Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Winlogon.exe und ein Kerl Namens Martin Prikryl (https://www.trojaner-board.de/105819-winlogon-exe-kerl-namens-martin-prikryl.html)

Wolfizero 05.12.2011 07:04
Winlogon.exe und ein Kerl Namens Martin Prikryl
 
Avira Antivir meldete sich plötzlich und zum Anlass schickte ich Malwarebytes Anti-Malware losgeschickt. Einiges gefunden (besonders in System32-Ordner). Allerdings krieg ich die hartnäckigen nicht weg und Probleme mit den Scan-Programmen hatte ich auch noch, also poste ich erstmal alles was ging. Gmer Scan stoppt und schließt selbst nach einigen Sekunden, nach Beginn des Scans. Defogger funktioniert nicht, Disable liegt im Anhang.

http://img40.imageshack.us/img40/4563/0512a.jpg


Nachtrag: Der Bericht des ersten kompletten Systemscans mit Anti-Malware
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8312

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

05.12.2011 05:59:42
mbam-log-2011-12-05 (05-59-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 705801
Laufzeit: 4 Stunde(n), 21 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15

Infizierte Speicherprozesse:
c:\programdata\winlogon.exe (Trojan.Agent.Gen) -> 1608 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft  Service (Trojan.Agent.Gen) -> Value: Microsoft  Service -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Wolfi\downloads\ins-bse1200.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\program files\CPUCooL\instser.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\pss\winlogon.exe.startup (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\rijai.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\jdxdx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\lgazz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\mphqw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\orjlg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\pslny.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\vteae.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\wioqb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\yajhi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\ygnci.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\winlogon.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

cosinus 05.12.2011 12:50
Martin Prikryl ist der Autor von Was ist WinSCP :: WinSCP


Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Wolfizero 05.12.2011 22:24
ESET-Log

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a641b9773186da44bb4c9ebf914d2259
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-05 09:21:17
# local_time=2011-12-05 10:21:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 56780678 56780678 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 67212 98005422 59218 0
# compatibility_mode=5892 16776573 100 100 4269 160641586 0 0
# compatibility_mode=8192 67108863 100 0 3782 3782 0 0
# scanned=521666
# found=4
# cleaned=0
# scan_time=11218
C:\Program Files\Die 15 beliebtesten Kartenspiele\bin\cardssn.dll        probably a variant of Win32/Agent.BUDMVXA trojan (unable to clean)        00000000000000000000000000000000        I
C:\TransportGigant\transportgiant.exe        probably a variant of Win32/Agent.NXEQNXH trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Wolfi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\48a71381-6f3e0069        a variant of Java/TrojanDownloader.Agent.NCT trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Wolfi\Downloads\Nemo__s_Whores_1.1.rar        a variant of Win32/Packed.MoleboxUltra application (unable to clean)        00000000000000000000000000000000        I

cosinus 05.12.2011 22:39
Zitat:
C:\Users\Wolfi\Downloads\Nemo__s_Whores_1.1.rar
Was ist das denn? :confused:

Wolfizero 05.12.2011 22:50
Zitat:
Zitat von cosinus (Beitrag 730296)
Was ist das denn? :confused:
Nichts von außerprivater Relevanz ;) Weg mit allen Sachen, die gefunden worden sind?

cosinus 06.12.2011 08:20
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/service/redir/ie_suche.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.t-online.de;localhost;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "about:neterror?e=query&u="
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\Shell - "" = AutoRun
O33 - MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{2906ace5-2acf-11df-8159-d415a5649007}\Shell - "" = AutoRun
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell - "" = AutoRun
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell\AutoRun\command - "" = A:\.\KANAUST.exe
O33 - MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\Shell\dxinst\command - "" = A:\.\dxsetup.exe
O33 - MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\Shell - "" = AutoRun
O33 - MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\D\Shell\install\command - "" = D:\autorun.exe
MsConfig - StartUpFolder: C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winlogon.exe -  - File not found
[2011.12.05 01:37:10 | 000,210,944 | ---- | C] (Martin Prikryl) -- C:\Windows\System32\kvhou.exe
[2011.12.05 01:36:34 | 000,210,944 | ---- | C] (Martin Prikryl) -- C:\Windows\System32\phpse.exe
[2011.12.04 17:20:20 | 000,210,944 | ---- | M] (Martin Prikryl) -- C:\Windows\System32\mdlsf.exe
[2011.12.04 17:20:16 | 000,210,944 | ---- | M] (Martin Prikryl) -- C:\Windows\System32\mxuhc.exe
[2011.05.07 11:00:33 | 000,000,000 | ---D | M] -- C:\!KillBox
[2010.07.16 17:56:38 | 000,000,000 | ---D | M] -- C:\~MSSETUP.T
:Files
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wolfizero 06.12.2011 08:55
Und hier der Log des OTL-Fixes

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q=" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: unplug@compunach:2.047 removed from extensions.enabledItems
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "about:neterror?e=query&u=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Wolfi\AppData\Roaming\Mozilla\FireFox\Profiles\r6307irc.default\user.js moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118feb91-9260-11df-a736-da30cbdf2a01}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2906ace5-2acf-11df-8159-d415a5649007}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2906ace5-2acf-11df-8159-d415a5649007}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
File A:\.\KANAUST.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b48697d9-1ab8-11df-9035-d84b643effa6}\ not found.
File A:\.\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb58368a-6010-11e0-a731-949bed0e7edc}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk\ deleted successfully.
C:\Windows\pss\PowerStrip.lnk.Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Wolfi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winlogon.exe\ deleted successfully.
File C:\Windows\pss\winlogon.exe.Startup not found.
C:\Windows\System32\kvhou.exe moved successfully.
C:\Windows\System32\phpse.exe moved successfully.
C:\Windows\System32\mdlsf.exe moved successfully.
C:\Windows\System32\mxuhc.exe moved successfully.
C:\!KillBox\Logs folder moved successfully.
C:\!KillBox folder moved successfully.
C:\~MSSETUP.T\~MSSTFQF.T folder moved successfully.
C:\~MSSETUP.T folder moved successfully.
========== FILES ==========
C:\Users\Wolfi\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Wolfi
->Temp folder emptied: 203384540 bytes
->Temporary Internet Files folder emptied: 73118145 bytes
->Java cache emptied: 21955987 bytes
->FireFox cache emptied: 116259352 bytes
->Flash cache emptied: 174483 bytes
 
User: yfl
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1827017 bytes
%systemroot%\System32 .tmp files removed: 1594688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343766 bytes
RecycleBin emptied: 4195888444 bytes
 
Total Files Cleaned = 4.401,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_084807

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 06.12.2011 09:19
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Wolfizero 06.12.2011 10:37
Zitat:
Zitat von cosinus (Beitrag 730343)
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
Hatte ganz vergessen, wie lange so ein Upload sein kann. Bin fertig und müsste auch alles geklappt haben.

cosinus 06.12.2011 11:36
Ich glaube die Datei war zu groß. Lade sie hier mal hoch => File-Upload.net - Ihr kostenloser File Hoster!
und verlink das gnaze hier dann

Wolfizero 06.12.2011 12:18
Das ganze ist knapp 200 MB groß, darum mache ich das mit uploaded.to und hoffe mal stark, dass das auch klappt. 50 kb/s uploadspeed und ich könnte brechen.

cosinus 06.12.2011 13:16
Äh dann lass den Upload bitte einfach sein :D

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Wolfizero 06.12.2011 13:28
Ok, scheint zu klappen. hxxp://ul.to/2976vr0u

Nachtrag: grrrr, zu spät gesehen und gerade erst gepostet^^

Wolfizero 06.12.2011 13:35
TDSSKiller-Log

Code:
13:31:07.0646 2256        TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:31:07.0948 2256        ============================================================
13:31:07.0948 2256        Current date / time: 2011/12/06 13:31:07.0948
13:31:07.0948 2256        SystemInfo:
13:31:07.0948 2256       
13:31:07.0948 2256        OS Version: 6.0.6002 ServicePack: 2.0
13:31:07.0948 2256        Product type: Workstation
13:31:07.0948 2256        ComputerName: WOLFI-PC
13:31:07.0948 2256        UserName: Wolfi
13:31:07.0948 2256        Windows directory: C:\Windows
13:31:07.0948 2256        System windows directory: C:\Windows
13:31:07.0948 2256        Processor architecture: Intel x86
13:31:07.0948 2256        Number of processors: 2
13:31:07.0948 2256        Page size: 0x1000
13:31:07.0948 2256        Boot type: Normal boot
13:31:07.0948 2256        ============================================================
13:31:08.0802 2256        Initialize success
13:33:31.0781 4588        ============================================================
13:33:31.0781 4588        Scan started
13:33:31.0781 4588        Mode: Manual; SigCheck; TDLFS;
13:33:31.0781 4588        ============================================================
13:33:33.0170 4588        acedrv11        (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
13:33:33.0247 4588        acedrv11 - ok
13:33:33.0312 4588        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:33:33.0377 4588        ACPI - ok
13:33:33.0452 4588        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:33:33.0476 4588        adp94xx - ok
13:33:33.0499 4588        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:33:33.0510 4588        adpahci - ok
13:33:33.0534 4588        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:33:33.0549 4588        adpu160m - ok
13:33:33.0585 4588        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:33:33.0595 4588        adpu320 - ok
13:33:33.0657 4588        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:33:33.0711 4588        AFD - ok
13:33:33.0740 4588        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:33:33.0747 4588        agp440 - ok
13:33:33.0775 4588        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:33:33.0784 4588        aic78xx - ok
13:33:33.0809 4588        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:33:33.0815 4588        aliide - ok
13:33:33.0846 4588        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:33:33.0872 4588        amdagp - ok
13:33:33.0905 4588        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:33:33.0913 4588        amdide - ok
13:33:33.0941 4588        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:33:34.0011 4588        AmdK7 - ok
13:33:34.0044 4588        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:33:34.0070 4588        AmdK8 - ok
13:33:34.0144 4588        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:33:34.0151 4588        arc - ok
13:33:34.0192 4588        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:33:34.0199 4588        arcsas - ok
13:33:34.0250 4588        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:34.0293 4588        AsyncMac - ok
13:33:34.0322 4588        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:33:34.0329 4588        atapi - ok
13:33:34.0355 4588        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
13:33:34.0364 4588        atksgt - ok
13:33:34.0462 4588        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:33:34.0467 4588        avgio - ok
13:33:34.0486 4588        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:33:34.0492 4588        avgntflt - ok
13:33:34.0511 4588        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:33:34.0517 4588        avipbb - ok
13:33:34.0605 4588        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:33:34.0670 4588        Beep - ok
13:33:34.0720 4588        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:33:34.0742 4588        blbdrive - ok
13:33:34.0798 4588        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:33:34.0838 4588        bowser - ok
13:33:34.0858 4588        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:33:34.0924 4588        BrFiltLo - ok
13:33:34.0944 4588        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:33:34.0976 4588        BrFiltUp - ok
13:33:35.0012 4588        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:33:35.0129 4588        Brserid - ok
13:33:35.0170 4588        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:33:35.0219 4588        BrSerWdm - ok
13:33:35.0244 4588        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:33:35.0296 4588        BrUsbMdm - ok
13:33:35.0319 4588        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:33:35.0359 4588        BrUsbSer - ok
13:33:35.0384 4588        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:33:35.0431 4588        BTHMODEM - ok
13:33:35.0725 4588        catchme - ok
13:33:35.0802 4588        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:35.0839 4588        cdfs - ok
13:33:35.0885 4588        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:35.0938 4588        cdrom - ok
13:33:36.0276 4588        cFosNT          (fbcfe23f9096eed9f577c11678c62321) C:\Windows\System32\Drivers\cFosNT.sys
13:33:36.0314 4588        cFosNT - ok
13:33:36.0335 4588        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:33:36.0369 4588        circlass - ok
13:33:36.0402 4588        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:33:36.0413 4588        CLFS - ok
13:33:36.0462 4588        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:33:36.0469 4588        cmdide - ok
13:33:36.0493 4588        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:33:36.0499 4588        Compbatt - ok
13:33:36.0554 4588        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:33:36.0582 4588        crcdisk - ok
13:33:36.0612 4588        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:33:36.0650 4588        Crusoe - ok
13:33:36.0715 4588        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:33:36.0753 4588        DfsC - ok
13:33:36.0777 4588        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:33:36.0785 4588        disk - ok
13:33:36.0846 4588        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:33:36.0899 4588        drmkaud - ok
13:33:36.0937 4588        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:36.0958 4588        DXGKrnl - ok
13:33:36.0992 4588        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:33:37.0016 4588        E1G60 - ok
13:33:37.0094 4588        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:33:37.0122 4588        Ecache - ok
13:33:37.0170 4588        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:33:37.0176 4588        ElbyCDIO - ok
13:33:37.0201 4588        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:33:37.0226 4588        elxstor - ok
13:33:37.0249 4588        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:33:37.0276 4588        ErrDev - ok
13:33:37.0311 4588        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:33:37.0346 4588        exfat - ok
13:33:37.0376 4588        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:33:37.0390 4588        fastfat - ok
13:33:37.0422 4588        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:33:37.0445 4588        fdc - ok
13:33:37.0470 4588        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:33:37.0477 4588        FileInfo - ok
13:33:37.0495 4588        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:33:37.0518 4588        Filetrace - ok
13:33:37.0565 4588        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:37.0606 4588        flpydisk - ok
13:33:37.0626 4588        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:33:37.0636 4588        FltMgr - ok
13:33:37.0668 4588        FsUsbExDisk    (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:33:37.0685 4588        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:33:37.0685 4588        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:33:37.0714 4588        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:37.0743 4588        Fs_Rec - ok
13:33:37.0763 4588        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:33:37.0770 4588        gagp30kx - ok
13:33:37.0799 4588        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:37.0804 4588        GEARAspiWDM - ok
13:33:37.0853 4588        giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
13:33:37.0857 4588        giveio ( UnsignedFile.Multi.Generic ) - warning
13:33:37.0857 4588        giveio - detected UnsignedFile.Multi.Generic (1)
13:33:37.0900 4588        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:33:37.0955 4588        HdAudAddService - ok
13:33:37.0997 4588        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:38.0022 4588        HDAudBus - ok
13:33:38.0051 4588        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:33:38.0109 4588        HidBth - ok
13:33:38.0134 4588        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:33:38.0176 4588        HidIr - ok
13:33:38.0213 4588        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:38.0241 4588        HidUsb - ok
13:33:38.0277 4588        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:33:38.0295 4588        HpCISSs - ok
13:33:38.0343 4588        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:33:38.0395 4588        HTTP - ok
13:33:38.0416 4588        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:33:38.0423 4588        i2omp - ok
13:33:38.0435 4588        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:38.0460 4588        i8042prt - ok
13:33:38.0478 4588        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:33:38.0487 4588        iaStorV - ok
13:33:38.0535 4588        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:33:38.0544 4588        iirsp - ok
13:33:38.0870 4588        IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
13:33:39.0034 4588        IntcAzAudAddService - ok
13:33:39.0128 4588        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:33:39.0153 4588        intelide - ok
13:33:39.0183 4588        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:39.0218 4588        intelppm - ok
13:33:39.0254 4588        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:39.0286 4588        IpFilterDriver - ok
13:33:39.0302 4588        IpInIp - ok
13:33:39.0351 4588        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:33:39.0368 4588        IPMIDRV - ok
13:33:39.0397 4588        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:33:39.0414 4588        IPNAT - ok
13:33:39.0438 4588        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:33:39.0472 4588        IRENUM - ok
13:33:39.0506 4588        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:33:39.0537 4588        isapnp - ok
13:33:39.0589 4588        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:39.0599 4588        iScsiPrt - ok
13:33:39.0619 4588        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:33:39.0625 4588        iteatapi - ok
13:33:39.0646 4588        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:33:39.0653 4588        iteraid - ok
13:33:39.0665 4588        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:39.0672 4588        kbdclass - ok
13:33:39.0683 4588        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:39.0711 4588        kbdhid - ok
13:33:39.0751 4588        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:33:39.0770 4588        KSecDD - ok
13:33:39.0806 4588        LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:33:39.0811 4588        LHidFilt - ok
13:33:39.0840 4588        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
13:33:39.0845 4588        lirsgt - ok
13:33:39.0864 4588        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:39.0893 4588        lltdio - ok
13:33:39.0936 4588        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:33:39.0943 4588        LSI_FC - ok
13:33:39.0968 4588        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:33:39.0975 4588        LSI_SAS - ok
13:33:40.0007 4588        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:40.0015 4588        LSI_SCSI - ok
13:33:40.0027 4588        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:33:40.0055 4588        luafv - ok
13:33:40.0084 4588        LUsbFilt        (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:33:40.0090 4588        LUsbFilt - ok
13:33:40.0156 4588        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:33:40.0162 4588        LVPr2Mon - ok
13:33:40.0223 4588        LVRS            (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
13:33:40.0233 4588        LVRS - ok
13:33:40.0653 4588        LVUVC          (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
13:33:40.0790 4588        LVUVC - ok
13:33:40.0890 4588        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:33:40.0897 4588        megasas - ok
13:33:40.0921 4588        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:33:40.0940 4588        MegaSR - ok
13:33:40.0959 4588        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:33:40.0990 4588        Modem - ok
13:33:41.0016 4588        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:33:41.0044 4588        monitor - ok
13:33:41.0061 4588        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:41.0068 4588        mouclass - ok
13:33:41.0085 4588        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:41.0101 4588        mouhid - ok
13:33:41.0112 4588        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:33:41.0119 4588        MountMgr - ok
13:33:41.0136 4588        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:33:41.0144 4588        mpio - ok
13:33:41.0158 4588        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:33:41.0183 4588        mpsdrv - ok
13:33:41.0210 4588        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:33:41.0216 4588        Mraid35x - ok
13:33:41.0273 4588        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:33:41.0383 4588        MRxDAV - ok
13:33:41.0511 4588        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:41.0538 4588        mrxsmb - ok
13:33:41.0574 4588        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:41.0599 4588        mrxsmb10 - ok
13:33:41.0622 4588        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:41.0644 4588        mrxsmb20 - ok
13:33:41.0692 4588        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:33:41.0699 4588        msahci - ok
13:33:41.0722 4588        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:33:41.0730 4588        msdsm - ok
13:33:41.0750 4588        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:33:41.0801 4588        Msfs - ok
13:33:41.0820 4588        MSICDSetup - ok
13:33:41.0849 4588        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:33:41.0880 4588        msisadrv - ok
13:33:41.0917 4588        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:41.0946 4588        MSKSSRV - ok
13:33:41.0972 4588        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:42.0000 4588        MSPCLOCK - ok
13:33:42.0026 4588        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:33:42.0058 4588        MSPQM - ok
13:33:42.0106 4588        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:33:42.0114 4588        MsRPC - ok
13:33:42.0190 4588        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:42.0218 4588        mssmbios - ok
13:33:42.0247 4588        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:33:42.0281 4588        MSTEE - ok
13:33:42.0592 4588        MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
13:33:42.0641 4588        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
13:33:42.0641 4588        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
13:33:42.0670 4588        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:33:42.0678 4588        Mup - ok
13:33:42.0702 4588        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:42.0713 4588        NativeWifiP - ok
13:33:42.0733 4588        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:33:42.0750 4588        NDIS - ok
13:33:42.0758 4588        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:42.0783 4588        NdisTapi - ok
13:33:42.0843 4588        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:42.0859 4588        Ndisuio - ok
13:33:42.0876 4588        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:42.0923 4588        NdisWan - ok
13:33:42.0956 4588        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:33:42.0968 4588        NDProxy - ok
13:33:42.0975 4588        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:33:42.0991 4588        NetBIOS - ok
13:33:43.0013 4588        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:33:43.0051 4588        netbt - ok
13:33:43.0116 4588        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:33:43.0122 4588        nfrd960 - ok
13:33:43.0130 4588        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:33:43.0153 4588        Npfs - ok
13:33:43.0171 4588        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:33:43.0200 4588        nsiproxy - ok
13:33:43.0236 4588        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:33:43.0299 4588        Ntfs - ok
13:33:43.0371 4588        ntiomin        (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys
13:33:43.0385 4588        ntiomin ( UnsignedFile.Multi.Generic ) - warning
13:33:43.0385 4588        ntiomin - detected UnsignedFile.Multi.Generic (1)
13:33:43.0415 4588        ntiopnp        (5850c28057ddea04390b88f8cc482504) C:\Windows\system32\drivers\ntiopnp.sys
13:33:43.0421 4588        ntiopnp - ok
13:33:43.0477 4588        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:33:43.0524 4588        ntrigdigi - ok
13:33:43.0602 4588        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:33:43.0651 4588        Null - ok
13:33:43.0710 4588        NVHDA          (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys
13:33:43.0717 4588        NVHDA - ok
13:33:44.0987 4588        nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:33:45.0292 4588        nvlddmkm - ok
13:33:45.0398 4588        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:33:45.0406 4588        nvraid - ok
13:33:45.0434 4588        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:33:45.0441 4588        nvstor - ok
13:33:45.0511 4588        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:33:45.0518 4588        nv_agp - ok
13:33:45.0532 4588        NwlnkFlt - ok
13:33:45.0543 4588        NwlnkFwd - ok
13:33:45.0571 4588        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:45.0602 4588        ohci1394 - ok
13:33:45.0665 4588        P17            (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
13:33:45.0740 4588        P17 - ok
13:33:45.0813 4588        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:33:45.0830 4588        Parport - ok
13:33:45.0874 4588        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:33:45.0896 4588        partmgr - ok
13:33:45.0917 4588        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:33:45.0947 4588        Parvdm - ok
13:33:46.0015 4588        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:33:46.0025 4588        pci - ok
13:33:46.0042 4588        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:33:46.0049 4588        pciide - ok
13:33:46.0081 4588        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:33:46.0090 4588        pcmcia - ok
13:33:46.0111 4588        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:33:46.0203 4588        PEAUTH - ok
13:33:46.0243 4588        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:46.0271 4588        PptpMiniport - ok
13:33:46.0295 4588        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:33:46.0321 4588        Processor - ok
13:33:46.0342 4588        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:33:46.0365 4588        PSched - ok
13:33:46.0411 4588        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:33:46.0463 4588        ql2300 - ok
13:33:46.0522 4588        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:33:46.0544 4588        ql40xx - ok
13:33:46.0612 4588        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:33:46.0653 4588        QWAVEdrv - ok
13:33:46.0679 4588        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:46.0696 4588        RasAcd - ok
13:33:46.0706 4588        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:46.0740 4588        Rasl2tp - ok
13:33:46.0771 4588        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:46.0798 4588        RasPppoe - ok
13:33:46.0813 4588        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:46.0821 4588        RasSstp - ok
13:33:46.0881 4588        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:46.0897 4588        rdbss - ok
13:33:46.0903 4588        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:46.0933 4588        RDPCDD - ok
13:33:46.0983 4588        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:33:47.0016 4588        rdpdr - ok
13:33:47.0030 4588        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:33:47.0047 4588        RDPENCDD - ok
13:33:47.0076 4588        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:33:47.0108 4588        RDPWD - ok
13:33:47.0127 4588        ROOTMODEM      (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
13:33:47.0143 4588        ROOTMODEM - ok
13:33:47.0161 4588        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:47.0188 4588        rspndr - ok
13:33:47.0235 4588        RTCore32        (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\MSI Afterburner\RTCore32.sys
13:33:47.0252 4588        RTCore32 ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0252 4588        RTCore32 - detected UnsignedFile.Multi.Generic (1)
13:33:47.0297 4588        RTL8169        (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:33:47.0341 4588        RTL8169 - ok
13:33:47.0390 4588        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Systemerkennung\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys
13:33:47.0395 4588        SANDRA - ok
13:33:47.0473 4588        SASDIFSV        (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:33:47.0495 4588        SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0495 4588        SASDIFSV - detected UnsignedFile.Multi.Generic (1)
13:33:47.0522 4588        SASENUM        (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:33:47.0542 4588        SASENUM ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0542 4588        SASENUM - detected UnsignedFile.Multi.Generic (1)
13:33:47.0571 4588        SASKUTIL        (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:33:47.0576 4588        SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
13:33:47.0576 4588        SASKUTIL - detected UnsignedFile.Multi.Generic (1)
13:33:47.0597 4588        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:33:47.0605 4588        sbp2port - ok
13:33:47.0629 4588        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:33:47.0682 4588        secdrv - ok
13:33:47.0717 4588        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:33:47.0741 4588        Serenum - ok
13:33:47.0760 4588        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:33:47.0789 4588        Serial - ok
13:33:47.0819 4588        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:33:47.0835 4588        sermouse - ok
13:33:47.0865 4588        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:33:47.0877 4588        sffdisk - ok
13:33:47.0893 4588        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:47.0910 4588        sffp_mmc - ok
13:33:47.0951 4588        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:33:47.0967 4588        sffp_sd - ok
13:33:47.0987 4588        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:33:48.0036 4588        sfloppy - ok
13:33:48.0066 4588        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:33:48.0073 4588        sisagp - ok
13:33:48.0099 4588        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:33:48.0106 4588        SiSRaid2 - ok
13:33:48.0129 4588        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:33:48.0136 4588        SiSRaid4 - ok
13:33:48.0166 4588        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:33:48.0198 4588        Smb - ok
13:33:48.0234 4588        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
13:33:48.0242 4588        speedfan - ok
13:33:48.0249 4588        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:33:48.0255 4588        spldr - ok
13:33:48.0307 4588        sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys
13:33:48.0331 4588        sptd - ok
13:33:48.0353 4588        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:33:48.0391 4588        srv - ok
13:33:48.0465 4588        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:33:48.0497 4588        srv2 - ok
13:33:48.0520 4588        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:48.0550 4588        srvnet - ok
13:33:48.0583 4588        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:33:48.0595 4588        ssmdrv - ok
13:33:48.0623 4588        ss_bbus        (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
13:33:48.0629 4588        ss_bbus - ok
13:33:48.0642 4588        ss_bmdfl        (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
13:33:48.0647 4588        ss_bmdfl - ok
13:33:48.0665 4588        ss_bmdm        (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
13:33:48.0672 4588        ss_bmdm - ok
13:33:48.0705 4588        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:33:48.0711 4588        swenum - ok
13:33:48.0776 4588        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:33:48.0782 4588        Symc8xx - ok
13:33:48.0804 4588        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:33:48.0811 4588        Sym_hi - ok
13:33:48.0834 4588        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:33:48.0841 4588        Sym_u3 - ok
13:33:48.0982 4588        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:33:49.0041 4588        Tcpip - ok
13:33:49.0078 4588        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:49.0137 4588        Tcpip6 - ok
13:33:49.0191 4588        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:33:49.0228 4588        tcpipreg - ok
13:33:49.0259 4588        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:33:49.0300 4588        TDPIPE - ok
13:33:49.0324 4588        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:33:49.0340 4588        TDTCP - ok
13:33:49.0370 4588        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:33:49.0383 4588        tdx - ok
13:33:49.0412 4588        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:33:49.0430 4588        TermDD - ok
13:33:49.0486 4588        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:49.0514 4588        tssecsrv - ok
13:33:49.0918 4588        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
13:33:49.0923 4588        TuneUpUtilitiesDrv - ok
13:33:49.0955 4588        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:49.0984 4588        tunmp - ok
13:33:50.0013 4588        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:50.0038 4588        tunnel - ok
13:33:50.0067 4588        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:33:50.0074 4588        uagp35 - ok
13:33:50.0102 4588        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:33:50.0117 4588        udfs - ok
13:33:50.0140 4588        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:33:50.0147 4588        uliagpkx - ok
13:33:50.0173 4588        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:33:50.0183 4588        uliahci - ok
13:33:50.0209 4588        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:33:50.0222 4588        UlSata - ok
13:33:50.0243 4588        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:33:50.0250 4588        ulsata2 - ok
13:33:50.0268 4588        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:33:50.0300 4588        umbus - ok
13:33:50.0361 4588        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:33:50.0386 4588        usbaudio - ok
13:33:50.0419 4588        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:50.0444 4588        usbccgp - ok
13:33:50.0468 4588        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:33:50.0512 4588        usbcir - ok
13:33:50.0555 4588        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:50.0580 4588        usbehci - ok
13:33:50.0599 4588        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:50.0613 4588        usbhub - ok
13:33:50.0629 4588        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:33:50.0674 4588        usbohci - ok
13:33:50.0710 4588        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:50.0737 4588        usbprint - ok
13:33:50.0767 4588        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:33:50.0797 4588        usbscan - ok
13:33:50.0825 4588        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:50.0838 4588        USBSTOR - ok
13:33:50.0859 4588        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:50.0879 4588        usbuhci - ok
13:33:50.0905 4588        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:33:50.0932 4588        usbvideo - ok
13:33:50.0964 4588        VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
13:33:50.0998 4588        VClone - ok
13:33:51.0050 4588        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:51.0076 4588        vga - ok
13:33:51.0114 4588        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:33:51.0146 4588        VgaSave - ok
13:33:51.0169 4588        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:33:51.0190 4588        viaagp - ok
13:33:51.0225 4588        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:33:51.0242 4588        ViaC7 - ok
13:33:51.0269 4588        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:33:51.0284 4588        viaide - ok
13:33:51.0307 4588        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:33:51.0314 4588        volmgr - ok
13:33:51.0340 4588        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:33:51.0352 4588        volmgrx - ok
13:33:51.0384 4588        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:33:51.0394 4588        volsnap - ok
13:33:51.0413 4588        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:33:51.0421 4588        vsmraid - ok
13:33:51.0625 4588        VX3000          (3d96ef51524e99680e89929e953a5495) C:\Windows\system32\DRIVERS\VX3000.sys
13:33:51.0696 4588        VX3000 - ok
13:33:51.0725 4588        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:33:51.0770 4588        WacomPen - ok
13:33:51.0791 4588        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0804 4588        Wanarp - ok
13:33:51.0807 4588        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:51.0819 4588        Wanarpv6 - ok
13:33:51.0838 4588        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:33:51.0844 4588        Wd - ok
13:33:51.0868 4588        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:33:51.0891 4588        Wdf01000 - ok
13:33:51.0976 4588        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:33:52.0001 4588        WmiAcpi - ok
13:33:52.0036 4588        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:33:52.0071 4588        WpdUsb - ok
13:33:52.0099 4588        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:52.0129 4588        ws2ifsl - ok
13:33:52.0164 4588        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:52.0195 4588        WUDFRd - ok
13:33:52.0217 4588        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:33:52.0244 4588        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:33:52.0245 4588        \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:33:52.0247 4588        Boot (0x1200)  (522b033f60eae7ee0e2e28a5fe432cc0) \Device\Harddisk0\DR0\Partition0
13:33:52.0247 4588        \Device\Harddisk0\DR0\Partition0 - ok
13:33:52.0248 4588        ============================================================
13:33:52.0248 4588        Scan finished
13:33:52.0248 4588        ============================================================
13:33:52.0254 4748        Detected object count: 9
13:33:52.0254 4748        Actual detected object count: 9
13:34:34.0225 4748        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0225 4748        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0225 4748        giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0225 4748        giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748        ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748        ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748        RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748        RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0226 4748        SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0226 4748        SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0227 4748        SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0227 4748        SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0228 4748        SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:34.0228 4748        SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:34.0228 4748        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:34:34.0228 4748        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus 06.12.2011 13:47
Zitat:
13:34:34.0228 4748 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:34:34.0228 4748 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Bitte mit dem TDSS-Killer löschen. Windows anschließend neu starten und ein neues Log mit dem TDSS-Killer machen


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129