30:12.0836 5804	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/14 13:30:12.0859 5804	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/14 13:30:12.0913 5804	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/14 13:30:12.0937 5804	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/14 13:30:12.0970 5804	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/14 13:30:13.0011 5804	pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/14 13:30:13.0071 5804	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/14 13:30:13.0124 5804	pfc             (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/04/14 13:30:13.0218 5804	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/14 13:30:13.0244 5804	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/14 13:30:13.0281 5804	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/14 13:30:13.0346 5804	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/14 13:30:13.0379 5804	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/14 13:30:13.0408 5804	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/14 13:30:13.0426 5804	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/14 13:30:13.0446 5804	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/14 13:30:13.0476 5804	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/14 13:30:13.0505 5804	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/14 13:30:13.0552 5804	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/14 13:30:13.0568 5804	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/14 13:30:13.0608 5804	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/14 13:30:13.0623 5804	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/14 13:30:13.0652 5804	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/14 13:30:13.0687 5804	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/14 13:30:13.0816 5804	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) D:\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
2011/04/14 13:30:13.0866 5804	SbieDrv         (a07d4747a6ebf15968cf5c891709d8f6) D:\Sandboxie\SbieDrv.sys
2011/04/14 13:30:13.0908 5804	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/14 13:30:13.0951 5804	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/14 13:30:13.0994 5804	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/14 13:30:14.0032 5804	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/14 13:30:14.0056 5804	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/14 13:30:14.0078 5804	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/14 13:30:14.0121 5804	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/14 13:30:14.0152 5804	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/14 13:30:14.0183 5804	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/14 13:30:14.0211 5804	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/14 13:30:14.0243 5804	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/14 13:30:14.0267 5804	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/14 13:30:14.0295 5804	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/14 13:30:14.0345 5804	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/14 13:30:14.0394 5804	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/14 13:30:14.0457 5804	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/14 13:30:14.0457 5804	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/14 13:30:14.0461 5804	sptd - detected Locked file (1)
2011/04/14 13:30:14.0512 5804	srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/14 13:30:14.0536 5804	srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/14 13:30:14.0554 5804	srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/14 13:30:14.0601 5804	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/14 13:30:14.0669 5804	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/14 13:30:14.0700 5804	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/14 13:30:14.0719 5804	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/14 13:30:14.0740 5804	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/14 13:30:14.0802 5804	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/14 13:30:14.0829 5804	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/14 13:30:14.0847 5804	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/14 13:30:14.0874 5804	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/14 13:30:14.0907 5804	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/14 13:30:14.0934 5804	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/14 13:30:14.0984 5804	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/14 13:30:15.0033 5804	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/14 13:30:15.0087 5804	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/14 13:30:15.0113 5804	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/14 13:30:15.0138 5804	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/14 13:30:15.0177 5804	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/14 13:30:15.0215 5804	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/14 13:30:15.0244 5804	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/14 13:30:15.0268 5804	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/14 13:30:15.0288 5804	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/14 13:30:15.0314 5804	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/14 13:30:15.0375 5804	UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) D:\Unlocker\UnlockerDriver5.sys
2011/04/14 13:30:15.0447 5804	USBAAPL         (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/14 13:30:15.0500 5804	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/14 13:30:15.0530 5804	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/14 13:30:15.0582 5804	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/14 13:30:15.0606 5804	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/14 13:30:15.0629 5804	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/14 13:30:15.0664 5804	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/14 13:30:15.0719 5804	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/14 13:30:15.0749 5804	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/14 13:30:15.0774 5804	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/14 13:30:15.0822 5804	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/14 13:30:15.0848 5804	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/14 13:30:15.0875 5804	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/14 13:30:15.0904 5804	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/14 13:30:15.0928 5804	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/14 13:30:15.0954 5804	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/14 13:30:15.0996 5804	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/14 13:30:16.0016 5804	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/14 13:30:16.0066 5804	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/14 13:30:16.0097 5804	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/14 13:30:16.0121 5804	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 13:30:16.0131 5804	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 13:30:16.0173 5804	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/14 13:30:16.0235 5804	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/14 13:30:16.0354 5804	WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/14 13:30:16.0396 5804	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/14 13:30:16.0466 5804	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/14 13:30:16.0493 5804	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/14 13:30:16.0537 5804	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/14 13:30:16.0572 5804	WSDScan         (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/14 13:30:16.0623 5804	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/14 13:30:16.0685 5804	zebrbus         (812a1e9b0dd3bf23606c32ce696d042b) C:\Windows\system32\DRIVERS\zebrbus.sys
2011/04/14 13:30:16.0722 5804	zebrmdfl        (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2011/04/14 13:30:16.0752 5804	zebrmdm         (5198070a595009871108091bc4b0e000) C:\Windows\system32\DRIVERS\zebrmdm.sys
2011/04/14 13:30:16.0791 5804	zebrmdmc        (29df5831f0d1ce863f23c53585736f32) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2011/04/14 13:30:19.0806 5804	================================================================================
2011/04/14 13:30:19.0806 5804	Scan finished
2011/04/14 13:30:19.0806 5804	================================================================================
2011/04/14 13:30:19.0815 5216	Detected object count: 1
2011/04/14 13:30:31.0324 5216	Locked file(sptd) - User select action: Skip
         
Ansonsten nen Screenshot von dem Fund:
Miniaturansicht angehängter Grafiken
Windows Recovery Malware. Halbwegs beseitigt.-tdss.jpg  

Geändert von ghosti (14.04.2011 um 13:34 Uhr)

Alt 14.04.2011, 14:20   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



SPTD ist ok.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2011, 16:01   #12
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



JAAA, es sind wieder alle Dateien sichtbar. Auch im Startmenu
Herzlichsten Dank! Der Combo Fix hat soweit geklappt. Hier das
Logfile.
Code:
ATTFilter
ComboFix 11-04-13.04 - Daniel 14.04.2011  15:49:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.3326.1845 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\programdata\Adobe Systems
c:\programdata\Adobe Systems\Product licenses\B302D000.dat
c:\users\Daniel\AppData\Roaming\Adobe\plugs
c:\users\Daniel\AppData\Roaming\Adobe\shed
c:\users\Daniel\AppData\Roaming\ezplay.sys
c:\users\Daniel\AppData\Roaming\FFSJ
c:\users\Daniel\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Daniel\AppData\Roaming\inst.exe
c:\users\Daniel\AppData\Roaming\pcouffin.sys
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\install.exe
c:\windows\system32\msvbvtbsr.dll
c:\windows\system32\ReadMe.txt
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-14 bis 2011-04-14  ))))))))))))))))))))))))))))))
.
.
2011-04-22 16:36 . 2011-04-22 16:50	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\CD Art Display
2011-04-22 16:36 . 2009-09-05 18:28	69632	---ha-w-	c:\windows\cadSSaver.scr
2011-04-22 16:36 . 2003-01-27 12:27	94208	---ha-w-	c:\windows\system32\wmpuice.dll
2011-04-14 11:25 . 2011-04-14 11:25	--------	d-----w-	c:\users\Daniel\AppData\Local\{3DFF2B66-D81C-4D3D-9C49-784BC6AECEF6}
2011-04-13 19:45 . 2011-04-14 11:17	879400	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-04-13 17:19 . 2011-04-13 17:19	--------	d-----w-	c:\users\Daniel\AppData\Local\{3053ADE2-B98D-42F2-8217-D0F20798665F}
2011-04-13 15:10 . 2011-04-13 15:10	--------	d-----w-	C:\_OTL
2011-04-12 21:43 . 2011-02-23 13:56	371544	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-04-12 19:14 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 19:14 . 2011-04-12 19:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-12 19:14 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-10 12:09 . 2011-04-10 12:09	--------	d--h--w-	c:\users\Daniel\AppData\Local\FontCreator
2011-04-10 12:09 . 2011-04-10 12:22	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\FontCreator
2011-04-10 10:21 . 2011-04-10 18:22	--------	d--h--w-	c:\users\Daniel\Desktop Backup
2011-04-10 10:14 . 2010-01-06 11:13	506368	---ha-w-	c:\windows\system32\sqlite3.dll
2011-04-10 10:12 . 2011-04-10 10:17	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\Rainmeter
2011-04-08 14:58 . 2011-04-08 14:58	--------	d--h--w-	c:\users\Daniel\AppData\Local\{5013EB7B-6E48-46AA-B462-8CA07972FDF3}
2011-04-07 13:17 . 2011-04-07 13:18	--------	d--h--w-	c:\users\Daniel\AppData\Local\{EFB03396-6F5F-47F4-AF4D-E93303F65884}
2011-04-06 17:53 . 2011-04-06 17:53	--------	d--h--w-	c:\users\Daniel\AppData\Local\{8836FA2F-280B-49C0-AB59-2341A148E93F}
2011-04-05 18:39 . 2011-04-05 18:40	--------	d--h--w-	c:\users\Daniel\AppData\Local\{845D655F-8206-4D7A-B232-61AEA3801158}
2011-04-04 16:04 . 2011-04-04 16:04	--------	d--h--w-	c:\users\Daniel\AppData\Local\{8CA62E4A-5208-4D8C-AAA0-0079E966645C}
2011-04-03 09:43 . 2011-04-03 09:43	--------	d--h--w-	c:\users\Daniel\AppData\Local\{9650D6D0-DBD7-4F53-AA9C-48DBCA72ADED}
2011-04-02 11:22 . 2011-04-02 11:22	--------	d--h--w-	c:\users\Daniel\AppData\Local\{C0DE76CA-12A0-43A3-AECD-FDFF6D343B27}
2011-04-01 07:47 . 2011-04-01 07:48	--------	d--h--w-	c:\users\Daniel\AppData\Local\{BCB40123-1D4B-4552-BCE7-842D1404FB3E}
2011-03-31 15:13 . 2011-03-31 15:13	--------	d--h--w-	c:\users\Daniel\AppData\Local\{DE58054B-7FA0-46C4-993E-59F18D7F9D86}
2011-03-30 17:05 . 2011-03-30 17:05	--------	d--h--w-	c:\users\Daniel\AppData\Local\{21768AF1-9AEC-4E1A-8A75-B52E16E04468}
2011-03-29 17:04 . 2011-03-29 17:05	--------	d--h--w-	c:\users\Daniel\AppData\Local\{7D8DCAA7-6CAC-44B6-93A7-0FBD78A5CA87}
2011-03-28 17:53 . 2011-03-28 17:53	--------	d--h--w-	c:\users\Daniel\AppData\Local\{B1379F96-D63B-422F-9E01-C1DEBE70B07C}
2011-03-27 13:19 . 2011-03-27 13:19	--------	d--h--w-	c:\users\Daniel\AppData\Local\{FB190D08-B318-428A-B153-CEF0E7D35BB4}
2011-03-26 14:50 . 2011-03-26 14:51	--------	d--h--w-	c:\users\Daniel\AppData\Local\{3DD98622-FC66-4C4E-AE04-F6FE0CE2B852}
2011-03-25 12:22 . 2011-03-25 12:22	--------	d--h--w-	c:\users\Daniel\AppData\Local\{1E50BA37-7E3C-45A9-83A0-394CBAAAB437}
2011-03-24 21:36 . 2011-03-24 21:37	--------	d--h--w-	c:\users\Daniel\AppData\Local\{F7E2855C-47DF-433F-8643-1B56F03C3157}
2011-03-24 09:36 . 2011-03-24 09:36	--------	d--h--w-	c:\users\Daniel\AppData\Local\{6063EAB0-D0D9-4B98-94EE-CD922589AFE0}
2011-03-23 10:06 . 2011-03-23 10:06	--------	d--h--w-	c:\users\Daniel\AppData\Local\{670DB61A-E2E7-4247-80B1-BD241BB79DBD}
2011-03-22 19:31 . 2011-03-22 19:31	--------	d--h--w-	c:\users\Daniel\AppData\Local\{F3B35707-BC22-4B2B-8CC3-FE7B9A381939}
2011-03-21 19:28 . 2011-03-21 19:28	189248	---ha-w-	c:\windows\system32\PnkBstrB.exe
2011-03-21 19:28 . 2011-03-21 19:28	75136	---ha-w-	c:\windows\system32\PnkBstrA.exe
2011-03-21 19:28 . 2011-03-21 19:28	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\PunkBuster
2011-03-21 13:35 . 2011-03-21 13:36	--------	d--h--w-	c:\users\Daniel\AppData\Local\{AA70CE0D-1E35-4599-8020-384072341BFA}
2011-03-18 11:36 . 2011-03-18 11:36	--------	d--h--w-	c:\users\Daniel\AppData\Local\{31EDE5E4-DD44-4645-AA7B-32B2E225C346}
2011-03-16 18:50 . 2011-03-16 18:50	--------	d--h--w-	c:\users\Daniel\AppData\Local\{E7930CA0-B070-420A-866C-2957ABE6E00F}
2011-03-15 16:46 . 2011-03-15 16:47	--------	d--h--w-	c:\users\Daniel\AppData\Local\{B91DB9FD-0F57-4BA9-AD01-E11BAD74E68C}
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 17:17 . 2011-03-13 17:17	94208	---ha-w-	c:\windows\system32\drivers\ezplay.sys
2011-03-09 09:49 . 2010-06-24 10:33	18328	---ha-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 09:57 . 2011-03-07 09:57	1222408	---ha-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-23 14:04 . 2010-07-30 15:12	40648	----a-w-	c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-05-15 17:58	190016	----a-w-	c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-05-15 17:59	301528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-05-15 17:59	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-05-15 17:59	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-05-15 17:59	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-05-15 17:59	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-02-21 14:32 . 2008-01-21 02:21	57400	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2011-02-08 12:36 . 2011-02-08 12:36	22656	---ha-w-	c:\windows\system32\drivers\droidcam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04	122512	----a-w-	d:\avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-01-20 1702912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-22 7289376]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"avast5"="d:\avast5\avastUI.exe" [2011-02-23 3451496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"CloneCDTray"="d:\slysoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
Rainmeter.lnk - d:\rainmeter\Rainmeter.exe [2011-2-6 99840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CLS 2011.10.lnk - c:\windows\Installer\{40CE80E6-4E55-489B-A271-40724510F703}\NewShortcut11.70787B93_F30E_4877_AFB6_34DDA9EE532D.exe [2011-1-11 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43	640376	----a-w-	d:\acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25	37232	----a-w-	d:\acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	d:\acrobat reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	---ha-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-02 04:52	205256	----a-w-	d:\alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allway Sync]
2009-10-22 13:27	79568	----a-w-	d:\allway sync\Bin\syncappw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 14:35	202024	---ha-w-	c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:23	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoodSync]
2010-01-22 21:31	3823288	----a-w-	d:\goodsync\GoodSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59	421160	----a-w-	d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 13:55	323584	---ha-w-	c:\windows\PixArt\i-Look110\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17	421888	---ha-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2011-01-20 09:26	1702912	---ha-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-05-06 11:58	306088	----a-w-	d:\gta 4\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39	336896	----a-w-	d:\sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-02-22 11:42	26101032	---ha-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-10 11:26	149280	---ha-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12	234856	----a-w-	d:\tomtom home 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33	15872	----a-w-	d:\unlocker\UnlockerAssistant.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVBVRecorder;DVBViewer Recording Service;d:\dvbviewer\DVBVservice.exe [2010-10-16 617600]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;d:\autodesk inventor\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [x]
R3 GA622T;NETGEAR GA622T Gigabit UTP Adapter;c:\windows\system32\DRIVERS\GA622ND5.SYS [2001-12-05 34516]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-17 13224]
R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware sandra lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-10 19968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-19 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 AbilisT;EyeTV DTT Deluxe (2009) Service;c:\windows\system32\DRIVERS\AbilisBdaTuner.sys [2009-12-08 122720]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-08-16 100368]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-02-08 22656]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-17 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\el7i34hd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKCU-Run-Power Off Monitor - d:\power monitor off\PowerMonitorOff.exe
MSConfigStartUp-MsnMsgr - c:\progra~1\MSNMES~1\msnmsgr.exe
MSConfigStartUp-StickyNotes - d:\stickynotes\StickyNotes.exe
MSConfigStartUp-SyncroNaut Timer - d:\syncronaut\SYSTEM\Timer4.exe
AddRemove-WOLAPI - d:\alarmstufe rot 2\Internetkomponenten\UnstllAP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-14 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-651202421-3400200994-3118346361-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,49,ff,36,ce,0a,a7,ad,8d,c4,32,18,21,f3,c2,a4,b5,f7,a3,4c,cb,
   fb,5d,36,4b,be,35,76,e9,e3,16,04,72,88,0e,2a,fe,b4,51,62,6a,bb,35,43,bb,b6,\
"rkeysecu"=hex:0c,71,d8,90,96,28,f2,c2,b9,d2,fe,c6,78,73,ba,ec
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-14  15:57:28
ComboFix-quarantined-files.txt  2011-04-14 13:57
.
Vor Suchlauf: 9.816.408.064 Bytes frei
Nach Suchlauf: 9.747.030.016 Bytes frei
.
- - End Of File - - 964BDD1E0074D8F6538245237A602463
         
Gibts noch weiteres zu tun?

Alt 14.04.2011, 16:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2011, 17:12   #14
ghosti
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



So, ich habe hier jetzt drei Logfiles.
GMER ist einmal abgeschmiert, ansonsten lief es rund.
OSAM ist ziemlich schnell gewesen, stimmt das so?

hxxp://dl.dropbox.com/u/16632825/board/gmer.log
hxxp://dl.dropbox.com/u/16632825/board/osam.log
hxxp://dl.dropbox.com/u/16632825/board/MBRCheck_04.14.11_17.07.19.txt

Danke

Alt 14.04.2011, 18:44   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware. Halbwegs beseitigt. - Standard

Windows Recovery Malware. Halbwegs beseitigt.



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows Recovery Malware. Halbwegs beseitigt.
angemeldet, anti-malware, ausgelastet, avast, beendet, blue, bösartige website, computer, dateien, dateien versteckt, eingefangen, entfernung, extras.txt, fehler, forum, gen, helper, iexplorer.exe, internet, logfiles, malwarebytes, problem, programm, prozesse, recovery, scan, trojan, windows



Ähnliche Themen: Windows Recovery Malware. Halbwegs beseitigt.


  1. WIndows 7 stürzt mit Bluescreens ab, Malware beseitigt
    Alles rund um Windows - 24.05.2013 (11)
  2. GVU Zahlungsaufforderung Trojaner mit Malwarebytes Anti-Malware beseitigt Schritt 2
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (2)
  3. Viren Yabectot, Malware-gen, GenericBT beseitigt?
    Log-Analyse und Auswertung - 16.09.2011 (29)
  4. Malware Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 11.05.2011 (23)
  5. Windows recovery Malware
    Log-Analyse und Auswertung - 09.05.2011 (11)
  6. Windows Recovery Malware
    Log-Analyse und Auswertung - 08.05.2011 (22)
  7. Windows Recovery Malware
    Log-Analyse und Auswertung - 05.05.2011 (32)
  8. Diverse Trojaner, Nicht mehr funktionsfähiges AntiVir, Windows Recovery Malware
    Log-Analyse und Auswertung - 25.04.2011 (1)
  9. Malware Windows Recovery !
    Log-Analyse und Auswertung - 21.04.2011 (4)
  10. Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (23)
  11. 'Windows Recovery' Rogue Malware / nun unerwünschte Umleitungen auf andere Seiten
    Log-Analyse und Auswertung - 14.04.2011 (1)
  12. Windows Recovery Malware Logfiles
    Log-Analyse und Auswertung - 14.04.2011 (11)
  13. Probleme nach Windows Recovery Malware Befall
    Log-Analyse und Auswertung - 07.04.2011 (37)
  14. [Windows 7]Malware kann nicht beseitigt werden
    Log-Analyse und Auswertung - 15.05.2010 (1)
  15. Malware Defense/Security Alert --->Alles beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (8)
  16. Malware beseitigt? kurzen Ratschlag bitte, danke!:)
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (1)
  17. Malware-Batzen beseitigt, wie sicher kann ich sein?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2008 (22)

Zum Thema Windows Recovery Malware. Halbwegs beseitigt. - Hallo, ich habe mich hier angemeldet, weil auch ich mir diesen Windows Recovery Mist eingefangen hab. Nachdem im Internet empfohlen wurde, Trojan Killer zu installieren, hab ich das gemacht. Aber - Windows Recovery Malware. Halbwegs beseitigt....
Archiv
Du betrachtest: Windows Recovery Malware. Halbwegs beseitigt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.