Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   79bjm5me7g.exe (Trojan.VUPX.Gen) --> lässt sich auch nicht mit MB Antimaleware löschen (https://www.trojaner-board.de/109436-79bjm5me7g-exe-trojan-vupx-gen-laesst-mb-antimaleware-loeschen.html)

eDoc 09.02.2012 08:29
79bjm5me7g.exe (Trojan.VUPX.Gen) --> lässt sich auch nicht mit MB Antimaleware löschen
 
Geschätzte Moderatoren

Ich habe bereits in anderen Threads gelesen, dass das Löschen von des Trojaners "79bjm5me7g.exe (Trojan.VUPX.Gen)" schwierig ist. Ich habe mir wie bei anderen empfohlen, von Malewarebytes Antimaleware herunter zu laden, zu scannen und die infizierten Dateien zu löschen. Nach dem zweiten Mal bleibt der oben genannte Trojaner weiterhin drin. Ich poste beide Log-Files. Für Eure Hilfe bin ich sehr dankbar.

Übrigens hatte ich zuvor plötzlich Facemoods im Firefox installiert, obwohl ich nie so etwas laden und installieren würde. Merkwürdig.

Übrigens kann ich erst heute Abend spät oder morgen früh wieder reagieren, da es mein Home-PC ist.

Vielen Dank für die Hilfe!
eDoc

cosinus 09.02.2012 16:40
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


eDoc 11.02.2012 15:19
Hallo Arne

Ich habe deine Anweisungen befolgt und poste hier den Log des ESET Scans:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c75f725d5c9738479cdf2668f2ddaf06
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-11 01:20:06
# local_time=2012-02-11 02:20:06 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 409706 409706 0 0
# compatibility_mode=7937 16777213 100 100 401670 68141318 0 0
# compatibility_mode=8192 67108863 100 0 3830 3830 0 0
# scanned=136692
# found=4
# cleaned=0
# scan_time=9075
C:\Dokumente und Einstellungen\david\Eigene Dateien\Computer\Programme\mIRC-DiscoParadise\SDmirc.ini        IRC/Bomber trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\david\Lokale Einstellungen\Temp\ICReinstall\cnet_ashampoo_firewall_sm_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\david\Lokale Einstellungen\Temp\ICReinstall\cnet_mergemp3_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\WINDOWS\system32\drivers\f3b4eb794e15c167.sys        Win32/Rootkit.Agent.NVS trojan (unable to clean)        00000000000000000000000000000000        I
Kannst du etwas damit anfangen?

Vielen Dank und Gruss

eDoc 11.02.2012 15:24
Noch ein Nachtrag. Komisch finde ich, dass nun das File "79bjm5me7g.exe (Trojan.VUPX.Gen)" Hier nicht mehr auftaucht, obwohl es im Malewarebytes Anti-Maleware Programm erkannt wurde und nicht gelöscht werden konnte?

Gruss
eDoc

cosinus 12.02.2012 14:12
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

eDoc 13.02.2012 08:48
Hier ist das OTL-Log. Infolge der Beschränkung der Code Tags auf 100'000 Zeichen muss ich es als Zip anhängen.

Vielen Dank und Gruss

cosinus 13.02.2012 12:29
Sry aber das war kein CustomScan! :(

eDoc 13.02.2012 14:42
Sorry, hier also der Custom Scan als Zip-File. Ich hoffe, dass ich es diesmal richtig durchgeführt habe.

Vielen Dank und Gruss

cosinus 13.02.2012 15:32
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1085031214-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-1085031214-1647877149-839522115-1004\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://dreamchimney.com/tracks/"
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1085031214-1647877149-839522115-1004\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1085031214-1647877149-839522115-1004..\Run: [Bwehimuhabucu] rundll32.exe  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Subsonic.lnk = C:\Programme\Subsonic\subsonic-agent.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - Winlogon\Notify\marewio: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\rugoima: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.08 02:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 145 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

eDoc 13.02.2012 15:51
Ich habe den fix laufen lassen. Es wurde ein Neustart erzwungen und OTL hat danach folgendes Log file ausgegeben:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-1085031214-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1085031214-1647877149-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
C:\Programme\BittorrentBar_DE\prxtbBitt.dll moved successfully.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://dreamchimney.com/tracks/" removed from browser.startup.homepage
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Programme\BittorrentBar_DE\prxtbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Programme\BittorrentBar_DE\prxtbBitt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1647877149-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
File C:\Programme\BittorrentBar_DE\prxtbBitt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Bwehimuhabucu deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Subsonic.lnk moved successfully.
C:\Programme\Subsonic\subsonic-agent.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\marewio\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rugoima\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd876cbc-2858-11de-9388-002268ee6ad7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd876cbc-2858-11de-9388-002268ee6ad7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd876cbc-2858-11de-9388-002268ee6ad7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd876cbc-2858-11de-9388-002268ee6ad7}\ not found.
File F:\LaunchU3.exe -a not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6410579 bytes
 
User: All Users
 
User: david
->Temp folder emptied: 5353803177 bytes
->Temporary Internet Files folder emptied: 48252731 bytes
->Java cache emptied: 764353 bytes
->FireFox cache emptied: 58937360 bytes
->Google Chrome cache emptied: 109069993 bytes
->Flash cache emptied: 15219141 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4545015 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6698291 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2855957 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14363050 bytes
RecycleBin emptied: 1047522657 bytes
 
Total Files Cleaned = 6.360,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02132012_154022

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Avira Antivirus lässt sich momentan noch nicht aktivieren.

Gruss
David

cosinus 13.02.2012 16:16
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

eDoc 13.02.2012 17:15
Hier der Log vom Kapersky

Code:
17:11:34.0546 1368        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
17:11:34.0671 1368        ============================================================
17:11:34.0671 1368        Current date / time: 2012/02/13 17:11:34.0671
17:11:34.0671 1368        SystemInfo:
17:11:34.0671 1368       
17:11:34.0671 1368        OS Version: 5.1.2600 ServicePack: 3.0
17:11:34.0671 1368        Product type: Workstation
17:11:34.0671 1368        ComputerName: PAMELA
17:11:34.0671 1368        UserName: david
17:11:34.0671 1368        Windows directory: C:\WINDOWS
17:11:34.0671 1368        System windows directory: C:\WINDOWS
17:11:34.0671 1368        Processor architecture: Intel x86
17:11:34.0671 1368        Number of processors: 2
17:11:34.0671 1368        Page size: 0x1000
17:11:34.0671 1368        Boot type: Normal boot
17:11:34.0671 1368        ============================================================
17:11:40.0187 1368        !crdlk
17:11:40.0187 1368        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
17:11:40.0187 1368        \Device\Harddisk0\DR0:
17:11:40.0187 1368        Invalid mbr signature
17:11:40.0187 1368        Initialize success
17:11:40.0187 1368        ============================================================
17:12:42.0750 2612        ============================================================
17:12:42.0750 2612        Scan started
17:12:42.0750 2612        Mode: Manual; SigCheck; TDLFS;
17:12:42.0750 2612        ============================================================
17:12:43.0812 2612        Suspicious service (NoAccess): 8528e06cdf89b6d5
17:12:43.0828 2612        8528e06cdf89b6d5 ( LockedService.Multi.Generic ) - warning
17:12:43.0828 2612        8528e06cdf89b6d5 - detected LockedService.Multi.Generic (1)
17:12:43.0843 2612        Abiosdsk - ok
17:12:43.0859 2612        abp480n5 - ok
17:12:43.0875 2612        ACPI - ok
17:12:43.0890 2612        ACPIEC - ok
17:12:43.0906 2612        adpu160m - ok
17:12:43.0921 2612        aec - ok
17:12:43.0937 2612        AFD - ok
17:12:43.0953 2612        Aha154x - ok
17:12:43.0968 2612        aic78u2 - ok
17:12:43.0984 2612        aic78xx - ok
17:12:44.0015 2612        AliIde - ok
17:12:44.0031 2612        amsint - ok
17:12:44.0093 2612        asc - ok
17:12:44.0109 2612        asc3350p - ok
17:12:44.0125 2612        asc3550 - ok
17:12:44.0156 2612        ASFWHide - ok
17:12:44.0203 2612        AsyncMac - ok
17:12:44.0218 2612        atapi - ok
17:12:44.0234 2612        Atdisk - ok
17:12:44.0250 2612        Atmarpc - ok
17:12:44.0281 2612        audstub - ok
17:12:44.0281 2612        avgntflt - ok
17:12:44.0296 2612        avipbb - ok
17:12:44.0312 2612        avkmgr - ok
17:12:44.0343 2612        b57w2k - ok
17:12:44.0359 2612        Beep - ok
17:12:44.0406 2612        BthEnum - ok
17:12:44.0437 2612        BTHMODEM - ok
17:12:44.0453 2612        BthPan - ok
17:12:44.0468 2612        BTHPORT - ok
17:12:44.0500 2612        BTHUSB - ok
17:12:44.0531 2612        cbidf2k - ok
17:12:44.0546 2612        cd20xrnt - ok
17:12:44.0562 2612        Cdaudio - ok
17:12:44.0578 2612        Cdfs - ok
17:12:44.0609 2612        Cdrom - ok
17:12:44.0625 2612        Changer - ok
17:12:44.0703 2612        CmBatt - ok
17:12:44.0718 2612        CmdIde - ok
17:12:44.0734 2612        Compbatt - ok
17:12:44.0765 2612        Cpqarray - ok
17:12:44.0828 2612        CSRBC - ok
17:12:44.0843 2612        CVirtA - ok
17:12:44.0875 2612        CVPNDRVA - ok
17:12:44.0875 2612        dac2w2k - ok
17:12:44.0890 2612        dac960nt - ok
17:12:44.0937 2612        Disk - ok
17:12:44.0968 2612        dmboot - ok
17:12:44.0984 2612        dmio - ok
17:12:45.0000 2612        dmload - ok
17:12:45.0031 2612        DMusic - ok
17:12:45.0031 2612        DNE - ok
17:12:45.0093 2612        dpti2o - ok
17:12:45.0093 2612        drmkaud - ok
17:12:45.0125 2612        ElbyCDIO - ok
17:12:45.0203 2612        Fastfat - ok
17:12:45.0234 2612        Fdc - ok
17:12:45.0250 2612        Fips - ok
17:12:45.0265 2612        Flpydisk - ok
17:12:45.0281 2612        FltMgr - ok
17:12:45.0312 2612        Fs_Rec - ok
17:12:45.0328 2612        Ftdisk - ok
17:12:45.0359 2612        Gpc - ok
17:12:45.0375 2612        HdAudAddService - ok
17:12:45.0390 2612        HDAudBus - ok
17:12:45.0437 2612        HidUsb - ok
17:12:45.0484 2612        hpn - ok
17:12:45.0500 2612        HSFHWAZL - ok
17:12:45.0515 2612        HSF_DPV - ok
17:12:45.0531 2612        HTTP - ok
17:12:45.0562 2612        i2omgmt - ok
17:12:45.0578 2612        i2omp - ok
17:12:45.0609 2612        i8042prt - ok
17:12:45.0625 2612        ialm - ok
17:12:45.0640 2612        IBMPMDRV - ok
17:12:45.0703 2612        Imapi - ok
17:12:45.0750 2612        ini910u - ok
17:12:45.0781 2612        IntelIde - ok
17:12:45.0796 2612        intelppm - ok
17:12:45.0828 2612        Ip6Fw - ok
17:12:45.0843 2612        IpFilterDriver - ok
17:12:45.0859 2612        IpInIp - ok
17:12:45.0890 2612        IpNat - ok
17:12:45.0906 2612        IPSec - ok
17:12:45.0921 2612        IRENUM - ok
17:12:45.0953 2612        isapnp - ok
17:12:45.0984 2612        Kbdclass - ok
17:12:46.0015 2612        kbdhid - ok
17:12:46.0031 2612        kmixer - ok
17:12:46.0046 2612        KSecDD - ok
17:12:46.0093 2612        lbrtfdc - ok
17:12:46.0156 2612        MADFULEGACYKEYBOARD - ok
17:12:46.0171 2612        MAUSBLEGACYKEYBOARD - ok
17:12:46.0187 2612        MAUSBMIDI - ok
17:12:46.0203 2612        MBAMProtector - ok
17:12:46.0250 2612        mdmxsdk - ok
17:12:46.0296 2612        mnmdd - ok
17:12:46.0328 2612        Modem - ok
17:12:46.0359 2612        Mouclass - ok
17:12:46.0375 2612        mouhid - ok
17:12:46.0390 2612        MountMgr - ok
17:12:46.0421 2612        mraid35x - ok
17:12:46.0437 2612        MRxDAV - ok
17:12:46.0453 2612        MRxSmb - ok
17:12:46.0500 2612        Msfs - ok
17:12:46.0546 2612        MSKSSRV - ok
17:12:46.0562 2612        MSPCLOCK - ok
17:12:46.0578 2612        MSPQM - ok
17:12:46.0593 2612        mssmbios - ok
17:12:46.0625 2612        Mup - ok
17:12:46.0671 2612        NCHSSVAD - ok
17:12:46.0703 2612        NDIS - ok
17:12:46.0718 2612        NdisTapi - ok
17:12:46.0734 2612        Ndisuio - ok
17:12:46.0750 2612        NdisWan - ok
17:12:46.0781 2612        NDProxy - ok
17:12:46.0796 2612        NetBIOS - ok
17:12:46.0812 2612        NetBT - ok
17:12:46.0937 2612        NETw5x32 - ok
17:12:47.0000 2612        Npfs - ok
17:12:47.0015 2612        Ntfs - ok
17:12:47.0062 2612        Null - ok
17:12:47.0078 2612        NwlnkFlt - ok
17:12:47.0109 2612        NwlnkFwd - ok
17:12:47.0171 2612        Parport - ok
17:12:47.0203 2612        PartMgr - ok
17:12:47.0218 2612        ParVdm - ok
17:12:47.0250 2612        PCI - ok
17:12:47.0265 2612        PCIDump - ok
17:12:47.0281 2612        PCIIde - ok
17:12:47.0312 2612        Pcmcia - ok
17:12:47.0328 2612        PDCOMP - ok
17:12:47.0343 2612        PDFRAME - ok
17:12:47.0359 2612        PDRELI - ok
17:12:47.0390 2612        PDRFRAME - ok
17:12:47.0406 2612        perc2 - ok
17:12:47.0421 2612        perc2hib - ok
17:12:47.0515 2612        PptpMiniport - ok
17:12:47.0562 2612        PSched - ok
17:12:47.0578 2612        PSI - ok
17:12:47.0593 2612        Ptilink - ok
17:12:47.0609 2612        PxHelp20 - ok
17:12:47.0640 2612        ql1080 - ok
17:12:47.0656 2612        Ql10wnt - ok
17:12:47.0671 2612        ql12160 - ok
17:12:47.0703 2612        ql1240 - ok
17:12:47.0718 2612        ql1280 - ok
17:12:47.0734 2612        RasAcd - ok
17:12:47.0781 2612        Rasl2tp - ok
17:12:47.0812 2612        RasPppoe - ok
17:12:47.0828 2612        Raspti - ok
17:12:47.0843 2612        Rdbss - ok
17:12:47.0875 2612        RDPCDD - ok
17:12:47.0906 2612        rdpdr - ok
17:12:47.0921 2612        RDPWD - ok
17:12:47.0968 2612        redbook - ok
17:12:47.0984 2612        RegKill - ok
17:12:48.0046 2612        RFCOMM - ok
17:12:48.0187 2612        Secdrv - ok
17:12:48.0296 2612        Serial - ok
17:12:48.0375 2612        Sfloppy - ok
17:12:48.0437 2612        Simbad - ok
17:12:48.0453 2612        SL3Usb - ok
17:12:48.0468 2612        SL3UsbNoSSL - ok
17:12:48.0515 2612        Sparrow - ok
17:12:48.0531 2612        splitter - ok
17:12:48.0578 2612        sp_rsdrv2 - ok
17:12:48.0609 2612        sr - ok
17:12:48.0656 2612        Srv - ok
17:12:48.0687 2612        ssmdrv - ok
17:12:48.0703 2612        StarOpen - ok
17:12:48.0765 2612        swenum - ok
17:12:48.0781 2612        swmidi - ok
17:12:48.0828 2612        symc810 - ok
17:12:48.0859 2612        symc8xx - ok
17:12:48.0875 2612        sym_hi - ok
17:12:48.0890 2612        sym_u3 - ok
17:12:48.0921 2612        sysaudio - ok
17:12:48.0984 2612        Tcpip - ok
17:12:49.0015 2612        TDPIPE - ok
17:12:49.0031 2612        TDTCP - ok
17:12:49.0046 2612        TermDD - ok
17:12:49.0140 2612        TosIde - ok
17:12:49.0156 2612        TotRec7 - ok
17:12:49.0203 2612        TwoTrack - ok
17:12:49.0234 2612        Udfs - ok
17:12:49.0250 2612        UKS11LDR - ok
17:12:49.0265 2612        ultra - ok
17:12:49.0296 2612        Update - ok
17:12:49.0359 2612        usbaudio - ok
17:12:49.0390 2612        usbccgp - ok
17:12:49.0406 2612        usbehci - ok
17:12:49.0421 2612        usbhub - ok
17:12:49.0453 2612        USBKS1X1 - ok
17:12:49.0484 2612        usbohci - ok
17:12:49.0500 2612        usbprint - ok
17:12:49.0531 2612        usbscan - ok
17:12:49.0546 2612        USBSTOR - ok
17:12:49.0843 2612        usbuhci - ok
17:12:49.0859 2612        VgaSave - ok
17:12:49.0890 2612        ViaIde - ok
17:12:49.0906 2612        VolSnap - ok
17:12:49.0921 2612        vsdatant - ok
17:12:50.0000 2612        Wanarp - ok
17:12:50.0031 2612        WDICA - ok
17:12:50.0046 2612        wdmaud - ok
17:12:50.0078 2612        winachsf - ok
17:12:50.0265 2612        WS2IFSL - ok
17:12:50.0328 2612        WudfPf - ok
17:12:50.0343 2612        WudfRd - ok
17:12:50.0437 2612        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:12:50.0687 2612        \Device\Harddisk0\DR0 - ok
17:12:50.0687 2612        ============================================================
17:12:50.0687 2612        Scan finished
17:12:50.0687 2612        ============================================================
17:12:50.0703 4084        Detected object count: 1
17:12:50.0703 4084        Actual detected object count: 1
17:13:03.0500 4084        8528e06cdf89b6d5 ( LockedService.Multi.Generic ) - skipped by user
17:13:03.0500 4084        8528e06cdf89b6d5 ( LockedService.Multi.Generic ) - User select action: Skip

cosinus 13.02.2012 22:44
Zitat:
8528e06cdf89b6d5 ( LockedService.Multi.Generic ) - skipped by user
Das bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

eDoc 14.02.2012 08:16
Das habe ich nun gemacht. Nach dem Neustart lief der Antivir wieder, hat aber im Kapersky-Tool folgenden Virus erkannt "TR/Crypt.ULPM.Gen". Jedenfalls habe ich das Kapersky-Tool erneut laufen lassen, was zu folgendem Resultat geführt hat (14 Funde):

Code:
07:47:56.0734 3268        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
07:47:56.0921 3268        ============================================================
07:47:56.0921 3268        Current date / time: 2012/02/14 07:47:56.0921
07:47:56.0921 3268        SystemInfo:
07:47:56.0921 3268       
07:47:56.0921 3268        OS Version: 5.1.2600 ServicePack: 3.0
07:47:56.0921 3268        Product type: Workstation
07:47:56.0921 3268        ComputerName: PAMELA
07:47:56.0921 3268        UserName: david
07:47:56.0921 3268        Windows directory: C:\WINDOWS
07:47:56.0921 3268        System windows directory: C:\WINDOWS
07:47:56.0921 3268        Processor architecture: Intel x86
07:47:56.0921 3268        Number of processors: 2
07:47:56.0921 3268        Page size: 0x1000
07:47:56.0921 3268        Boot type: Normal boot
07:47:56.0921 3268        ============================================================
07:47:58.0609 3268        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
07:47:58.0625 3268        \Device\Harddisk0\DR0:
07:47:58.0625 3268        MBR used
07:47:58.0625 3268        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A186D1
07:47:58.0640 3268        Initialize success
07:47:58.0640 3268        ============================================================
07:48:07.0218 0184        ============================================================
07:48:07.0218 0184        Scan started
07:48:07.0218 0184        Mode: Manual; SigCheck; TDLFS;
07:48:07.0218 0184        ============================================================
07:48:08.0000 0184        Abiosdsk - ok
07:48:08.0031 0184        abp480n5 - ok
07:48:08.0078 0184        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:48:09.0093 0184        ACPI - ok
07:48:09.0187 0184        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:48:09.0281 0184        ACPIEC - ok
07:48:09.0281 0184        adpu160m - ok
07:48:09.0343 0184        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:48:09.0421 0184        aec - ok
07:48:09.0468 0184        AFD            (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
07:48:09.0531 0184        AFD - ok
07:48:09.0546 0184        Aha154x - ok
07:48:09.0593 0184        aic78u2 - ok
07:48:09.0593 0184        aic78xx - ok
07:48:09.0609 0184        AliIde - ok
07:48:09.0609 0184        amsint - ok
07:48:09.0625 0184        asc - ok
07:48:09.0640 0184        asc3350p - ok
07:48:09.0640 0184        asc3550 - ok
07:48:09.0765 0184        ASFWHide - ok
07:48:09.0796 0184        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:48:09.0890 0184        AsyncMac - ok
07:48:09.0906 0184        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:48:10.0015 0184        atapi - ok
07:48:10.0015 0184        Atdisk - ok
07:48:10.0046 0184        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:48:10.0156 0184        Atmarpc - ok
07:48:10.0187 0184        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:48:10.0265 0184        audstub - ok
07:48:10.0312 0184        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
07:48:10.0328 0184        avgntflt - ok
07:48:10.0375 0184        avipbb          (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
07:48:10.0375 0184        avipbb - ok
07:48:10.0406 0184        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
07:48:10.0406 0184        avkmgr - ok
07:48:10.0453 0184        b57w2k          (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
07:48:10.0500 0184        b57w2k - ok
07:48:10.0515 0184        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:48:10.0625 0184        Beep - ok
07:48:10.0671 0184        BthEnum        (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
07:48:10.0781 0184        BthEnum - ok
07:48:10.0812 0184        BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
07:48:10.0890 0184        BTHMODEM - ok
07:48:10.0906 0184        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
07:48:10.0984 0184        BthPan - ok
07:48:11.0015 0184        BTHPORT        (27d6108cfeba7ef5aa976fc66ec77bbd) C:\WINDOWS\system32\Drivers\BTHport.sys
07:48:11.0093 0184        BTHPORT - ok
07:48:11.0140 0184        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
07:48:11.0218 0184        BTHUSB - ok
07:48:11.0250 0184        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:48:11.0312 0184        cbidf2k - ok
07:48:11.0328 0184        cd20xrnt - ok
07:48:11.0343 0184        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:48:11.0421 0184        Cdaudio - ok
07:48:11.0468 0184        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:48:11.0562 0184        Cdfs - ok
07:48:11.0593 0184        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:48:11.0671 0184        Cdrom - ok
07:48:11.0671 0184        Changer - ok
07:48:11.0734 0184        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:48:11.0828 0184        CmBatt - ok
07:48:11.0828 0184        CmdIde - ok
07:48:11.0843 0184        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:48:11.0906 0184        Compbatt - ok
07:48:11.0921 0184        Cpqarray - ok
07:48:11.0953 0184        CSRBC          (81d67e29a9bb6c399b2517fc0763a17b) C:\WINDOWS\system32\Drivers\csrbcxp.sys
07:48:11.0984 0184        CSRBC ( UnsignedFile.Multi.Generic ) - warning
07:48:11.0984 0184        CSRBC - detected UnsignedFile.Multi.Generic (1)
07:48:12.0015 0184        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:48:12.0046 0184        CVirtA - ok
07:48:12.0093 0184        CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:48:12.0109 0184        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
07:48:12.0109 0184        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
07:48:12.0125 0184        dac2w2k - ok
07:48:12.0125 0184        dac960nt - ok
07:48:12.0171 0184        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:48:12.0265 0184        Disk - ok
07:48:12.0359 0184        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
07:48:12.0500 0184        dmboot - ok
07:48:12.0546 0184        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
07:48:12.0640 0184        dmio - ok
07:48:12.0671 0184        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:48:12.0968 0184        dmload - ok
07:48:13.0015 0184        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:48:13.0156 0184        DMusic - ok
07:48:13.0203 0184        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:48:13.0203 0184        DNE - ok
07:48:13.0234 0184        dpti2o - ok
07:48:13.0265 0184        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:48:13.0453 0184        drmkaud - ok
07:48:13.0484 0184        ElbyCDIO        (389823db299b350f2ee830d47376eeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:48:13.0500 0184        ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
07:48:13.0500 0184        ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
07:48:13.0546 0184        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:48:13.0625 0184        Fastfat - ok
07:48:13.0640 0184        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:48:13.0718 0184        Fdc - ok
07:48:13.0734 0184        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
07:48:13.0828 0184        Fips - ok
07:48:13.0828 0184        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:48:13.0906 0184        Flpydisk - ok
07:48:13.0953 0184        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:48:14.0062 0184        FltMgr - ok
07:48:14.0109 0184        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:48:14.0203 0184        Fs_Rec - ok
07:48:14.0218 0184        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:48:14.0328 0184        Ftdisk - ok
07:48:14.0390 0184        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:48:14.0484 0184        Gpc - ok
07:48:14.0546 0184        HdAudAddService (8dc8b34992131eb4b4c71b1a47fdd21c) C:\WINDOWS\system32\drivers\CHDAudN.sys
07:48:14.0656 0184        HdAudAddService - ok
07:48:14.0703 0184        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:48:14.0796 0184        HDAudBus - ok
07:48:14.0828 0184        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:48:14.0921 0184        HidUsb - ok
07:48:14.0937 0184        hpn - ok
07:48:14.0968 0184        HSFHWAZL        (26d99cb5d30f79e4459d855af690decd) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:48:15.0000 0184        HSFHWAZL - ok
07:48:15.0062 0184        HSF_DPV        (491b8f394e56ff31d6740f7a34540716) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:48:15.0156 0184        HSF_DPV - ok
07:48:15.0203 0184        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
07:48:15.0343 0184        HTTP - ok
07:48:15.0359 0184        i2omgmt - ok
07:48:15.0375 0184        i2omp - ok
07:48:15.0406 0184        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:48:15.0531 0184        i8042prt - ok
07:48:15.0765 0184        ialm            (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:48:16.0234 0184        ialm - ok
07:48:16.0296 0184        IBMPMDRV        (15dddb0cf28ba9877927b4b7125173b0) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
07:48:16.0312 0184        IBMPMDRV - ok
07:48:16.0359 0184        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:48:16.0515 0184        Imapi - ok
07:48:16.0531 0184        ini910u - ok
07:48:16.0531 0184        IntelIde - ok
07:48:16.0578 0184        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:48:16.0656 0184        intelppm - ok
07:48:16.0687 0184        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:48:16.0812 0184        Ip6Fw - ok
07:48:16.0859 0184        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:48:16.0953 0184        IpFilterDriver - ok
07:48:16.0984 0184        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:48:17.0078 0184        IpInIp - ok
07:48:17.0125 0184        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:48:17.0218 0184        IpNat - ok
07:48:17.0234 0184        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:48:17.0328 0184        IPSec - ok
07:48:17.0359 0184        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:48:17.0453 0184        IRENUM - ok
07:48:17.0468 0184        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:48:17.0546 0184        isapnp - ok
07:48:17.0562 0184        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:48:17.0640 0184        Kbdclass - ok
07:48:17.0718 0184        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:48:17.0796 0184        kbdhid - ok
07:48:17.0812 0184        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:48:17.0890 0184        kmixer - ok
07:48:17.0921 0184        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
07:48:18.0250 0184        KSecDD - ok
07:48:18.0265 0184        lbrtfdc - ok
07:48:18.0281 0184        MADFULEGACYKEYBOARD - ok
07:48:18.0281 0184        MAUSBLEGACYKEYBOARD - ok
07:48:18.0328 0184        MAUSBMIDI      (69bc2b743d723d1923fce50eb68003cb) C:\WINDOWS\system32\DRIVERS\MAudioUSBMIDI.sys
07:48:18.0343 0184        MAUSBMIDI - ok
07:48:18.0359 0184        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
07:48:18.0375 0184        MBAMProtector - ok
07:48:18.0421 0184        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:48:18.0437 0184        mdmxsdk - ok
07:48:18.0484 0184        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:48:18.0609 0184        mnmdd - ok
07:48:18.0640 0184        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
07:48:18.0812 0184        Modem - ok
07:48:18.0921 0184        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:48:19.0093 0184        Mouclass - ok
07:48:19.0140 0184        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:48:19.0218 0184        mouhid - ok
07:48:19.0250 0184        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:48:19.0328 0184        MountMgr - ok
07:48:19.0328 0184        mraid35x - ok
07:48:19.0343 0184        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:48:19.0421 0184        MRxDAV - ok
07:48:19.0468 0184        MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:48:19.0546 0184        MRxSmb - ok
07:48:19.0640 0184        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:48:19.0718 0184        Msfs - ok
07:48:19.0750 0184        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:48:19.0828 0184        MSKSSRV - ok
07:48:19.0843 0184        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:48:19.0906 0184        MSPCLOCK - ok
07:48:19.0937 0184        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:48:20.0031 0184        MSPQM - ok
07:48:20.0078 0184        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:48:20.0140 0184        mssmbios - ok
07:48:20.0156 0184        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:48:20.0234 0184        Mup - ok
07:48:20.0265 0184        NCHSSVAD        (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys
07:48:20.0281 0184        NCHSSVAD - ok
07:48:20.0296 0184        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:48:20.0359 0184        NDIS - ok
07:48:20.0375 0184        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:48:20.0453 0184        NdisTapi - ok
07:48:20.0500 0184        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:48:20.0578 0184        Ndisuio - ok
07:48:20.0609 0184        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:48:20.0687 0184        NdisWan - ok
07:48:20.0718 0184        NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:48:20.0796 0184        NDProxy - ok
07:48:20.0828 0184        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:48:20.0890 0184        NetBIOS - ok
07:48:20.0937 0184        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:48:21.0046 0184        NetBT - ok
07:48:21.0234 0184        NETw5x32        (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
07:48:21.0531 0184        NETw5x32 - ok
07:48:21.0546 0184        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:48:21.0718 0184        Npfs - ok
07:48:21.0781 0184        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:48:22.0015 0184        Ntfs - ok
07:48:22.0093 0184        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:48:22.0171 0184        Null - ok
07:48:22.0203 0184        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:48:22.0281 0184        NwlnkFlt - ok
07:48:22.0312 0184        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:48:22.0375 0184        NwlnkFwd - ok
07:48:22.0421 0184        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
07:48:22.0500 0184        Parport - ok
07:48:22.0531 0184        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:48:22.0640 0184        PartMgr - ok
07:48:22.0671 0184        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
07:48:22.0781 0184        ParVdm - ok
07:48:22.0796 0184        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
07:48:22.0906 0184        PCI - ok
07:48:22.0906 0184        PCIDump - ok
07:48:22.0953 0184        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:48:23.0046 0184        PCIIde - ok
07:48:23.0062 0184        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:48:23.0156 0184        Pcmcia - ok
07:48:23.0171 0184        PDCOMP - ok
07:48:23.0187 0184        PDFRAME - ok
07:48:23.0187 0184        PDRELI - ok
07:48:23.0203 0184        PDRFRAME - ok
07:48:23.0203 0184        perc2 - ok
07:48:23.0218 0184        perc2hib - ok
07:48:23.0343 0184        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:48:23.0546 0184        PptpMiniport - ok
07:48:23.0593 0184        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:48:23.0703 0184        PSched - ok
07:48:23.0750 0184        PSI            (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
07:48:23.0750 0184        PSI - ok
07:48:23.0812 0184        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:48:23.0937 0184        Ptilink - ok
07:48:23.0968 0184        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:48:23.0984 0184        PxHelp20 - ok
07:48:24.0000 0184        ql1080 - ok
07:48:24.0000 0184        Ql10wnt - ok
07:48:24.0015 0184        ql12160 - ok
07:48:24.0015 0184        ql1240 - ok
07:48:24.0031 0184        ql1280 - ok
07:48:24.0062 0184        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:48:24.0187 0184        RasAcd - ok
07:48:24.0203 0184        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:48:24.0281 0184        Rasl2tp - ok
07:48:24.0296 0184        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:48:24.0375 0184        RasPppoe - ok
07:48:24.0421 0184        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:48:24.0515 0184        Raspti - ok
07:48:24.0531 0184        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:48:24.0609 0184        Rdbss - ok
07:48:24.0640 0184        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:48:24.0718 0184        RDPCDD - ok
07:48:24.0750 0184        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:48:24.0828 0184        rdpdr - ok
07:48:24.0875 0184        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:48:24.0953 0184        RDPWD - ok
07:48:24.0984 0184        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:48:25.0046 0184        redbook - ok
07:48:25.0078 0184        RegKill        (27ce3d4c589e5fae38ea0bd0fdfa3fd6) C:\WINDOWS\system32\Drivers\RegKill.sys
07:48:25.0093 0184        RegKill ( UnsignedFile.Multi.Generic ) - warning
07:48:25.0093 0184        RegKill - detected UnsignedFile.Multi.Generic (1)
07:48:25.0156 0184        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
07:48:25.0234 0184        RFCOMM - ok
07:48:25.0296 0184        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:48:25.0406 0184        Secdrv - ok
07:48:25.0453 0184        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
07:48:25.0640 0184        Serial - ok
07:48:25.0718 0184        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:48:25.0796 0184        Sfloppy - ok
07:48:25.0796 0184        Simbad - ok
07:48:25.0828 0184        SL3Usb          (2dce5bd98bab113f0db819789fd18f59) C:\WINDOWS\system32\Drivers\Sl3.sys
07:48:25.0843 0184        SL3Usb ( UnsignedFile.Multi.Generic ) - warning
07:48:25.0843 0184        SL3Usb - detected UnsignedFile.Multi.Generic (1)
07:48:25.0906 0184        SL3UsbNoSSL    (ba89a1b590671b71a8634b5224ec0e88) C:\WINDOWS\system32\Drivers\SL3UsbNoSSL.sys
07:48:25.0906 0184        SL3UsbNoSSL ( UnsignedFile.Multi.Generic ) - warning
07:48:25.0906 0184        SL3UsbNoSSL - detected UnsignedFile.Multi.Generic (1)
07:48:25.0921 0184        Sparrow - ok
07:48:25.0921 0184        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:48:26.0000 0184        splitter - ok
07:48:26.0046 0184        sp_rsdrv2      (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
07:48:26.0062 0184        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
07:48:26.0062 0184        sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
07:48:26.0093 0184        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
07:48:26.0156 0184        sr - ok
07:48:26.0203 0184        Srv            (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
07:48:26.0312 0184        Srv - ok
07:48:26.0359 0184        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
07:48:26.0375 0184        ssmdrv - ok
07:48:26.0406 0184        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
07:48:26.0437 0184        StarOpen ( UnsignedFile.Multi.Generic ) - warning
07:48:26.0437 0184        StarOpen - detected UnsignedFile.Multi.Generic (1)
07:48:26.0453 0184        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:48:26.0562 0184        swenum - ok
07:48:26.0609 0184        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:48:26.0718 0184        swmidi - ok
07:48:26.0734 0184        symc810 - ok
07:48:26.0734 0184        symc8xx - ok
07:48:26.0750 0184        sym_hi - ok
07:48:26.0765 0184        sym_u3 - ok
07:48:26.0812 0184        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:48:26.0937 0184        sysaudio - ok
07:48:26.0984 0184        Tcpip          (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:48:27.0125 0184        Tcpip - ok
07:48:27.0171 0184        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:48:27.0250 0184        TDPIPE - ok
07:48:27.0265 0184        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:48:27.0359 0184        TDTCP - ok
07:48:27.0375 0184        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:48:27.0453 0184        TermDD - ok
07:48:27.0468 0184        TosIde - ok
07:48:27.0515 0184        TotRec7        (e9c2642ec635b01f19f343df5eb488d3) C:\WINDOWS\system32\drivers\TotRec7.sys
07:48:27.0515 0184        TotRec7 - ok
07:48:27.0562 0184        TwoTrack        (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
07:48:27.0656 0184        TwoTrack - ok
07:48:27.0734 0184        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:48:27.0796 0184        Udfs - ok
07:48:27.0843 0184        UKS11LDR        (c4b89bdc1faf0d889248fc01c4bf8610) C:\WINDOWS\system32\drivers\uks11ldr.sys
07:48:27.0859 0184        UKS11LDR ( UnsignedFile.Multi.Generic ) - warning
07:48:27.0859 0184        UKS11LDR - detected UnsignedFile.Multi.Generic (1)
07:48:27.0859 0184        ultra - ok
07:48:27.0921 0184        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:48:28.0000 0184        Update - ok
07:48:28.0046 0184        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:48:28.0218 0184        usbaudio - ok
07:48:28.0265 0184        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:48:28.0343 0184        usbccgp - ok
07:48:28.0359 0184        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:48:28.0437 0184        usbehci - ok
07:48:28.0484 0184        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:48:28.0890 0184        usbhub - ok
07:48:28.0953 0184        USBKS1X1        (77cd3e7fe622aa9f00d48d271c029491) C:\WINDOWS\system32\drivers\usbks1x1.sys
07:48:28.0953 0184        USBKS1X1 ( UnsignedFile.Multi.Generic ) - warning
07:48:28.0953 0184        USBKS1X1 - detected UnsignedFile.Multi.Generic (1)
07:48:28.0968 0184        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:48:29.0093 0184        usbohci - ok
07:48:29.0171 0184        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:48:29.0281 0184        usbprint - ok
07:48:29.0312 0184        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:48:29.0390 0184        usbscan - ok
07:48:29.0406 0184        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:48:29.0484 0184        USBSTOR - ok
07:48:29.0515 0184        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:48:29.0578 0184        usbuhci - ok
07:48:29.0609 0184        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:48:29.0687 0184        VgaSave - ok
07:48:29.0687 0184        ViaIde - ok
07:48:29.0703 0184        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
07:48:29.0781 0184        VolSnap - ok
07:48:29.0828 0184        vsdatant        (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
07:48:30.0000 0184        vsdatant - ok
07:48:30.0062 0184        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:48:30.0171 0184        Wanarp - ok
07:48:30.0187 0184        WDICA - ok
07:48:30.0203 0184        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:48:30.0296 0184        wdmaud - ok
07:48:30.0359 0184        winachsf        (458b2e703b210683194158d639770588) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:48:30.0437 0184        winachsf - ok
07:48:30.0515 0184        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:48:30.0625 0184        WS2IFSL - ok
07:48:30.0656 0184        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:48:30.0671 0184        WudfPf ( UnsignedFile.Multi.Generic ) - warning
07:48:30.0671 0184        WudfPf - detected UnsignedFile.Multi.Generic (1)
07:48:30.0718 0184        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:48:30.0734 0184        WudfRd ( UnsignedFile.Multi.Generic ) - warning
07:48:30.0734 0184        WudfRd - detected UnsignedFile.Multi.Generic (1)
07:48:30.0750 0184        MBR (0x1B8)    (9a45658c72a6c070eac2d0ae7772d865) \Device\Harddisk0\DR0
07:48:30.0765 0184        \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
07:48:30.0765 0184        \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
07:48:30.0765 0184        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:48:30.0765 0184        \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:48:30.0781 0184        Boot (0x1200)  (a422829adf26d09c180b76d2951b69f8) \Device\Harddisk0\DR0\Partition0
07:48:30.0781 0184        \Device\Harddisk0\DR0\Partition0 - ok
07:48:30.0781 0184        ============================================================
07:48:30.0781 0184        Scan finished
07:48:30.0781 0184        ============================================================
07:48:30.0890 3840        Detected object count: 14
07:48:30.0890 3840        Actual detected object count: 14
07:48:51.0093 3840        CSRBC ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        CSRBC ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        RegKill ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        RegKill ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        SL3Usb ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        SL3Usb ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        SL3UsbNoSSL ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        SL3UsbNoSSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0093 3840        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0093 3840        sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0109 3840        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0109 3840        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0109 3840        UKS11LDR ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0109 3840        UKS11LDR ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0109 3840        USBKS1X1 ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0109 3840        USBKS1X1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0109 3840        WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0109 3840        WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:51.0109 3840        WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
07:48:51.0109 3840        WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:48:52.0000 3840        \Device\Harddisk0\DR0\# - copied to quarantine
07:48:52.0015 3840        \Device\Harddisk0\DR0 - copied to quarantine
07:48:52.0015 3840        \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
07:48:52.0015 3840        \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
07:48:52.0062 3840        \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
07:48:52.0078 3840        \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:48:52.0078 3840        \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:48:52.0093 3840        \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:48:52.0093 3840        \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:48:52.0109 3840        \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:48:52.0125 3840        \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:48:52.0140 3840        \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:48:52.0328 3840        \Device\Harddisk0\DR0\TDLFS\kwrd - copied to quarantine
07:48:52.0453 3840        \Device\Harddisk0\DR0\TDLFS\kwrd.dll - copied to quarantine
07:48:52.0453 3840        \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
07:48:52.0453 3840        \Device\Harddisk0\DR0 - ok
07:48:52.0468 3840        \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
07:48:52.0468 3840        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:48:52.0468 3840        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Gruss
David

cosinus 14.02.2012 10:50
Jetzt kommt aber ein ganzer Sack voll Flöhe zum Vorschein! :wtf:

Zitat:
\Device\Harddisk0\DR0\# - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\kwrd - copied to quarantine
\Device\Harddisk0\DR0\TDLFS\kwrd.dll - copied to quarantine
\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Diese Einträge mit dem TDSS-Killer unbedingt löschen. Cioy to Quarantine reicht nicht.
Starte Windows neu und mach wieder ein neues Log.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:28 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131