Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   50 Euro Trojaner blockiert Windows System (https://www.trojaner-board.de/109851-50-euro-trojaner-blockiert-windows-system.html)

cosinus 15.02.2012 17:32
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

magalii 15.02.2012 17:51
Hab mir grade die TDSSKiller.exe datei geladen, allerdings zeigt Avira an dass Malware gefunden wurde: TR/Crypt.ULPM.Gen
Der Zugriff wurde mir Verweigert und ich kann nur auf Entfernen und Details klicken. Was kann ich tun um die Datei trotzdem auszuführen?
Gruß

magalii 15.02.2012 18:18
So, habs geschafft
Hier das Log:

Code:
18:08:17.0017 0172        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
18:08:17.0922 0172        ============================================================
18:08:17.0922 0172        Current date / time: 2012/02/15 18:08:17.0922
18:08:17.0922 0172        SystemInfo:
18:08:17.0922 0172       
18:08:17.0922 0172        OS Version: 6.0.6001 ServicePack: 1.0
18:08:17.0922 0172        Product type: Workstation
18:08:17.0922 0172        ComputerName: HAUS-PC
18:08:17.0922 0172        UserName: ***
18:08:17.0922 0172        Windows directory: C:\Windows
18:08:17.0922 0172        System windows directory: C:\Windows
18:08:17.0922 0172        Running under WOW64
18:08:17.0922 0172        Processor architecture: Intel x64
18:08:17.0922 0172        Number of processors: 2
18:08:17.0922 0172        Page size: 0x1000
18:08:17.0922 0172        Boot type: Normal boot
18:08:17.0922 0172        ============================================================
18:08:19.0061 0172        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:08:19.0061 0172        \Device\Harddisk0\DR0:
18:08:19.0061 0172        MBR used
18:08:19.0061 0172        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23C22800
18:08:19.0061 0172        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23C23000, BlocksNum 0x180A000
18:08:19.0170 0172        Initialize success
18:08:19.0170 0172        ============================================================
18:08:28.0218 4744        ============================================================
18:08:28.0218 4744        Scan started
18:08:28.0218 4744        Mode: Manual; SigCheck; TDLFS;
18:08:28.0218 4744        ============================================================
18:08:29.0279 4744        Accelerometer  (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:08:29.0450 4744        Accelerometer - ok
18:08:29.0497 4744        ACPI            (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
18:08:29.0528 4744        ACPI - ok
18:08:29.0559 4744        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:08:29.0622 4744        adp94xx - ok
18:08:29.0669 4744        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:08:29.0715 4744        adpahci - ok
18:08:29.0715 4744        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:08:29.0731 4744        adpu160m - ok
18:08:29.0747 4744        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:08:29.0762 4744        adpu320 - ok
18:08:29.0856 4744        AFD            (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
18:08:29.0934 4744        AFD - ok
18:08:30.0027 4744        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:08:30.0043 4744        agp440 - ok
18:08:30.0121 4744        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:08:30.0137 4744        aic78xx - ok
18:08:30.0168 4744        aliide          (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
18:08:30.0183 4744        aliide - ok
18:08:30.0199 4744        amdide          (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
18:08:30.0215 4744        amdide - ok
18:08:30.0261 4744        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:08:30.0464 4744        AmdK8 - ok
18:08:30.0636 4744        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:08:30.0651 4744        arc - ok
18:08:30.0683 4744        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:08:30.0698 4744        arcsas - ok
18:08:30.0729 4744        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:30.0792 4744        AsyncMac - ok
18:08:30.0823 4744        atapi          (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
18:08:30.0839 4744        atapi - ok
18:08:31.0041 4744        atikmdag        (4b42547ae95a31d0e1e200b68a6c7647) C:\Windows\system32\DRIVERS\atikmdag.sys
18:08:31.0338 4744        atikmdag - ok
18:08:31.0494 4744        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:08:31.0541 4744        avgntflt - ok
18:08:31.0634 4744        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:08:31.0650 4744        avipbb - ok
18:08:31.0665 4744        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:08:31.0681 4744        avkmgr - ok
18:08:31.0899 4744        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:08:32.0040 4744        blbdrive - ok
18:08:32.0336 4744        bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
18:08:32.0414 4744        bowser - ok
18:08:32.0508 4744        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:08:32.0664 4744        BrFiltLo - ok
18:08:32.0679 4744        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:08:32.0742 4744        BrFiltUp - ok
18:08:32.0804 4744        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:08:33.0038 4744        Brserid - ok
18:08:33.0147 4744        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:08:33.0272 4744        BrSerWdm - ok
18:08:33.0288 4744        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:08:33.0381 4744        BrUsbMdm - ok
18:08:33.0428 4744        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:08:33.0491 4744        BrUsbSer - ok
18:08:33.0584 4744        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:08:33.0662 4744        BTHMODEM - ok
18:08:33.0725 4744        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:08:33.0771 4744        cdfs - ok
18:08:33.0818 4744        cdrbsdrv        (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
18:08:33.0834 4744        cdrbsdrv - ok
18:08:33.0865 4744        cdrom          (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
18:08:33.0943 4744        cdrom - ok
18:08:33.0990 4744        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:08:34.0068 4744        circlass - ok
18:08:34.0099 4744        CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
18:08:34.0146 4744        CLFS - ok
18:08:34.0255 4744        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:34.0333 4744        CmBatt - ok
18:08:34.0364 4744        cmdide          (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
18:08:34.0380 4744        cmdide - ok
18:08:34.0411 4744        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:08:34.0427 4744        Compbatt - ok
18:08:34.0442 4744        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:08:34.0473 4744        crcdisk - ok
18:08:34.0520 4744        DfsC            (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
18:08:34.0598 4744        DfsC - ok
18:08:34.0785 4744        disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
18:08:34.0801 4744        disk - ok
18:08:34.0910 4744        Dot4            (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
18:08:34.0988 4744        Dot4 - ok
18:08:35.0082 4744        Dot4Print      (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:08:35.0144 4744        Dot4Print - ok
18:08:35.0175 4744        dot4usb        (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
18:08:35.0253 4744        dot4usb - ok
18:08:35.0347 4744        drmkaud        (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
18:08:35.0409 4744        drmkaud - ok
18:08:35.0456 4744        DXGKrnl        (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
18:08:35.0581 4744        DXGKrnl - ok
18:08:35.0675 4744        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:08:35.0737 4744        E1G60 - ok
18:08:35.0784 4744        Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
18:08:35.0799 4744        Ecache - ok
18:08:35.0846 4744        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:08:35.0877 4744        elxstor - ok
18:08:35.0909 4744        enecir          (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
18:08:35.0955 4744        enecir - ok
18:08:36.0002 4744        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:08:36.0080 4744        ErrDev - ok
18:08:36.0111 4744        exfat          (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
18:08:36.0189 4744        exfat - ok
18:08:36.0267 4744        fastfat        (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
18:08:36.0361 4744        fastfat - ok
18:08:36.0377 4744        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:08:36.0439 4744        fdc - ok
18:08:36.0486 4744        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:08:36.0501 4744        FileInfo - ok
18:08:36.0517 4744        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:08:36.0579 4744        Filetrace - ok
18:08:36.0595 4744        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:36.0673 4744        flpydisk - ok
18:08:36.0704 4744        FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
18:08:36.0735 4744        FltMgr - ok
18:08:36.0782 4744        fssfltr        (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
18:08:36.0782 4744        fssfltr - ok
18:08:36.0860 4744        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:08:36.0954 4744        Fs_Rec - ok
18:08:37.0313 4744        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:08:37.0328 4744        gagp30kx - ok
18:08:37.0406 4744        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:37.0422 4744        GEARAspiWDM - ok
18:08:37.0469 4744        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:08:37.0578 4744        HdAudAddService - ok
18:08:37.0625 4744        HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:08:37.0687 4744        HDAudBus - ok
18:08:37.0734 4744        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:08:37.0827 4744        HidBth - ok
18:08:37.0859 4744        HidIr          (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
18:08:37.0905 4744        HidIr - ok
18:08:37.0952 4744        HidUsb          (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
18:08:38.0046 4744        HidUsb - ok
18:08:38.0093 4744        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:08:38.0108 4744        HpCISSs - ok
18:08:38.0155 4744        hpdskflt        (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:08:38.0171 4744        hpdskflt - ok
18:08:38.0202 4744        HpqKbFiltr      (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:08:38.0249 4744        HpqKbFiltr - ok
18:08:38.0342 4744        HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
18:08:38.0451 4744        HTTP - ok
18:08:38.0545 4744        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:08:38.0576 4744        i2omp - ok
18:08:38.0592 4744        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:08:38.0654 4744        i8042prt - ok
18:08:38.0717 4744        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:08:38.0732 4744        iaStorV - ok
18:08:38.0779 4744        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:08:38.0795 4744        iirsp - ok
18:08:38.0841 4744        intelide        (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
18:08:38.0857 4744        intelide - ok
18:08:38.0857 4744        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:08:38.0951 4744        intelppm - ok
18:08:38.0982 4744        IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:39.0044 4744        IpFilterDriver - ok
18:08:39.0075 4744        IpInIp - ok
18:08:39.0091 4744        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:08:39.0153 4744        IPMIDRV - ok
18:08:39.0185 4744        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:08:39.0247 4744        IPNAT - ok
18:08:39.0278 4744        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:08:39.0356 4744        IRENUM - ok
18:08:39.0434 4744        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:08:39.0450 4744        isapnp - ok
18:08:39.0481 4744        iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
18:08:39.0497 4744        iScsiPrt - ok
18:08:39.0528 4744        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:08:39.0543 4744        iteatapi - ok
18:08:39.0543 4744        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:08:39.0559 4744        iteraid - ok
18:08:39.0590 4744        JMCR            (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
18:08:39.0637 4744        JMCR - ok
18:08:39.0653 4744        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:08:39.0668 4744        kbdclass - ok
18:08:39.0699 4744        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:08:39.0762 4744        kbdhid - ok
18:08:39.0824 4744        KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
18:08:39.0855 4744        KSecDD - ok
18:08:39.0918 4744        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:08:40.0011 4744        ksthunk - ok
18:08:40.0121 4744        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:08:40.0199 4744        lltdio - ok
18:08:40.0245 4744        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:08:40.0261 4744        LSI_FC - ok
18:08:40.0277 4744        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:08:40.0292 4744        LSI_SAS - ok
18:08:40.0339 4744        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:08:40.0355 4744        LSI_SCSI - ok
18:08:40.0370 4744        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:08:40.0448 4744        luafv - ok
18:08:40.0495 4744        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:08:40.0511 4744        megasas - ok
18:08:40.0557 4744        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:08:40.0604 4744        MegaSR - ok
18:08:40.0651 4744        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:08:40.0713 4744        Modem - ok
18:08:40.0760 4744        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:08:40.0823 4744        monitor - ok
18:08:40.0869 4744        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:08:40.0885 4744        mouclass - ok
18:08:40.0932 4744        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:08:41.0010 4744        mouhid - ok
18:08:41.0041 4744        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:08:41.0057 4744        MountMgr - ok
18:08:41.0088 4744        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:08:41.0103 4744        mpio - ok
18:08:41.0119 4744        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:08:41.0181 4744        mpsdrv - ok
18:08:41.0213 4744        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:08:41.0228 4744        Mraid35x - ok
18:08:41.0259 4744        MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
18:08:41.0306 4744        MRxDAV - ok
18:08:41.0337 4744        mrxsmb          (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:41.0415 4744        mrxsmb - ok
18:08:41.0447 4744        mrxsmb10        (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:41.0478 4744        mrxsmb10 - ok
18:08:41.0509 4744        mrxsmb20        (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:41.0540 4744        mrxsmb20 - ok
18:08:41.0587 4744        msahci          (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
18:08:41.0603 4744        msahci - ok
18:08:41.0618 4744        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:08:41.0634 4744        msdsm - ok
18:08:41.0665 4744        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:08:41.0743 4744        Msfs - ok
18:08:41.0790 4744        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:08:41.0805 4744        msisadrv - ok
18:08:41.0852 4744        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:08:41.0915 4744        MSKSSRV - ok
18:08:41.0946 4744        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:42.0024 4744        MSPCLOCK - ok
18:08:42.0086 4744        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:08:42.0149 4744        MSPQM - ok
18:08:42.0195 4744        MsRPC          (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
18:08:42.0211 4744        MsRPC - ok
18:08:42.0242 4744        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:08:42.0258 4744        mssmbios - ok
18:08:42.0289 4744        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:08:42.0367 4744        MSTEE - ok
18:08:42.0383 4744        Mup            (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
18:08:42.0398 4744        Mup - ok
18:08:42.0445 4744        NativeWifiP    (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
18:08:42.0507 4744        NativeWifiP - ok
18:08:42.0601 4744        NDIS            (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
18:08:42.0710 4744        NDIS - ok
18:08:42.0788 4744        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:42.0835 4744        NdisTapi - ok
18:08:42.0913 4744        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:42.0975 4744        Ndisuio - ok
18:08:43.0007 4744        NdisWan        (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:43.0085 4744        NdisWan - ok
18:08:43.0116 4744        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:08:43.0163 4744        NDProxy - ok
18:08:43.0256 4744        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:08:43.0334 4744        NetBIOS - ok
18:08:43.0381 4744        netbt          (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
18:08:43.0443 4744        netbt - ok
18:08:43.0568 4744        NETw3v64        (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
18:08:43.0833 4744        NETw3v64 - ok
18:08:44.0036 4744        NETw5v64        (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:08:44.0348 4744        NETw5v64 - ok
18:08:44.0411 4744        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:08:44.0426 4744        nfrd960 - ok
18:08:44.0457 4744        Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
18:08:44.0504 4744        Npfs - ok
18:08:44.0520 4744        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:08:44.0598 4744        nsiproxy - ok
18:08:44.0660 4744        Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
18:08:44.0754 4744        Ntfs - ok
18:08:44.0879 4744        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:08:44.0941 4744        Null - ok
18:08:44.0972 4744        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:08:44.0988 4744        nvraid - ok
18:08:45.0003 4744        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:08:45.0035 4744        nvstor - ok
18:08:45.0066 4744        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:08:45.0081 4744        nv_agp - ok
18:08:45.0097 4744        NwlnkFlt - ok
18:08:45.0097 4744        NwlnkFwd - ok
18:08:45.0159 4744        ohci1394        (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
18:08:45.0237 4744        ohci1394 - ok
18:08:45.0269 4744        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:08:45.0378 4744        Parport - ok
18:08:45.0393 4744        partmgr        (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
18:08:45.0425 4744        partmgr - ok
18:08:45.0440 4744        pci            (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
18:08:45.0456 4744        pci - ok
18:08:45.0487 4744        pciide          (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
18:08:45.0503 4744        pciide - ok
18:08:45.0534 4744        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:08:45.0549 4744        pcmcia - ok
18:08:45.0596 4744        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:08:45.0737 4744        PEAUTH - ok
18:08:45.0877 4744        PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:45.0939 4744        PptpMiniport - ok
18:08:45.0955 4744        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:08:46.0033 4744        Processor - ok
18:08:46.0095 4744        PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
18:08:46.0142 4744        PSched - ok
18:08:46.0220 4744        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:08:46.0283 4744        ql2300 - ok
18:08:46.0345 4744        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:08:46.0345 4744        ql40xx - ok
18:08:46.0376 4744        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:08:46.0407 4744        QWAVEdrv - ok
18:08:46.0407 4744        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:46.0485 4744        RasAcd - ok
18:08:46.0548 4744        Rasl2tp        (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:46.0626 4744        Rasl2tp - ok
18:08:46.0657 4744        RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:46.0735 4744        RasPppoe - ok
18:08:46.0797 4744        RasSstp        (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:46.0860 4744        RasSstp - ok
18:08:46.0907 4744        rdbss          (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:46.0985 4744        rdbss - ok
18:08:47.0016 4744        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:47.0078 4744        RDPCDD - ok
18:08:47.0125 4744        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:08:47.0187 4744        rdpdr - ok
18:08:47.0219 4744        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:08:47.0281 4744        RDPENCDD - ok
18:08:47.0328 4744        RDPWD          (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
18:08:47.0406 4744        RDPWD - ok
18:08:47.0531 4744        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:08:47.0593 4744        rspndr - ok
18:08:47.0640 4744        RTL8169        (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:08:47.0687 4744        RTL8169 - ok
18:08:47.0733 4744        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:08:47.0765 4744        sbp2port - ok
18:08:47.0811 4744        sdbus          (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:08:47.0874 4744        sdbus - ok
18:08:47.0905 4744        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:08:47.0999 4744        secdrv - ok
18:08:48.0030 4744        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:08:48.0139 4744        Serenum - ok
18:08:48.0170 4744        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:08:48.0279 4744        Serial - ok
18:08:48.0357 4744        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:08:48.0435 4744        sermouse - ok
18:08:48.0467 4744        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:08:48.0545 4744        sffdisk - ok
18:08:48.0560 4744        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:08:48.0638 4744        sffp_mmc - ok
18:08:48.0654 4744        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:08:48.0732 4744        sffp_sd - ok
18:08:48.0763 4744        sfloppy        (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:48.0825 4744        sfloppy - ok
18:08:48.0872 4744        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:08:48.0888 4744        SiSRaid2 - ok
18:08:48.0903 4744        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:08:48.0919 4744        SiSRaid4 - ok
18:08:48.0950 4744        Smb            (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
18:08:49.0013 4744        Smb - ok
18:08:49.0075 4744        spldr          (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
18:08:49.0091 4744        spldr - ok
18:08:49.0137 4744        srv            (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
18:08:49.0231 4744        srv - ok
18:08:49.0309 4744        srv2            (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
18:08:49.0371 4744        srv2 - ok
18:08:49.0449 4744        srvnet          (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
18:08:49.0481 4744        srvnet - ok
18:08:49.0527 4744        STHDA          (0c2bf91cdc0575f5713a4d2d5118bc06) C:\Windows\system32\DRIVERS\stwrt64.sys
18:08:49.0605 4744        STHDA - ok
18:08:49.0668 4744        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:08:49.0683 4744        swenum - ok
18:08:49.0730 4744        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:08:49.0746 4744        Symc8xx - ok
18:08:49.0761 4744        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:08:49.0777 4744        Sym_hi - ok
18:08:49.0793 4744        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:08:49.0808 4744        Sym_u3 - ok
18:08:49.0839 4744        SynTP          (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys
18:08:49.0871 4744        SynTP - ok
18:08:49.0933 4744        Tcpip          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
18:08:50.0042 4744        Tcpip - ok
18:08:50.0151 4744        Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
18:08:50.0214 4744        Tcpip6 - ok
18:08:50.0276 4744        tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
18:08:50.0354 4744        tcpipreg - ok
18:08:50.0370 4744        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:08:50.0448 4744        TDPIPE - ok
18:08:50.0463 4744        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:08:50.0526 4744        TDTCP - ok
18:08:50.0541 4744        tdx            (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
18:08:50.0619 4744        tdx - ok
18:08:50.0651 4744        TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
18:08:50.0682 4744        TermDD - ok
18:08:50.0729 4744        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:50.0775 4744        tssecsrv - ok
18:08:50.0822 4744        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:08:50.0869 4744        tunmp - ok
18:08:50.0916 4744        tunnel          (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
18:08:50.0947 4744        tunnel - ok
18:08:50.0994 4744        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:08:51.0009 4744        uagp35 - ok
18:08:51.0041 4744        udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
18:08:51.0119 4744        udfs - ok
18:08:51.0150 4744        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:08:51.0165 4744        uliagpkx - ok
18:08:51.0197 4744        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:08:51.0228 4744        uliahci - ok
18:08:51.0243 4744        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:08:51.0275 4744        UlSata - ok
18:08:51.0290 4744        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:08:51.0337 4744        ulsata2 - ok
18:08:51.0368 4744        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:08:51.0431 4744        umbus - ok
18:08:51.0555 4744        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:08:51.0602 4744        USBAAPL64 - ok
18:08:51.0649 4744        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:51.0711 4744        usbccgp - ok
18:08:51.0774 4744        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:08:51.0883 4744        usbcir - ok
18:08:51.0945 4744        usbehci        (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
18:08:52.0023 4744        usbehci - ok
18:08:52.0055 4744        usbhub          (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
18:08:52.0117 4744        usbhub - ok
18:08:52.0133 4744        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:08:52.0211 4744        usbohci - ok
18:08:52.0257 4744        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:08:52.0304 4744        usbprint - ok
18:08:52.0335 4744        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:08:52.0382 4744        usbscan - ok
18:08:52.0413 4744        USBSTOR        (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:52.0460 4744        USBSTOR - ok
18:08:52.0476 4744        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:52.0523 4744        usbuhci - ok
18:08:52.0601 4744        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:08:52.0647 4744        usbvideo - ok
18:08:52.0679 4744        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:52.0741 4744        vga - ok
18:08:52.0772 4744        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:08:52.0819 4744        VgaSave - ok
18:08:52.0819 4744        viaide          (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
18:08:52.0835 4744        viaide - ok
18:08:52.0866 4744        volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
18:08:52.0866 4744        volmgr - ok
18:08:52.0897 4744        volmgrx        (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
18:08:52.0928 4744        volmgrx - ok
18:08:52.0975 4744        volsnap        (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
18:08:52.0991 4744        volsnap - ok
18:08:53.0022 4744        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:08:53.0053 4744        vsmraid - ok
18:08:53.0084 4744        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:08:53.0193 4744        WacomPen - ok
18:08:53.0225 4744        Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:53.0287 4744        Wanarp - ok
18:08:53.0303 4744        Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:53.0349 4744        Wanarpv6 - ok
18:08:53.0381 4744        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:08:53.0396 4744        Wd - ok
18:08:53.0443 4744        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:08:53.0490 4744        Wdf01000 - ok
18:08:53.0568 4744        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:08:53.0630 4744        WmiAcpi - ok
18:08:53.0677 4744        WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
18:08:53.0739 4744        WpdUsb - ok
18:08:53.0802 4744        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:08:53.0880 4744        ws2ifsl - ok
18:08:53.0927 4744        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:54.0005 4744        WUDFRd - ok
18:08:54.0098 4744        yukonx64        (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:08:54.0207 4744        yukonx64 - ok
18:08:54.0239 4744        MBR (0x1B8)    (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:08:54.0363 4744        \Device\Harddisk0\DR0 - ok
18:08:54.0395 4744        Boot (0x1200)  (a76a474408eb675201e350b6f1f99a7e) \Device\Harddisk0\DR0\Partition0
18:08:54.0395 4744        \Device\Harddisk0\DR0\Partition0 - ok
18:08:54.0441 4744        Boot (0x1200)  (357e9131dbd7cb0bfe90a54a6d405813) \Device\Harddisk0\DR0\Partition1
18:08:54.0441 4744        \Device\Harddisk0\DR0\Partition1 - ok
18:08:54.0441 4744        ============================================================
18:08:54.0441 4744        Scan finished
18:08:54.0441 4744        ============================================================
18:08:54.0457 4052        Detected object count: 0
18:08:54.0457 4052        Actual detected object count: 0

cosinus 15.02.2012 19:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

magalii 15.02.2012 21:43
Hallo, hier mein Logfile für Combofix:

Code:
ComboFix 12-02-15.01 - *** 15.02.2012  21:23:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.4062.2659 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-15 bis 2012-02-15  ))))))))))))))))))))))))))))))
.
.
2012-02-15 20:30 . 2012-02-15 20:32        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-02-15 20:30 . 2012-02-15 20:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-15 16:08 . 2012-02-15 16:08        --------        d-----w-        C:\_OTL
2012-02-14 21:48 . 2012-02-14 21:48        --------        d-----w-        c:\program files (x86)\ESET
2012-02-14 18:39 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{679B6F73-751E-49A7-9891-46C8B15CB67B}\mpengine.dll
2012-02-13 19:27 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-13 19:21 . 2012-02-13 19:21        --------        d-----w-        c:\windows\system32\EventProviders
2012-02-12 21:59 . 2012-02-12 21:59        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-02-12 21:59 . 2012-02-12 21:59        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-12 21:58 . 2012-02-13 19:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-01-03 11:21        279656        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-19 21:35 . 2011-05-24 13:20        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 17:08 . 2011-12-17 17:08        1207568        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-08 17:19 . 2011-10-25 20:37        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1yvyjyf3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-15  21:37:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-15 20:37
.
Vor Suchlauf: 9 Verzeichnis(se), 147.590.393.856 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 147.389.128.704 Bytes frei
.
- - End Of File - - 2A21F038097A9415152ED05FF0240055

cosinus 15.02.2012 21:56
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

magalii 15.02.2012 22:31
Hallo nochmal, hab jetzt mit dem Tool gescannt, hier die Ergebnisse:

Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 22:01:44
-----------------------------
22:01:44.789    OS Version: Windows x64 6.0.6001 Service Pack 1
22:01:44.789    Number of processors: 2 586 0x170A
22:01:44.789    ComputerName: HAUS-PC  UserName:
22:01:47.207    Initialize success
22:02:52.173    AVAST engine defs: 12021501
22:03:12.219    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:03:12.219    Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 3
22:03:12.281    Disk 0 MBR read successfully
22:03:12.281    Disk 0 MBR scan
22:03:12.313    Disk 0 unknown MBR code
22:03:12.328    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      292933 MB offset 2048
22:03:12.359    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        12308 MB offset 599928832
22:03:12.375    Service scanning
22:03:13.873    Modules scanning
22:03:13.873    Disk 0 trace - called modules:
22:03:13.935    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:03:13.935    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f88530]
22:03:13.935    3 CLASSPNP.SYS[fffffa6000a43b3a] -> nt!IofCallDriver -> [0xfffffa8004f836b0]
22:03:14.450    5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004be59b0]
22:03:14.450    7 acpi.sys[fffffa60008f8ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be1940]
22:03:15.370    AVAST engine scan C:\Windows
22:03:22.858    AVAST engine scan C:\Windows\system32
22:08:38.939    AVAST engine scan C:\Windows\system32\drivers
22:09:00.514    AVAST engine scan C:\Users\***
22:23:18.922    AVAST engine scan C:\ProgramData
22:27:30.630    Scan finished successfully
22:29:13.122    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
22:29:13.122    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 15.02.2012 22:47
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

magalii 15.02.2012 23:58
Hallo, ich habe die Schritte wie besagt ausgeführt.
Hier der Log:

Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 23:07:34
-----------------------------
23:07:35.040    OS Version: Windows x64 6.0.6001 Service Pack 1
23:07:35.040    Number of processors: 2 586 0x170A
23:07:35.040    ComputerName: HAUS-PC  UserName:
23:07:44.650    Initialize success
23:07:55.086    AVAST engine defs: 12021501
23:07:59.688    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:07:59.688    Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 3
23:07:59.704    Disk 0 MBR read successfully
23:07:59.704    Disk 0 MBR scan
23:07:59.735    Disk 0 Windows VISTA default MBR code
23:07:59.766    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      292933 MB offset 2048
23:07:59.797    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        12308 MB offset 599928832
23:07:59.797    Service scanning
23:08:03.916    Modules scanning
23:08:03.916    Disk 0 trace - called modules:
23:08:03.947    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:08:03.963    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa1790]
23:08:03.963    3 CLASSPNP.SYS[fffffa6000a47b3a] -> nt!IofCallDriver -> [0xfffffa8004f9c9a0]
23:08:04.477    5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004bb85b0]
23:08:04.477    7 acpi.sys[fffffa60008f3ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be7060]
23:08:07.816    AVAST engine scan C:\Windows
23:08:18.876    AVAST engine scan C:\Windows\system32
23:14:21.140    AVAST engine scan C:\Windows\system32\drivers
23:14:56.334    AVAST engine scan C:\Users\***
23:28:24.991    AVAST engine scan C:\ProgramData
23:32:51.923    Scan finished successfully
23:36:07.890    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
23:36:07.890    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR2.txt"

cosinus 16.02.2012 13:12
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:15 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20