Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus im Verzeichnis "User\Benutzer\Cache\" (https://www.trojaner-board.de/102515-virus-verzeichnis-user-benutzer-cache.html)

cosinus 19.08.2011 17:33
hmpf. Dann mach es über OTL nochmal:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)


Code:
:Files
c:\programdata\1313429514.2848.bin
c:\programdata\1313429514.3168.bin
c:\programdata\1313429514.4040.bin
c:\programdata\1313429514.548.bin
c:\programdata\1313316337.bdinstall.bin
c:\program files (x86)\Ask.com
:Reg
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Ragnok 19.08.2011 18:58
Hier der Log nach dem Neustart:

Code:
All processes killed
========== FILES ==========
c:\programdata\1313429514.2848.bin moved successfully.
c:\programdata\1313429514.3168.bin moved successfully.
c:\programdata\1313429514.4040.bin moved successfully.
c:\programdata\1313429514.548.bin moved successfully.
c:\programdata\1313316337.bdinstall.bin moved successfully.
c:\program files (x86)\Ask.com\Updater folder moved successfully.
c:\program files (x86)\Ask.com\assets\oobe folder moved successfully.
c:\program files (x86)\Ask.com\assets folder moved successfully.
c:\program files (x86)\Ask.com folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry value HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\ not found.
Registry value HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd\\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Peter Bächler
->Temp folder emptied: 2408398 bytes
->Temporary Internet Files folder emptied: 1161250233 bytes
->Java cache emptied: 9805886 bytes
->FireFox cache emptied: 143025189 bytes
->Flash cache emptied: 146218 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 14113 bytes
%systemroot% .tmp files removed: 712704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.256,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.4 log created on 08192011_195215

Files\Folders moved on Reboot...
C:\Users\Peter Bächler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Ich fände es weiterhin nett, wenn mir das nächste Mal gesagt wird, was die Fixes/Scans/etc. tun, bevor ich irgendetwas kaputt mache ohne es zu wissen. ;) Trotzdem eine echt gute Hilfe, danke :)

cosinus 19.08.2011 19:51
Wenn ich hier auch noch jede Zeile im Script erklären muss, komm ich hier zu nichts anderem mehr. :balla:
Wenn man ein wenig des Englischen mächtig ist, kann man im Fixlog auch schon selbst einiges erkennen, was gelöscht wurde :pfeiff:
Außerdem lösch ich nur unnötige oder schädliche Dateien.


Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Ragnok 20.08.2011 13:36
Ich habe es beim ersten Scan verpennt den Log anzeigen zu lassen.
Hier der Log nach dem zweiten Scan:

Code:
2011/08/20 14:35:25.0849 0428        TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/20 14:35:26.0158 0428        ================================================================================
2011/08/20 14:35:26.0158 0428        SystemInfo:
2011/08/20 14:35:26.0158 0428       
2011/08/20 14:35:26.0158 0428        OS Version: 6.1.7601 ServicePack: 1.0
2011/08/20 14:35:26.0158 0428        Product type: Workstation
2011/08/20 14:35:26.0158 0428        ComputerName: PETER-NOTEBOOK
2011/08/20 14:35:26.0158 0428        UserName: MeinName
2011/08/20 14:35:26.0158 0428        Windows directory: C:\Windows
2011/08/20 14:35:26.0158 0428        System windows directory: C:\Windows
2011/08/20 14:35:26.0158 0428        Running under WOW64
2011/08/20 14:35:26.0158 0428        Processor architecture: Intel x64
2011/08/20 14:35:26.0158 0428        Number of processors: 2
2011/08/20 14:35:26.0158 0428        Page size: 0x1000
2011/08/20 14:35:26.0158 0428        Boot type: Normal boot
2011/08/20 14:35:26.0158 0428        ================================================================================
2011/08/20 14:35:26.0425 0428        Initialize success
2011/08/20 14:35:39.0859 2552        ================================================================================
2011/08/20 14:35:39.0859 2552        Scan started
2011/08/20 14:35:39.0859 2552        Mode: Manual;
2011/08/20 14:35:39.0859 2552        ================================================================================
2011/08/20 14:35:40.0244 2552        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/20 14:35:40.0338 2552        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/20 14:35:40.0438 2552        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/20 14:35:40.0720 2552        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/20 14:35:40.0806 2552        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/20 14:35:40.0872 2552        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/20 14:35:40.0951 2552        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/20 14:35:41.0044 2552        AgereSoftModem  (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/08/20 14:35:41.0100 2552        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/20 14:35:41.0134 2552        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/20 14:35:41.0156 2552        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/20 14:35:41.0190 2552        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/20 14:35:41.0213 2552        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/20 14:35:41.0249 2552        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/20 14:35:41.0303 2552        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/20 14:35:41.0335 2552        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/20 14:35:41.0468 2552        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/20 14:35:41.0560 2552        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/20 14:35:41.0593 2552        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/20 14:35:41.0636 2552        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/20 14:35:41.0666 2552        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/20 14:35:41.0712 2552        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/08/20 14:35:41.0836 2552        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/20 14:35:41.0938 2552        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/20 14:35:42.0004 2552        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/20 14:35:42.0060 2552        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/20 14:35:42.0177 2552        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/20 14:35:42.0242 2552        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/20 14:35:42.0286 2552        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/20 14:35:42.0322 2552        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/20 14:35:42.0357 2552        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/20 14:35:42.0439 2552        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/20 14:35:42.0499 2552        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/20 14:35:42.0545 2552        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/20 14:35:42.0624 2552        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/20 14:35:42.0708 2552        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/20 14:35:42.0805 2552        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/20 14:35:42.0895 2552        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/20 14:35:43.0021 2552        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/20 14:35:43.0125 2552        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/20 14:35:43.0212 2552        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/20 14:35:43.0277 2552        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/20 14:35:43.0328 2552        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/20 14:35:43.0371 2552        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/20 14:35:43.0410 2552        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/20 14:35:43.0453 2552        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/20 14:35:43.0530 2552        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/20 14:35:43.0588 2552        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/20 14:35:43.0612 2552        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/20 14:35:43.0664 2552        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/20 14:35:43.0833 2552        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/20 14:35:43.0970 2552        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/20 14:35:44.0060 2552        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/20 14:35:44.0113 2552        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/20 14:35:44.0199 2552        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/20 14:35:44.0253 2552        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/20 14:35:44.0300 2552        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/20 14:35:44.0341 2552        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/20 14:35:44.0371 2552        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/20 14:35:44.0412 2552        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/20 14:35:44.0471 2552        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/20 14:35:44.0533 2552        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/20 14:35:44.0556 2552        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/20 14:35:44.0619 2552        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/20 14:35:44.0675 2552        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/20 14:35:44.0722 2552        hamachi        (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
2011/08/20 14:35:44.0751 2552        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/20 14:35:44.0809 2552        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/20 14:35:44.0839 2552        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/20 14:35:44.0871 2552        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/20 14:35:44.0903 2552        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/20 14:35:44.0926 2552        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/20 14:35:44.0954 2552        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/20 14:35:45.0002 2552        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/20 14:35:45.0048 2552        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/20 14:35:45.0089 2552        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/20 14:35:45.0125 2552        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/20 14:35:45.0183 2552        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/20 14:35:45.0237 2552        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/20 14:35:45.0409 2552        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/20 14:35:45.0482 2552        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/20 14:35:45.0570 2552        int15.sys      (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
2011/08/20 14:35:45.0645 2552        IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/20 14:35:45.0695 2552        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/20 14:35:45.0737 2552        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/20 14:35:45.0785 2552        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/20 14:35:45.0820 2552        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/20 14:35:45.0863 2552        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/20 14:35:45.0888 2552        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/20 14:35:45.0922 2552        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/20 14:35:45.0959 2552        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/20 14:35:45.0990 2552        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/20 14:35:46.0026 2552        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/20 14:35:46.0067 2552        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/20 14:35:46.0111 2552        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/20 14:35:46.0149 2552        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/20 14:35:46.0193 2552        L1C            (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/08/20 14:35:46.0252 2552        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/08/20 14:35:46.0313 2552        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/20 14:35:46.0367 2552        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/20 14:35:46.0395 2552        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/20 14:35:46.0441 2552        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/20 14:35:46.0492 2552        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/20 14:35:46.0531 2552        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/20 14:35:46.0577 2552        massfilter      (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys
2011/08/20 14:35:46.0625 2552        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/20 14:35:46.0657 2552        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/20 14:35:46.0692 2552        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/20 14:35:46.0716 2552        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/20 14:35:46.0751 2552        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/20 14:35:46.0775 2552        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/20 14:35:46.0809 2552        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/20 14:35:46.0846 2552        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/20 14:35:46.0877 2552        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/20 14:35:46.0921 2552        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/20 14:35:46.0958 2552        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/20 14:35:46.0991 2552        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/20 14:35:47.0027 2552        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/20 14:35:47.0063 2552        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/20 14:35:47.0108 2552        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/20 14:35:47.0163 2552        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/20 14:35:47.0185 2552        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/20 14:35:47.0208 2552        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/20 14:35:47.0237 2552        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/20 14:35:47.0269 2552        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/20 14:35:47.0288 2552        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/20 14:35:47.0328 2552        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/20 14:35:47.0369 2552        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/20 14:35:47.0393 2552        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/20 14:35:47.0417 2552        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/20 14:35:47.0441 2552        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/20 14:35:47.0466 2552        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/08/20 14:35:47.0495 2552        mwlPSDNServ    (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/08/20 14:35:47.0517 2552        mwlPSDVDisk    (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/08/20 14:35:47.0557 2552        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/20 14:35:47.0608 2552        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/20 14:35:47.0638 2552        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/20 14:35:47.0662 2552        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/20 14:35:47.0697 2552        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/20 14:35:47.0739 2552        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/20 14:35:47.0789 2552        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/20 14:35:47.0837 2552        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/20 14:35:47.0878 2552        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/20 14:35:48.0043 2552        netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/20 14:35:48.0106 2552        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/20 14:35:48.0141 2552        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/20 14:35:48.0183 2552        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/20 14:35:48.0244 2552        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/20 14:35:48.0306 2552        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/08/20 14:35:48.0345 2552        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/20 14:35:48.0382 2552        nuvotoncir      (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
2011/08/20 14:35:48.0439 2552        NVHDA          (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/08/20 14:35:48.0716 2552        nvlddmkm        (ccb87cbaf1b9c24b874ff10fc9e260f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/20 14:35:48.0848 2552        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/20 14:35:48.0899 2552        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/20 14:35:48.0957 2552        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/20 14:35:49.0000 2552        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/20 14:35:49.0055 2552        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/20 14:35:49.0092 2552        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/20 14:35:49.0144 2552        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/20 14:35:49.0175 2552        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/20 14:35:49.0215 2552        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/20 14:35:49.0249 2552        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/20 14:35:49.0277 2552        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/20 14:35:49.0386 2552        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/20 14:35:49.0412 2552        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/20 14:35:49.0463 2552        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/20 14:35:49.0529 2552        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/20 14:35:49.0565 2552        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/20 14:35:49.0612 2552        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/20 14:35:49.0643 2552        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/20 14:35:49.0681 2552        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/20 14:35:49.0720 2552        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/20 14:35:49.0751 2552        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/20 14:35:49.0766 2552        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/20 14:35:49.0799 2552        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/20 14:35:49.0822 2552        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/20 14:35:49.0857 2552        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/20 14:35:49.0883 2552        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/20 14:35:49.0911 2552        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/20 14:35:49.0950 2552        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/20 14:35:50.0001 2552        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/20 14:35:50.0057 2552        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/20 14:35:50.0094 2552        RSUSBSTOR      (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/20 14:35:50.0160 2552        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/20 14:35:50.0208 2552        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/20 14:35:50.0259 2552        SecDrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
2011/08/20 14:35:50.0301 2552        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/20 14:35:50.0328 2552        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/20 14:35:50.0361 2552        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/20 14:35:50.0421 2552        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/20 14:35:50.0456 2552        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/20 14:35:50.0535 2552        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/20 14:35:50.0565 2552        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/20 14:35:50.0615 2552        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/20 14:35:50.0639 2552        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/20 14:35:50.0672 2552        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/20 14:35:50.0718 2552        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/20 14:35:50.0780 2552        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/20 14:35:50.0780 2552        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/20 14:35:50.0786 2552        sptd - detected LockedFile.Multi.Generic (1)
2011/08/20 14:35:50.0832 2552        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/20 14:35:50.0876 2552        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/20 14:35:50.0913 2552        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/20 14:35:50.0973 2552        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/20 14:35:51.0019 2552        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/20 14:35:51.0071 2552        SynTP          (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/20 14:35:51.0167 2552        Tcpip          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/20 14:35:51.0244 2552        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/20 14:35:51.0290 2552        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/20 14:35:51.0330 2552        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/20 14:35:51.0353 2552        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/20 14:35:51.0387 2552        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/20 14:35:51.0424 2552        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/20 14:35:51.0468 2552        TIEHDUSB        (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/08/20 14:35:51.0529 2552        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/20 14:35:51.0563 2552        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/20 14:35:51.0634 2552        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/08/20 14:35:51.0664 2552        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/20 14:35:51.0696 2552        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/20 14:35:51.0737 2552        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/08/20 14:35:51.0782 2552        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/20 14:35:51.0838 2552        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/20 14:35:51.0871 2552        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/20 14:35:51.0902 2552        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/20 14:35:51.0943 2552        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/20 14:35:52.0003 2552        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/20 14:35:52.0031 2552        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/20 14:35:52.0066 2552        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/20 14:35:52.0099 2552        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/20 14:35:52.0138 2552        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/20 14:35:52.0171 2552        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/20 14:35:52.0206 2552        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/20 14:35:52.0231 2552        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/20 14:35:52.0274 2552        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/20 14:35:52.0317 2552        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/20 14:35:52.0340 2552        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/20 14:35:52.0379 2552        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/20 14:35:52.0429 2552        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/20 14:35:52.0467 2552        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/20 14:35:52.0513 2552        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/20 14:35:52.0546 2552        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/20 14:35:52.0592 2552        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/20 14:35:52.0637 2552        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/20 14:35:52.0691 2552        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/20 14:35:52.0720 2552        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/20 14:35:52.0732 2552        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/20 14:35:52.0787 2552        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/20 14:35:52.0853 2552        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/20 14:35:52.0910 2552        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/20 14:35:52.0940 2552        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/20 14:35:53.0029 2552        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/20 14:35:53.0057 2552        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/20 14:35:53.0114 2552        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/20 14:35:53.0168 2552        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/20 14:35:53.0196 2552        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/20 14:35:53.0265 2552        ZTEusbmdm6k    (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/08/20 14:35:53.0301 2552        ZTEusbnet      (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/08/20 14:35:53.0336 2552        ZTEusbnmea      (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/08/20 14:35:53.0376 2552        ZTEusbser6k    (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/08/20 14:35:53.0420 2552        ZTEusbvoice    (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/08/20 14:35:53.0472 2552        MBR (0x1B8)    (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0
2011/08/20 14:35:53.0691 2552        Boot (0x1200)  (20e7cbd24a51efb468774d3834bd5c30) \Device\Harddisk0\DR0\Partition0
2011/08/20 14:35:53.0717 2552        Boot (0x1200)  (4b411c9bbca7c0a8887659cd96ed1b7d) \Device\Harddisk0\DR0\Partition1
2011/08/20 14:35:53.0722 2552        ================================================================================
2011/08/20 14:35:53.0722 2552        Scan finished
2011/08/20 14:35:53.0722 2552        ================================================================================
2011/08/20 14:35:53.0734 0956        Detected object count: 1
2011/08/20 14:35:53.0734 0956        Actual detected object count: 1
2011/08/20 14:35:56.0044 0956        LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus 21.08.2011 14:54
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Ragnok 21.08.2011 17:15
Hier der Log :)

Code:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 17:54:28
-----------------------------
17:54:28.736    OS Version: Windows x64 6.1.7601 Service Pack 1
17:54:28.736    Number of processors: 2 586 0x170A
17:54:28.737    ComputerName: PETER-NOTEBOOK  UserName: Mein Name
17:54:30.218    Initialize success
18:01:01.020    AVAST engine defs: 11082100
18:01:37.386    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:01:37.388    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:01:37.390    Disk 0 MBR read error 0
18:01:37.393    Disk 0 MBR scan
18:01:37.412    Disk 0 unknown MBR code
18:01:37.415    MBR BIOS signature not found 0
18:01:37.419    Service scanning
18:01:41.007    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:01:42.432    Modules scanning
18:01:42.435    Disk 0 trace - called modules:
18:01:42.468    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spdq.sys hal.dll
18:01:42.472    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cef470]
18:01:42.476    3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> [0xfffffa8004b2ebe0]
18:01:42.807    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b31050]
18:01:44.020    AVAST engine scan C:\Windows
18:02:21.244    AVAST engine scan C:\Windows\system32
18:02:31.251    AVAST engine scan C:\Windows\system32\drivers
18:02:41.257    AVAST engine scan C:\Users\Peter Bächler
18:02:51.262    AVAST engine scan C:\ProgramData
18:02:51.268    Scan finished successfully
18:04:53.443    Disk 0 MBR has been saved successfully to "C:\Users\Peter Bächler\Desktop\MBR.dat"
18:04:53.449    The log file has been saved successfully to "C:\Users\Peter Bächler\Desktop\aswMBR.txt"
Mit wie vielen Scans muss ich eigentlich noch rechnen?
Dass ich das Risiko einer Infektion immer habe ist klar, aber ich spüre keine Beeinträchtigungen durch den Virus, welcher evtl. schon vorher von Malwarebytes entfernt wurde.

cosinus 21.08.2011 17:38
Zitat:
18:01:37.390 Disk 0 MBR read error 0
Ich glaube du hast das Tool nicht per Rechtsklick als Admin ausgeführt

Zitat:
Mit wie vielen Scans muss ich eigentlich noch rechnen?
Hängt von der Stärke der Infektion ab und davon, wie genau du die Anleitungen liest und ausführst :pfeiff:

Ragnok 21.08.2011 19:30
Hmmm...
Habe nochmal gescannt und diesmal wirklich als Administrator ausgeführt

Code:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 17:54:28
-----------------------------
17:54:28.736    OS Version: Windows x64 6.1.7601 Service Pack 1
17:54:28.736    Number of processors: 2 586 0x170A
17:54:28.737    ComputerName: PETER-NOTEBOOK  UserName: Peter Bächler
17:54:30.218    Initialize success
18:01:01.020    AVAST engine defs: 11082100
18:01:37.386    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:01:37.388    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:01:37.390    Disk 0 MBR read error 0
18:01:37.393    Disk 0 MBR scan
18:01:37.412    Disk 0 unknown MBR code
18:01:37.415    MBR BIOS signature not found 0
18:01:37.419    Service scanning
18:01:41.007    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:01:42.432    Modules scanning
18:01:42.435    Disk 0 trace - called modules:
18:01:42.468    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spdq.sys hal.dll
18:01:42.472    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cef470]
18:01:42.476    3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> [0xfffffa8004b2ebe0]
18:01:42.807    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b31050]
18:01:44.020    AVAST engine scan C:\Windows
18:02:21.244    AVAST engine scan C:\Windows\system32
18:02:31.251    AVAST engine scan C:\Windows\system32\drivers
18:02:41.257    AVAST engine scan C:\Users\Peter Bächler
18:02:51.262    AVAST engine scan C:\ProgramData
18:02:51.268    Scan finished successfully
18:04:53.443    Disk 0 MBR has been saved successfully to "C:\Users\Peter Bächler\Desktop\MBR.dat"
18:04:53.449    The log file has been saved successfully to "C:\Users\Peter Bächler\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 20:28:05
-----------------------------
20:28:05.818    OS Version: Windows x64 6.1.7601 Service Pack 1
20:28:05.819    Number of processors: 2 586 0x170A
20:28:05.820    ComputerName: PETER-NOTEBOOK  UserName: Peter Bächler
20:28:07.791    Initialize success
20:28:11.976    AVAST engine defs: 11082100
20:28:16.941    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:28:16.943    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:28:16.945    Disk 0 MBR read error 0
20:28:16.948    Disk 0 MBR scan
20:28:16.961    Disk 0 unknown MBR code
20:28:16.964    MBR BIOS signature not found 0
20:28:16.967    Service scanning
20:28:20.578    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:28:21.984    Modules scanning
20:28:21.988    Disk 0 trace - called modules:
20:28:22.017    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spbk.sys hal.dll
20:28:22.021    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cea6b0]
20:28:22.026    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8004b26e40]
20:28:22.408    5 ACPI.sys[fffff8800119b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b9b050]
20:28:23.902    AVAST engine scan C:\Windows
20:29:01.102    AVAST engine scan C:\Windows\system32
20:29:11.112    AVAST engine scan C:\Windows\system32\drivers
20:29:21.117    AVAST engine scan C:\Users\Peter Bächler
20:29:31.123    AVAST engine scan C:\ProgramData
20:29:31.128    Scan finished successfully
20:30:12.096    Disk 0 MBR has been saved successfully to "C:\Users\Peter Bächler\Desktop\MBR.dat"
20:30:12.115    The log file has been saved successfully to "C:\Users\Peter Bächler\Desktop\aswMBR.txt"

cosinus 21.08.2011 19:55
Zitat:
20:28:16.945 Disk 0 MBR read error 0
20:28:16.948 Disk 0 MBR scan
20:28:16.961 Disk 0 unknown MBR code
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Führe im normalen Windowsmodus MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab) und wenn es geht GMER nochmals aus und poste die neuen Logs.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:44 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131