Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   50-€ Virus infiziert (https://www.trojaner-board.de/110144-50-virus-infiziert.html)

cosinus 22.02.2012 19:10
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ricu123 22.02.2012 20:04
Habe durch das Tool von Kaspersky jetzt 20 Einträge, alle mit "medium risk", die soll ich also alle skippen?

hier die Logdatei:
Code:
20:06:51.0515 3804        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:06:52.0375 3804        ============================================================
20:06:52.0375 3804        Current date / time: 2012/02/22 20:06:52.0375
20:06:52.0375 3804        SystemInfo:
20:06:52.0375 3804       
20:06:52.0375 3804        OS Version: 5.1.2600 ServicePack: 3.0
20:06:52.0375 3804        Product type: Workstation
20:06:52.0375 3804        ComputerName: ACER-A9CE03BBC6
20:06:52.0390 3804        UserName: ******
20:06:52.0390 3804        Windows directory: C:\WINDOWS
20:06:52.0390 3804        System windows directory: C:\WINDOWS
20:06:52.0390 3804        Processor architecture: Intel x86
20:06:52.0390 3804        Number of processors: 1
20:06:52.0390 3804        Page size: 0x1000
20:06:52.0390 3804        Boot type: Normal boot
20:06:52.0390 3804        ============================================================
20:06:53.0875 3804        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:06:53.0875 3804        Drive \Device\Harddisk1\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:06:53.0875 3804        \Device\Harddisk0\DR0:
20:06:53.0875 3804        MBR used
20:06:53.0875 3804        \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x7D047E, BlocksNum 0x6B62221
20:06:53.0875 3804        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x733269F, BlocksNum 0x6C61122
20:06:53.0875 3804        \Device\Harddisk1\DR4:
20:06:53.0875 3804        MBR used
20:06:53.0875 3804        \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:06:54.0000 3804        Initialize success
20:06:54.0000 3804        ============================================================
20:08:07.0312 2584        ============================================================
20:08:07.0312 2584        Scan started
20:08:07.0312 2584        Mode: Manual; SigCheck; TDLFS;
20:08:07.0312 2584        ============================================================
20:08:10.0609 2584        Abiosdsk - ok
20:08:13.0015 2584        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:08:17.0671 2584        abp480n5 - ok
20:08:22.0656 2584        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:08:23.0187 2584        ACPI - ok
20:08:24.0890 2584        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:08:25.0125 2584        ACPIEC - ok
20:08:30.0875 2584        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:08:31.0078 2584        adpu160m - ok
20:08:39.0890 2584        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:08:40.0109 2584        aec - ok
20:08:43.0015 2584        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:08:43.0218 2584        AFD - ok
20:08:44.0343 2584        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:08:44.0578 2584        agp440 - ok
20:08:47.0625 2584        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:08:47.0875 2584        agpCPQ - ok
20:08:50.0218 2584        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:08:50.0296 2584        Aha154x - ok
20:08:51.0937 2584        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:08:52.0140 2584        aic78u2 - ok
20:08:52.0421 2584        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:08:52.0593 2584        aic78xx - ok
20:08:52.0687 2584        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:08:52.0875 2584        AliIde - ok
20:08:53.0171 2584        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:08:53.0328 2584        alim1541 - ok
20:08:53.0453 2584        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:08:53.0640 2584        amdagp - ok
20:08:53.0781 2584        AmdK8          (a96cc1761e4e6e997f3ca0021226c431) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:08:53.0812 2584        AmdK8 ( UnsignedFile.Multi.Generic ) - warning
20:08:53.0812 2584        AmdK8 - detected UnsignedFile.Multi.Generic (1)
20:08:53.0937 2584        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:08:54.0000 2584        amsint - ok
20:08:54.0125 2584        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:08:54.0281 2584        Arp1394 - ok
20:08:54.0500 2584        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:08:54.0671 2584        asc - ok
20:08:54.0812 2584        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:08:54.0890 2584        asc3350p - ok
20:08:55.0000 2584        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:08:55.0156 2584        asc3550 - ok
20:08:55.0390 2584        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:08:55.0546 2584        AsyncMac - ok
20:08:55.0625 2584        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:08:55.0781 2584        atapi - ok
20:08:56.0000 2584        Atdisk - ok
20:08:56.0109 2584        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:08:56.0281 2584        Atmarpc - ok
20:08:56.0515 2584        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:08:56.0687 2584        audstub - ok
20:08:56.0843 2584        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:08:56.0875 2584        avgio - ok
20:08:57.0062 2584        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:08:57.0171 2584        avgntflt - ok
20:08:57.0406 2584        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:08:57.0421 2584        avipbb - ok
20:08:57.0640 2584        BCM43XX        (3003c21e5e1f04ba84fc8e705a65db2b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:08:57.0703 2584        BCM43XX - ok
20:08:57.0843 2584        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:08:58.0031 2584        Beep - ok
20:08:58.0375 2584        Cam5603D        (b2c100ade3a01b663caa7eb68ee80a51) C:\WINDOWS\system32\Drivers\BisonCam.sys
20:08:58.0437 2584        Cam5603D - ok
20:08:58.0609 2584        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:08:58.0765 2584        cbidf - ok
20:08:58.0796 2584        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:08:58.0968 2584        cbidf2k - ok
20:08:59.0062 2584        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:08:59.0234 2584        CCDECODE - ok
20:08:59.0328 2584        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:08:59.0390 2584        cd20xrnt - ok
20:08:59.0437 2584        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:08:59.0593 2584        Cdaudio - ok
20:08:59.0687 2584        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:08:59.0843 2584        Cdfs - ok
20:08:59.0906 2584        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:00.0062 2584        Cdrom - ok
20:09:00.0328 2584        Changer - ok
20:09:00.0468 2584        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:00.0625 2584        CmBatt - ok
20:09:00.0750 2584        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:09:00.0906 2584        CmdIde - ok
20:09:01.0000 2584        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:01.0140 2584        Compbatt - ok
20:09:01.0250 2584        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:09:01.0406 2584        Cpqarray - ok
20:09:01.0546 2584        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:09:01.0703 2584        dac2w2k - ok
20:09:01.0812 2584        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:09:01.0984 2584        dac960nt - ok
20:09:02.0203 2584        DcCam          (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
20:09:02.0234 2584        DcCam - ok
20:09:02.0468 2584        DcFpoint        (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
20:09:02.0515 2584        DcFpoint - ok
20:09:02.0828 2584        DCFS2K          (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
20:09:02.0859 2584        DCFS2K - ok
20:09:03.0093 2584        DcLps          (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
20:09:03.0109 2584        DcLps - ok
20:09:03.0421 2584        DcPTP          (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
20:09:03.0437 2584        DcPTP - ok
20:09:03.0531 2584        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:03.0703 2584        Disk - ok
20:09:03.0921 2584        DKbFltr        (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
20:09:03.0953 2584        DKbFltr - ok
20:09:04.0109 2584        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:04.0312 2584        dmboot - ok
20:09:04.0546 2584        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:04.0718 2584        dmio - ok
20:09:04.0750 2584        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:04.0890 2584        dmload - ok
20:09:05.0093 2584        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:05.0281 2584        DMusic - ok
20:09:05.0437 2584        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:09:05.0593 2584        dpti2o - ok
20:09:05.0671 2584        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:05.0843 2584        drmkaud - ok
20:09:07.0125 2584        eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
20:09:07.0140 2584        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - warning
20:09:07.0140 2584        eLock2BurnerLockDriver - detected UnsignedFile.Multi.Generic (1)
20:09:08.0437 2584        eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys
20:09:08.0468 2584        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - warning
20:09:08.0468 2584        eLock2FSCTLDriver - detected UnsignedFile.Multi.Generic (1)
20:09:08.0765 2584        Exportit        (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
20:09:08.0781 2584        Exportit - ok
20:09:08.0859 2584        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:09.0031 2584        Fastfat - ok
20:09:09.0078 2584        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:09.0234 2584        Fdc - ok
20:09:09.0359 2584        FETNDIS        (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:09:09.0531 2584        FETNDIS - ok
20:09:09.0609 2584        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:09:09.0765 2584        Fips - ok
20:09:09.0921 2584        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:10.0078 2584        Flpydisk - ok
20:09:10.0328 2584        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:10.0484 2584        FltMgr - ok
20:09:10.0515 2584        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:10.0687 2584        Fs_Rec - ok
20:09:10.0890 2584        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:11.0078 2584        Ftdisk - ok
20:09:11.0234 2584        gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:09:11.0421 2584        gagp30kx - ok
20:09:11.0640 2584        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:09:11.0656 2584        GEARAspiWDM - ok
20:09:11.0828 2584        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:11.0984 2584        Gpc - ok
20:09:12.0203 2584        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:12.0359 2584        HDAudBus - ok
20:09:12.0562 2584        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:09:12.0718 2584        HidUsb - ok
20:09:12.0859 2584        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:09:13.0015 2584        hpn - ok
20:09:13.0203 2584        HSFHWAZL        (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:09:13.0234 2584        HSFHWAZL - ok
20:09:13.0593 2584        HSF_DPV        (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:09:13.0671 2584        HSF_DPV - ok
20:09:14.0015 2584        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:14.0062 2584        HTTP - ok
20:09:14.0218 2584        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:09:14.0390 2584        i2omgmt - ok
20:09:14.0515 2584        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:09:14.0671 2584        i2omp - ok
20:09:14.0859 2584        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:15.0031 2584        i8042prt - ok
20:09:15.0203 2584        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:15.0359 2584        Imapi - ok
20:09:15.0500 2584        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:09:15.0656 2584        ini910u - ok
20:09:15.0890 2584        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
20:09:15.0906 2584        int15 ( UnsignedFile.Multi.Generic ) - warning
20:09:15.0906 2584        int15 - detected UnsignedFile.Multi.Generic (1)
20:09:15.0937 2584        int15.sys - ok
20:09:16.0265 2584        IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:09:16.0750 2584        IntcAzAudAddService - ok
20:09:16.0921 2584        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:09:17.0093 2584        IntelIde - ok
20:09:17.0171 2584        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:17.0328 2584        Ip6Fw - ok
20:09:17.0375 2584        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:17.0546 2584        IpFilterDriver - ok
20:09:17.0718 2584        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:17.0875 2584        IpInIp - ok
20:09:17.0968 2584        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:18.0125 2584        IpNat - ok
20:09:18.0312 2584        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:18.0484 2584        IPSec - ok
20:09:18.0703 2584        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:09:18.0781 2584        irda - ok
20:09:18.0921 2584        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:19.0000 2584        IRENUM - ok
20:09:19.0203 2584        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:19.0359 2584        isapnp - ok
20:09:19.0578 2584        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:19.0718 2584        Kbdclass - ok
20:09:19.0906 2584        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:20.0062 2584        kmixer - ok
20:09:20.0296 2584        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:20.0343 2584        KSecDD - ok
20:09:20.0656 2584        lbrtfdc - ok
20:09:20.0843 2584        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:20.0859 2584        mdmxsdk - ok
20:09:20.0968 2584        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:21.0125 2584        mnmdd - ok
20:09:21.0281 2584        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:09:21.0421 2584        Modem - ok
20:09:21.0484 2584        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:21.0640 2584        Mouclass - ok
20:09:21.0953 2584        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:09:22.0093 2584        mouhid - ok
20:09:22.0250 2584        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:22.0421 2584        MountMgr - ok
20:09:22.0562 2584        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:09:22.0718 2584        mraid35x - ok
20:09:22.0875 2584        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:23.0046 2584        MRxDAV - ok
20:09:23.0234 2584        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:23.0296 2584        MRxSmb - ok
20:09:23.0421 2584        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:23.0562 2584        Msfs - ok
20:09:23.0843 2584        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:24.0031 2584        MSKSSRV - ok
20:09:24.0265 2584        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:24.0421 2584        MSPCLOCK - ok
20:09:24.0593 2584        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:24.0765 2584        MSPQM - ok
20:09:25.0015 2584        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:25.0156 2584        mssmbios - ok
20:09:25.0375 2584        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:25.0531 2584        MSTEE - ok
20:09:25.0703 2584        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:25.0750 2584        Mup - ok
20:09:25.0828 2584        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:26.0000 2584        NABTSFEC - ok
20:09:26.0125 2584        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:26.0281 2584        NDIS - ok
20:09:26.0421 2584        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:26.0593 2584        NdisIP - ok
20:09:26.0828 2584        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:26.0843 2584        NdisTapi - ok
20:09:26.0921 2584        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:27.0093 2584        Ndisuio - ok
20:09:27.0171 2584        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:27.0328 2584        NdisWan - ok
20:09:27.0546 2584        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:27.0593 2584        NDProxy - ok
20:09:27.0703 2584        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:27.0859 2584        NetBIOS - ok
20:09:27.0984 2584        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:28.0156 2584        NetBT - ok
20:09:28.0312 2584        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:28.0484 2584        NIC1394 - ok
20:09:28.0609 2584        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:28.0796 2584        Npfs - ok
20:09:29.0015 2584        NSCIRDA        (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:09:29.0093 2584        NSCIRDA - ok
20:09:29.0234 2584        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:29.0406 2584        Ntfs - ok
20:09:29.0640 2584        NTIDrvr        (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:09:29.0671 2584        NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
20:09:29.0671 2584        NTIDrvr - detected UnsignedFile.Multi.Generic (1)
20:09:29.0734 2584        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:29.0875 2584        Null - ok
20:09:30.0265 2584        nv              (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:09:30.0609 2584        nv ( UnsignedFile.Multi.Generic ) - warning
20:09:30.0609 2584        nv - detected UnsignedFile.Multi.Generic (1)
20:09:30.0859 2584        nvata          (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
20:09:30.0890 2584        nvata - ok
20:09:31.0062 2584        NVENETFD        (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:09:31.0062 2584        NVENETFD ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0062 2584        NVENETFD - detected UnsignedFile.Multi.Generic (1)
20:09:31.0218 2584        nvnetbus        (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:09:31.0234 2584        nvnetbus ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0234 2584        nvnetbus - detected UnsignedFile.Multi.Generic (1)
20:09:31.0390 2584        nvsmu          (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
20:09:31.0390 2584        nvsmu ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0390 2584        nvsmu - detected UnsignedFile.Multi.Generic (1)
20:09:31.0453 2584        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:31.0625 2584        NwlnkFlt - ok
20:09:31.0765 2584        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:31.0906 2584        NwlnkFwd - ok
20:09:32.0031 2584        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:32.0203 2584        ohci1394 - ok
20:09:32.0265 2584        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
20:09:32.0406 2584        Parport - ok
20:09:32.0500 2584        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:32.0640 2584        PartMgr - ok
20:09:32.0703 2584        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:32.0875 2584        ParVdm - ok
20:09:32.0968 2584        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:33.0109 2584        PCI - ok
20:09:33.0328 2584        PCIDump - ok
20:09:33.0453 2584        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:33.0609 2584        PCIIde - ok
20:09:33.0718 2584        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:33.0859 2584        Pcmcia - ok
20:09:34.0265 2584        PDCOMP - ok
20:09:34.0500 2584        PDFRAME - ok
20:09:34.0734 2584        PDRELI - ok
20:09:34.0984 2584        PDRFRAME - ok
20:09:35.0109 2584        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:09:35.0265 2584        perc2 - ok
20:09:35.0375 2584        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:09:35.0515 2584        perc2hib - ok
20:09:35.0656 2584        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:35.0812 2584        PptpMiniport - ok
20:09:35.0906 2584        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
20:09:36.0062 2584        Processor - ok
20:09:36.0140 2584        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:36.0296 2584        PSched - ok
20:09:36.0546 2584        psdfilter      (f11d814c3b6c60d3fdf19b12d73ae12d) C:\WINDOWS\system32\Drivers\psdfilter.sys
20:09:36.0562 2584        psdfilter ( UnsignedFile.Multi.Generic ) - warning
20:09:36.0562 2584        psdfilter - detected UnsignedFile.Multi.Generic (1)
20:09:36.0812 2584        psdvdisk        (8bcfef59df08c9542636c7b2e1e90ee9) C:\WINDOWS\system32\Drivers\psdvdisk.sys
20:09:36.0812 2584        psdvdisk ( UnsignedFile.Multi.Generic ) - warning
20:09:36.0812 2584        psdvdisk - detected UnsignedFile.Multi.Generic (1)
20:09:36.0890 2584        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:37.0062 2584        Ptilink - ok
20:09:37.0296 2584        PxHelp20        (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:09:37.0312 2584        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:09:37.0312 2584        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:09:37.0437 2584        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:09:37.0578 2584        ql1080 - ok
20:09:37.0687 2584        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:09:37.0859 2584        Ql10wnt - ok
20:09:37.0984 2584        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:09:38.0140 2584        ql12160 - ok
20:09:38.0281 2584        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:09:38.0437 2584        ql1240 - ok
20:09:38.0640 2584        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:09:38.0796 2584        ql1280 - ok
20:09:38.0828 2584        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:39.0015 2584        RasAcd - ok
20:09:39.0218 2584        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:09:39.0281 2584        Rasirda - ok
20:09:39.0406 2584        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:39.0546 2584        Rasl2tp - ok
20:09:39.0640 2584        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:39.0796 2584        RasPppoe - ok
20:09:39.0859 2584        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:40.0015 2584        Raspti - ok
20:09:40.0140 2584        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:40.0296 2584        Rdbss - ok
20:09:40.0343 2584        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:40.0484 2584        RDPCDD - ok
20:09:40.0656 2584        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:40.0796 2584        rdpdr - ok
20:09:40.0953 2584        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:41.0000 2584        RDPWD - ok
20:09:41.0125 2584        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:41.0296 2584        redbook - ok
20:09:41.0578 2584        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:41.0656 2584        Secdrv - ok
20:09:41.0796 2584        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:09:41.0968 2584        Serial - ok
20:09:42.0078 2584        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:09:42.0218 2584        Sfloppy - ok
20:09:42.0515 2584        Simbad - ok
20:09:42.0703 2584        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:09:42.0859 2584        sisagp - ok
20:09:42.0953 2584        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:43.0109 2584        SLIP - ok
20:09:43.0328 2584        snapman        (5c18c6b4d6b6111ddabe055880696f31) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:09:43.0343 2584        snapman ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0343 2584        snapman - detected UnsignedFile.Multi.Generic (1)
20:09:43.0437 2584        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:09:43.0500 2584        Sparrow - ok
20:09:43.0625 2584        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:43.0781 2584        splitter - ok
20:09:44.0000 2584        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:09:44.0000 2584        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:09:44.0000 2584        sptd ( LockedFile.Multi.Generic ) - warning
20:09:44.0000 2584        sptd - detected LockedFile.Multi.Generic (1)
20:09:44.0187 2584        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:44.0250 2584        sr - ok
20:09:44.0500 2584        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:44.0562 2584        Srv - ok
20:09:44.0796 2584        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:09:44.0812 2584        ssmdrv - ok
20:09:44.0921 2584        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:45.0078 2584        streamip - ok
20:09:45.0156 2584        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:45.0312 2584        swenum - ok
20:09:45.0421 2584        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:45.0593 2584        swmidi - ok
20:09:45.0796 2584        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:09:45.0953 2584        symc810 - ok
20:09:46.0125 2584        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:09:46.0296 2584        symc8xx - ok
20:09:46.0406 2584        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:09:46.0578 2584        sym_hi - ok
20:09:46.0687 2584        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:09:46.0843 2584        sym_u3 - ok
20:09:47.0031 2584        SynTP          (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:09:47.0062 2584        SynTP - ok
20:09:47.0156 2584        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:47.0312 2584        sysaudio - ok
20:09:47.0500 2584        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:47.0546 2584        Tcpip - ok
20:09:47.0703 2584        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:47.0875 2584        TDPIPE - ok
20:09:47.0921 2584        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:48.0078 2584        TDTCP - ok
20:09:48.0125 2584        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:48.0265 2584        TermDD - ok
20:09:48.0453 2584        tifm21          (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
20:09:48.0468 2584        tifm21 ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0468 2584        tifm21 - detected UnsignedFile.Multi.Generic (1)
20:09:48.0718 2584        tifsfilter      (6f66601689163373bda1a3cb10dfa633) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:09:48.0718 2584        tifsfilter ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0718 2584        tifsfilter - detected UnsignedFile.Multi.Generic (1)
20:09:49.0031 2584        timounter      (dec7d1d20259feff19c2a3114d428d61) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:09:49.0046 2584        timounter ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0046 2584        timounter - detected UnsignedFile.Multi.Generic (1)
20:09:49.0156 2584        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
20:09:49.0296 2584        TosIde - ok
20:09:49.0703 2584        tvicport        (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
20:09:49.0718 2584        tvicport ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0718 2584        tvicport - detected UnsignedFile.Multi.Generic (1)
20:09:49.0921 2584        UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
20:09:49.0921 2584        UBHelper ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0921 2584        UBHelper - detected UnsignedFile.Multi.Generic (1)
20:09:50.0000 2584        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:50.0156 2584        Udfs - ok
20:09:50.0312 2584        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:09:50.0375 2584        ultra - ok
20:09:50.0562 2584        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:50.0703 2584        Update - ok
20:09:50.0890 2584        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:09:50.0937 2584        USBAAPL - ok
20:09:51.0125 2584        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:51.0281 2584        usbehci - ok
20:09:51.0531 2584        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:51.0671 2584        usbhub - ok
20:09:51.0906 2584        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:09:52.0062 2584        usbohci - ok
20:09:52.0312 2584        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:52.0468 2584        usbprint - ok
20:09:52.0765 2584        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:52.0937 2584        usbscan - ok
20:09:53.0203 2584        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:53.0375 2584        usbstor - ok
20:09:53.0609 2584        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:53.0765 2584        usbuhci - ok
20:09:54.0031 2584        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:54.0187 2584        VgaSave - ok
20:09:54.0343 2584        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:09:54.0531 2584        viaagp - ok
20:09:54.0781 2584        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:09:54.0968 2584        ViaIde - ok
20:09:55.0171 2584        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:55.0312 2584        VolSnap - ok
20:09:55.0562 2584        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:55.0703 2584        Wanarp - ok
20:09:55.0937 2584        wanatw - ok
20:09:56.0156 2584        WDICA - ok
20:09:56.0406 2584        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:56.0562 2584        wdmaud - ok
20:09:56.0765 2584        winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:56.0812 2584        winachsf - ok
20:09:57.0171 2584        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:09:57.0328 2584        WmiAcpi - ok
20:09:57.0593 2584        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:57.0734 2584        WSTCODEC - ok
20:09:57.0953 2584        zntport        (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
20:09:57.0984 2584        zntport ( UnsignedFile.Multi.Generic ) - warning
20:09:57.0984 2584        zntport - detected UnsignedFile.Multi.Generic (1)
20:09:58.0015 2584        MBR (0x1B8)    (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
20:10:01.0765 2584        \Device\Harddisk0\DR0 - ok
20:10:01.0828 2584        Boot (0x1200)  (9580940a801cb45580aed16bccc70fbe) \Device\Harddisk0\DR0\Partition0
20:10:01.0828 2584        \Device\Harddisk0\DR0\Partition0 - ok
20:10:01.0859 2584        Boot (0x1200)  (40aaec4c3d508b3b583d4dde6d3fb3b9) \Device\Harddisk0\DR0\Partition1
20:10:01.0859 2584        \Device\Harddisk0\DR0\Partition1 - ok
20:10:01.0875 2584        ============================================================
20:10:01.0875 2584        Scan finished
20:10:01.0875 2584        ============================================================
20:10:02.0015 0824        Detected object count: 20
20:10:02.0015 0824        Actual detected object count: 20
20:12:50.0609 0824        AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        int15 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        nv ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        NVENETFD ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        NVENETFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        nvsmu ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        nvsmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        psdfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        psdfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        snapman ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        sptd ( LockedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tifm21 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        timounter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0640 0824        UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0640 0824        UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0640 0824        zntport ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0640 0824        zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.02.2012 20:55
Ja bitte alles skippen, so stand es in der Anweisung


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ricu123 22.02.2012 21:16
Hi
Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-02-22.01 - Poppel 22.02.2012  21:10:12.1.1 - FAT32x86
ausgeführt von:: c:\dokumente und einstellungen\Poppel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
c:\dokumente und einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free\Logs\update.log
c:\dokumente und einstellungen\Poppel\WINDOWS
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
H:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-21 12:55 . 2012-02-21 12:55        --------        d-----w-        C:\_OTL
2012-02-19 20:47 . 2012-02-19 20:47        --------        d-----w-        c:\programme\ESET
2012-02-15 15:13 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
2012-02-15 15:13 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\dllcache\iacenc.dll
2012-02-07 17:36 . 2012-02-07 17:36        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-02-07 17:36 . 2012-02-07 17:36        --------        d-----w-        c:\programme\LSoft Technologies
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 18:53 . 2012-01-12 18:53        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-04 04:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2006-01-09 19:01        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-04 04:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-04 04:00        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 04:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-12-10 14:24 . 2010-11-28 21:04        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 04:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"ntiMUI"="c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-08-08 634880]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-09 342016]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"QuickTime Task"="c:\programme\QuickTime Alternative\QTTask.exe" [2011-07-05 421888]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2011-08-25 886760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Poppel\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-15 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonBar]
2006-09-08 10:49        245760        ----a-w-        c:\windows\BUtilityBar\BisonBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:00        59392        ----a-w-        c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Java\\JRE6\\launch4j-tmp\\UltraMixer.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Dokumente und Einstellungen\\Poppel\\Eigene Dateien\\Mari schule\\UnrealTournament\\System\\0CLICK.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.02.2012 18:36 691696]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.11.2010 22:26 136360]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [15.12.2006 05:43 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [15.12.2006 05:43 90112]
R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.02.2012 18:09 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.02.2012 18:09 136176]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UBHELPER
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
- c:\windows\system32\msfeedssync.exe [2006-12-15 03:31]
.
2012-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2011-08-25 14:24]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-02-16 17:09]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-02-16 17:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-557839895 - c:\dokumente und einstellungen\All Users\Application Data\687940834\557839895.exe
MSConfigStartUp-portwexexe - c:\portwexexe.exe\portwexexe.exe
MSConfigStartUp-{D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - c:\dokumente und einstellungen\Poppel\Anwendungsdaten\Ukicko\ozwou.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-22 21:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\acer\Empowering Technology\eLock\LockServ.exe
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\dokume~1\Poppel\LOKALE~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22  21:21:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-22 20:21
.
Vor Suchlauf: 23 Verzeichnis(se), 19.294.683.136 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 19.169.935.360 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A7809B28B9D3A44EA898A7B5AAA60351

--- --- ---

gruß & :dankeschoen:

cosinus 22.02.2012 21:54
Partitionen nach NTFS konvertieren:
1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert d: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von D: eintippen (siehst Du im Arbeitsplatz auf D: - wenn "Lokaler Datenträger" da nur steht hat D: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung) - notfalls einen einfachen Namen für diese Partition vergeben im Arbeitsplatz über Rechtsklick=>Eigenschaften
4) Ggf. Bestätigen, dass das Laufwerk für den exklusiven Zugriff gesperrt werden muss mit J
5) Abwarten bis convert durch ist
Danach kommt C: dran
6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
7) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
8) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:06 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132