Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert - 50€ zahlen (https://www.trojaner-board.de/109995-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlen.html)

BlackCat 16.02.2012 22:52
Das geöffnete Log nach dem Neustart:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ffdwnd\ not found.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anja
->Temp folder emptied: 5274 bytes
->Temporary Internet Files folder emptied: 6531465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49624779 bytes
->Opera cache emptied: 8451002 bytes
->Flash cache emptied: 1520 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: user
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15858710 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 77.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02162012_224552

Files\Folders moved on Reboot...
C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNATIVAG\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMF5U69X\list-item-plus[1].png moved successfully.
C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAXFQ1\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAXFQ1\background_banner_green_50_v45[1].jpg moved successfully.
C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFEHTRUC\background_button_green_full[1].png moved successfully.

Registry entries deleted on Reboot...

cosinus 16.02.2012 23:06
Hm, eine Datei wurde nicht gelöscht. Navigier bitte mal zum Pfad

C:\Users\Anja\AppData\Local\Mozilla\Firefox\

Und lösch da die firefox.exe

Das ist nicht der Browser Firefox! Diese firefox.exe im o.g. Pfad ist en Schädling der sich als firefox.exe tarnt! Also diese firefox.exe im o.g. Pfad auch NICHT ausführen (doppelklicken)!!

BlackCat 16.02.2012 23:12
Ja, das war mir bewusst. Ich habe die Datei von Anfang an unter Verdacht gehabt. Endlich darf ich Hand anlegen! :3 Gesagt getan, ist gelöscht.
Ist die Geschichte damit erledigt oder gibt es noch mehr zu tun?

cosinus 17.02.2012 10:23
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

BlackCat 17.02.2012 10:49
TDSS-Killer Log
Code:
10:40:56.0514 4728        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:40:56.0620 4728        ============================================================
10:40:56.0620 4728        Current date / time: 2012/02/17 10:40:56.0620
10:40:56.0620 4728        SystemInfo:
10:40:56.0620 4728       
10:40:56.0620 4728        OS Version: 6.1.7601 ServicePack: 1.0
10:40:56.0620 4728        Product type: Workstation
10:40:56.0620 4728        ComputerName: MEDION-PC
10:40:56.0620 4728        UserName: Anja
10:40:56.0620 4728        Windows directory: C:\Windows
10:40:56.0620 4728        System windows directory: C:\Windows
10:40:56.0620 4728        Running under WOW64
10:40:56.0620 4728        Processor architecture: Intel x64
10:40:56.0620 4728        Number of processors: 4
10:40:56.0620 4728        Page size: 0x1000
10:40:56.0620 4728        Boot type: Normal boot
10:40:56.0620 4728        ============================================================
10:40:56.0957 4728        Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:40:56.0971 4728        \Device\Harddisk0\DR0:
10:40:56.0971 4728        MBR used
10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
10:40:57.0102 4728        Initialize success
10:40:57.0102 4728        ============================================================
10:42:19.0061 4980        ============================================================
10:42:19.0061 4980        Scan started
10:42:19.0061 4980        Mode: Manual; SigCheck; TDLFS;
10:42:19.0061 4980        ============================================================
10:42:19.0466 4980        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:42:19.0529 4980        1394ohci - ok
10:42:19.0544 4980        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:42:19.0560 4980        ACPI - ok
10:42:19.0576 4980        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:42:19.0607 4980        AcpiPmi - ok
10:42:19.0654 4980        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:42:19.0669 4980        adp94xx - ok
10:42:19.0685 4980        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:42:19.0700 4980        adpahci - ok
10:42:19.0716 4980        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:42:19.0732 4980        adpu320 - ok
10:42:19.0763 4980        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:42:19.0825 4980        AFD - ok
10:42:19.0856 4980        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:42:19.0872 4980        agp440 - ok
10:42:19.0903 4980        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:42:19.0919 4980        aliide - ok
10:42:19.0950 4980        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:42:19.0966 4980        amdide - ok
10:42:19.0981 4980        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:42:20.0012 4980        AmdK8 - ok
10:42:20.0184 4980        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
10:42:20.0402 4980        amdkmdag - ok
10:42:20.0434 4980        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
10:42:20.0434 4980        amdkmdap - ok
10:42:20.0480 4980        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:42:20.0512 4980        AmdPPM - ok
10:42:20.0543 4980        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:42:20.0558 4980        amdsata - ok
10:42:20.0621 4980        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:42:20.0636 4980        amdsbs - ok
10:42:20.0668 4980        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:42:20.0683 4980        amdxata - ok
10:42:20.0699 4980        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:42:20.0761 4980        AppID - ok
10:42:20.0792 4980        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:42:20.0808 4980        arc - ok
10:42:20.0824 4980        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:42:20.0824 4980        arcsas - ok
10:42:20.0870 4980        asmthub3        (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
10:42:20.0886 4980        asmthub3 - ok
10:42:20.0902 4980        asmtxhci        (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
10:42:20.0917 4980        asmtxhci - ok
10:42:20.0964 4980        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
10:42:20.0980 4980        aswFsBlk - ok
10:42:21.0042 4980        aswMonFlt      (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
10:42:21.0058 4980        aswMonFlt - ok
10:42:21.0073 4980        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
10:42:21.0073 4980        aswRdr - ok
10:42:21.0104 4980        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
10:42:21.0120 4980        aswSnx - ok
10:42:21.0151 4980        aswSP          (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
10:42:21.0167 4980        aswSP - ok
10:42:21.0182 4980        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
10:42:21.0198 4980        aswTdi - ok
10:42:21.0198 4980        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:21.0245 4980        AsyncMac - ok
10:42:21.0307 4980        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:42:21.0307 4980        atapi - ok
10:42:21.0354 4980        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:42:21.0370 4980        AtiHDAudioService - ok
10:42:21.0432 4980        AVerPola        (44327da6a9c742cf4fa2b79fdb1bd1d3) C:\Windows\system32\DRIVERS\AVerPola.sys
10:42:21.0494 4980        AVerPola - ok
10:42:21.0526 4980        AVPolCIR        (95f6d5e1bd731eca6e020c2ac5bfe7fb) C:\Windows\system32\DRIVERS\AVPolCIR.sys
10:42:21.0557 4980        AVPolCIR - ok
10:42:21.0604 4980        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:42:21.0666 4980        b06bdrv - ok
10:42:21.0682 4980        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:42:21.0713 4980        b57nd60a - ok
10:42:21.0744 4980        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:42:21.0791 4980        Beep - ok
10:42:21.0838 4980        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:21.0853 4980        blbdrive - ok
10:42:21.0884 4980        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:42:21.0900 4980        bowser - ok
10:42:21.0916 4980        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:42:21.0962 4980        BrFiltLo - ok
10:42:21.0978 4980        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:42:21.0994 4980        BrFiltUp - ok
10:42:22.0025 4980        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:42:22.0056 4980        Brserid - ok
10:42:22.0072 4980        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:22.0103 4980        BrSerWdm - ok
10:42:22.0134 4980        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:22.0165 4980        BrUsbMdm - ok
10:42:22.0165 4980        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:22.0196 4980        BrUsbSer - ok
10:42:22.0212 4980        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:42:22.0243 4980        BTHMODEM - ok
10:42:22.0259 4980        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:42:22.0321 4980        cdfs - ok
10:42:22.0337 4980        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:42:22.0352 4980        cdrom - ok
10:42:22.0368 4980        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:42:22.0384 4980        circlass - ok
10:42:22.0430 4980        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:42:22.0477 4980        CLFS - ok
10:42:22.0508 4980        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:42:22.0540 4980        CmBatt - ok
10:42:22.0540 4980        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:42:22.0555 4980        cmdide - ok
10:42:22.0586 4980        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:42:22.0633 4980        CNG - ok
10:42:22.0649 4980        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:42:22.0664 4980        Compbatt - ok
10:42:22.0696 4980        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:22.0742 4980        CompositeBus - ok
10:42:22.0774 4980        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:42:22.0774 4980        crcdisk - ok
10:42:22.0805 4980        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:42:22.0867 4980        DfsC - ok
10:42:22.0883 4980        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:42:22.0914 4980        discache - ok
10:42:22.0945 4980        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:42:22.0961 4980        Disk - ok
10:42:22.0992 4980        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:42:23.0023 4980        drmkaud - ok
10:42:23.0070 4980        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:42:23.0101 4980        DXGKrnl - ok
10:42:23.0148 4980        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:42:23.0257 4980        ebdrv - ok
10:42:23.0273 4980        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:42:23.0288 4980        elxstor - ok
10:42:23.0304 4980        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:42:23.0351 4980        ErrDev - ok
10:42:23.0366 4980        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:42:23.0413 4980        exfat - ok
10:42:23.0444 4980        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:42:23.0491 4980        fastfat - ok
10:42:23.0507 4980        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:42:23.0522 4980        fdc - ok
10:42:23.0554 4980        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:42:23.0554 4980        FileInfo - ok
10:42:23.0569 4980        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:42:23.0600 4980        Filetrace - ok
10:42:23.0632 4980        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:42:23.0663 4980        flpydisk - ok
10:42:23.0678 4980        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:42:23.0710 4980        FltMgr - ok
10:42:23.0725 4980        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:42:23.0741 4980        FsDepends - ok
10:42:23.0756 4980        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:42:23.0772 4980        Fs_Rec - ok
10:42:23.0788 4980        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:42:23.0803 4980        fvevol - ok
10:42:23.0850 4980        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:42:23.0866 4980        gagp30kx - ok
10:42:23.0912 4980        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:42:23.0928 4980        hcw85cir - ok
10:42:23.0975 4980        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:42:24.0006 4980        HdAudAddService - ok
10:42:24.0037 4980        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:24.0053 4980        HDAudBus - ok
10:42:24.0068 4980        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:42:24.0100 4980        HidBatt - ok
10:42:24.0131 4980        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:42:24.0162 4980        HidBth - ok
10:42:24.0193 4980        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:42:24.0224 4980        HidIr - ok
10:42:24.0240 4980        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:42:24.0256 4980        HidUsb - ok
10:42:24.0287 4980        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:42:24.0302 4980        HpSAMD - ok
10:42:24.0318 4980        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:42:24.0365 4980        HTTP - ok
10:42:24.0396 4980        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:42:24.0396 4980        hwpolicy - ok
10:42:24.0427 4980        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:42:24.0443 4980        i8042prt - ok
10:42:24.0474 4980        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
10:42:24.0474 4980        iaStor - ok
10:42:24.0552 4980        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:42:24.0568 4980        iaStorV - ok
10:42:24.0599 4980        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:42:24.0614 4980        iirsp - ok
10:42:24.0708 4980        IntcAzAudAddService (3e49dac8eefa6016aa2a6331bec866ae) C:\Windows\system32\drivers\RTKVHD64.sys
10:42:24.0802 4980        IntcAzAudAddService - ok
10:42:24.0833 4980        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:42:24.0833 4980        intelide - ok
10:42:24.0848 4980        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:42:24.0880 4980        intelppm - ok
10:42:24.0895 4980        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:24.0926 4980        IpFilterDriver - ok
10:42:24.0958 4980        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:42:25.0004 4980        IPMIDRV - ok
10:42:25.0020 4980        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:42:25.0082 4980        IPNAT - ok
10:42:25.0098 4980        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:42:25.0114 4980        IRENUM - ok
10:42:25.0129 4980        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:42:25.0145 4980        isapnp - ok
10:42:25.0160 4980        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:42:25.0160 4980        iScsiPrt - ok
10:42:25.0192 4980        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:25.0192 4980        kbdclass - ok
10:42:25.0207 4980        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:25.0223 4980        kbdhid - ok
10:42:25.0254 4980        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:42:25.0254 4980        KSecDD - ok
10:42:25.0270 4980        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:42:25.0285 4980        KSecPkg - ok
10:42:25.0301 4980        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:42:25.0332 4980        ksthunk - ok
10:42:25.0348 4980        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:42:25.0379 4980        lltdio - ok
10:42:25.0426 4980        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:42:25.0441 4980        LSI_FC - ok
10:42:25.0441 4980        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:42:25.0457 4980        LSI_SAS - ok
10:42:25.0457 4980        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:42:25.0472 4980        LSI_SAS2 - ok
10:42:25.0488 4980        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:42:25.0488 4980        LSI_SCSI - ok
10:42:25.0519 4980        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:42:25.0550 4980        luafv - ok
10:42:25.0597 4980        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:42:25.0597 4980        MBAMProtector - ok
10:42:25.0628 4980        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:42:25.0644 4980        megasas - ok
10:42:25.0691 4980        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:42:25.0706 4980        MegaSR - ok
10:42:25.0738 4980        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:42:25.0738 4980        MEIx64 - ok
10:42:25.0769 4980        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:42:25.0816 4980        Modem - ok
10:42:25.0831 4980        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:42:25.0847 4980        monitor - ok
10:42:25.0878 4980        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:42:25.0878 4980        mouclass - ok
10:42:25.0894 4980        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:42:25.0909 4980        mouhid - ok
10:42:25.0925 4980        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:42:25.0940 4980        mountmgr - ok
10:42:25.0956 4980        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:42:25.0956 4980        mpio - ok
10:42:25.0972 4980        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:42:26.0018 4980        mpsdrv - ok
10:42:26.0034 4980        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:42:26.0065 4980        MRxDAV - ok
10:42:26.0081 4980        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:26.0096 4980        mrxsmb - ok
10:42:26.0128 4980        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:26.0143 4980        mrxsmb10 - ok
10:42:26.0159 4980        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:26.0174 4980        mrxsmb20 - ok
10:42:26.0190 4980        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:42:26.0206 4980        msahci - ok
10:42:26.0221 4980        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:42:26.0221 4980        msdsm - ok
10:42:26.0237 4980        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:42:26.0284 4980        Msfs - ok
10:42:26.0315 4980        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:42:26.0377 4980        mshidkmdf - ok
10:42:26.0408 4980        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:42:26.0408 4980        msisadrv - ok
10:42:26.0440 4980        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:42:26.0486 4980        MSKSSRV - ok
10:42:26.0486 4980        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:26.0533 4980        MSPCLOCK - ok
10:42:26.0533 4980        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:42:26.0580 4980        MSPQM - ok
10:42:26.0642 4980        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:42:26.0658 4980        MsRPC - ok
10:42:26.0689 4980        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:26.0689 4980        mssmbios - ok
10:42:26.0689 4980        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:42:26.0720 4980        MSTEE - ok
10:42:26.0736 4980        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:42:26.0752 4980        MTConfig - ok
10:42:26.0767 4980        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:42:26.0767 4980        Mup - ok
10:42:26.0798 4980        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:42:26.0814 4980        NativeWifiP - ok
10:42:26.0845 4980        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:42:26.0876 4980        NDIS - ok
10:42:26.0892 4980        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:26.0923 4980        NdisCap - ok
10:42:26.0939 4980        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:26.0970 4980        NdisTapi - ok
10:42:26.0986 4980        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:27.0017 4980        Ndisuio - ok
10:42:27.0032 4980        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:27.0064 4980        NdisWan - ok
10:42:27.0064 4980        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:42:27.0095 4980        NDProxy - ok
10:42:27.0110 4980        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:42:27.0142 4980        NetBIOS - ok
10:42:27.0157 4980        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:42:27.0188 4980        NetBT - ok
10:42:27.0220 4980        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:42:27.0235 4980        nfrd960 - ok
10:42:27.0251 4980        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:42:27.0282 4980        Npfs - ok
10:42:27.0298 4980        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:42:27.0329 4980        nsiproxy - ok
10:42:27.0376 4980        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:42:27.0407 4980        Ntfs - ok
10:42:27.0422 4980        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:42:27.0454 4980        Null - ok
10:42:27.0641 4980        nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:42:27.0890 4980        nvlddmkm - ok
10:42:27.0922 4980        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:42:27.0937 4980        nvraid - ok
10:42:27.0968 4980        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:42:27.0984 4980        nvstor - ok
10:42:28.0031 4980        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:42:28.0046 4980        nv_agp - ok
10:42:28.0078 4980        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:42:28.0109 4980        ohci1394 - ok
10:42:28.0140 4980        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:42:28.0171 4980        Parport - ok
10:42:28.0202 4980        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:42:28.0218 4980        partmgr - ok
10:42:28.0234 4980        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:42:28.0249 4980        pci - ok
10:42:28.0265 4980        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:42:28.0265 4980        pciide - ok
10:42:28.0296 4980        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:42:28.0296 4980        pcmcia - ok
10:42:28.0327 4980        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:42:28.0327 4980        pcw - ok
10:42:28.0358 4980        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:42:28.0405 4980        PEAUTH - ok
10:42:28.0421 4980        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:42:28.0468 4980        PptpMiniport - ok
10:42:28.0483 4980        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:42:28.0499 4980        Processor - ok
10:42:28.0514 4980        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:42:28.0561 4980        Psched - ok
10:42:28.0608 4980        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:42:28.0639 4980        ql2300 - ok
10:42:28.0670 4980        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:42:28.0686 4980        ql40xx - ok
10:42:28.0702 4980        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:42:28.0748 4980        QWAVEdrv - ok
10:42:28.0764 4980        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:42:28.0826 4980        RasAcd - ok
10:42:28.0842 4980        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:28.0889 4980        RasAgileVpn - ok
10:42:28.0904 4980        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:28.0920 4980        Rasl2tp - ok
10:42:28.0936 4980        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:28.0967 4980        RasPppoe - ok
10:42:28.0982 4980        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:42:29.0014 4980        RasSstp - ok
10:42:29.0045 4980        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:42:29.0076 4980        rdbss - ok
10:42:29.0092 4980        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:42:29.0123 4980        rdpbus - ok
10:42:29.0123 4980        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:29.0154 4980        RDPCDD - ok
10:42:29.0185 4980        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:42:29.0310 4980        RDPENCDD - ok
10:42:29.0310 4980        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:42:29.0341 4980        RDPREFMP - ok
10:42:29.0357 4980        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:42:29.0388 4980        RDPWD - ok
10:42:29.0450 4980        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:42:29.0466 4980        rdyboost - ok
10:42:29.0497 4980        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:42:29.0544 4980        rspndr - ok
10:42:29.0606 4980        RTL8167        (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:42:29.0622 4980        RTL8167 - ok
10:42:29.0669 4980        RTL8192su      (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
10:42:29.0684 4980        RTL8192su - ok
10:42:29.0731 4980        SaiH0109        (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH0109.sys
10:42:29.0747 4980        SaiH0109 - ok
10:42:29.0762 4980        SaiU0109        (547b16d072a3afce5807be20c3f4734b) C:\Windows\system32\DRIVERS\SaiU0109.sys
10:42:29.0794 4980        SaiU0109 - ok
10:42:29.0825 4980        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:42:29.0840 4980        sbp2port - ok
10:42:29.0856 4980        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:42:29.0918 4980        scfilter - ok
10:42:29.0934 4980        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:42:29.0950 4980        secdrv - ok
10:42:29.0981 4980        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:42:30.0012 4980        Serenum - ok
10:42:30.0028 4980        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:42:30.0043 4980        Serial - ok
10:42:30.0074 4980        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:42:30.0090 4980        sermouse - ok
10:42:30.0121 4980        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:42:30.0137 4980        sffdisk - ok
10:42:30.0152 4980        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:42:30.0152 4980        sffp_mmc - ok
10:42:30.0168 4980        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:42:30.0184 4980        sffp_sd - ok
10:42:30.0199 4980        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:42:30.0215 4980        sfloppy - ok
10:42:30.0262 4980        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:42:30.0293 4980        Sftfs - ok
10:42:30.0340 4980        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:42:30.0355 4980        Sftplay - ok
10:42:30.0371 4980        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:42:30.0386 4980        Sftredir - ok
10:42:30.0402 4980        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:42:30.0418 4980        Sftvol - ok
10:42:30.0464 4980        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:42:30.0464 4980        SiSRaid2 - ok
10:42:30.0496 4980        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:42:30.0511 4980        SiSRaid4 - ok
10:42:30.0527 4980        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:42:30.0558 4980        Smb - ok
10:42:30.0589 4980        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:42:30.0589 4980        spldr - ok
10:42:30.0636 4980        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:42:30.0683 4980        srv - ok
10:42:30.0714 4980        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:42:30.0730 4980        srv2 - ok
10:42:30.0761 4980        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:42:30.0776 4980        srvnet - ok
10:42:30.0808 4980        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:42:30.0823 4980        stexstor - ok
10:42:30.0854 4980        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:42:30.0870 4980        swenum - ok
10:42:30.0948 4980        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:42:31.0026 4980        Tcpip - ok
10:42:31.0057 4980        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:42:31.0088 4980        TCPIP6 - ok
10:42:31.0104 4980        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:42:31.0151 4980        tcpipreg - ok
10:42:31.0166 4980        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:42:31.0198 4980        TDPIPE - ok
10:42:31.0198 4980        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:42:31.0229 4980        TDTCP - ok
10:42:31.0244 4980        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:42:31.0276 4980        tdx - ok
10:42:31.0322 4980        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:42:31.0338 4980        TermDD - ok
10:42:31.0369 4980        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:31.0400 4980        tssecsrv - ok
10:42:31.0400 4980        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:42:31.0416 4980        TsUsbFlt - ok
10:42:31.0432 4980        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:42:31.0447 4980        TsUsbGD - ok
10:42:31.0463 4980        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:42:31.0510 4980        tunnel - ok
10:42:31.0525 4980        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:42:31.0525 4980        uagp35 - ok
10:42:31.0556 4980        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:42:31.0588 4980        udfs - ok
10:42:31.0619 4980        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:42:31.0619 4980        uliagpkx - ok
10:42:31.0650 4980        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:42:31.0666 4980        umbus - ok
10:42:31.0712 4980        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:42:31.0728 4980        UmPass - ok
10:42:31.0759 4980        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:42:31.0775 4980        usbaudio - ok
10:42:31.0790 4980        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:31.0822 4980        usbccgp - ok
10:42:31.0837 4980        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:42:31.0868 4980        usbcir - ok
10:42:31.0884 4980        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:42:31.0900 4980        usbehci - ok
10:42:31.0915 4980        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:42:31.0946 4980        usbhub - ok
10:42:31.0962 4980        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:42:31.0993 4980        usbohci - ok
10:42:32.0009 4980        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:42:32.0024 4980        usbprint - ok
10:42:32.0056 4980        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:42:32.0071 4980        usbscan - ok
10:42:32.0087 4980        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:32.0102 4980        USBSTOR - ok
10:42:32.0118 4980        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:42:32.0134 4980        usbuhci - ok
10:42:32.0149 4980        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:42:32.0165 4980        vdrvroot - ok
10:42:32.0180 4980        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:32.0196 4980        vga - ok
10:42:32.0212 4980        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:42:32.0243 4980        VgaSave - ok
10:42:32.0274 4980        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:42:32.0290 4980        vhdmp - ok
10:42:32.0305 4980        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:42:32.0321 4980        viaide - ok
10:42:32.0336 4980        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:42:32.0352 4980        volmgr - ok
10:42:32.0368 4980        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:42:32.0383 4980        volmgrx - ok
10:42:32.0399 4980        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:42:32.0414 4980        volsnap - ok
10:42:32.0446 4980        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:42:32.0446 4980        vsmraid - ok
10:42:32.0477 4980        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:42:32.0492 4980        vwifibus - ok
10:42:32.0539 4980        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:42:32.0555 4980        vwififlt - ok
10:42:32.0586 4980        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:42:32.0602 4980        WacomPen - ok
10:42:32.0633 4980        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:32.0680 4980        WANARP - ok
10:42:32.0680 4980        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:32.0695 4980        Wanarpv6 - ok
10:42:32.0711 4980        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:42:32.0726 4980        Wd - ok
10:42:32.0742 4980        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:42:32.0758 4980        Wdf01000 - ok
10:42:32.0773 4980        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:32.0804 4980        WfpLwf - ok
10:42:32.0820 4980        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:42:32.0820 4980        WIMMount - ok
10:42:32.0851 4980        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:42:32.0867 4980        WmiAcpi - ok
10:42:32.0898 4980        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:42:32.0929 4980        ws2ifsl - ok
10:42:33.0023 4980        wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
10:42:33.0038 4980        wsvd - ok
10:42:33.0070 4980        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:42:33.0116 4980        WudfPf - ok
10:42:33.0132 4980        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:33.0163 4980        WUDFRd - ok
10:42:33.0210 4980        MBR (0x1B8)    (5d949eea3beec2df38a2d7900ad89a60) \Device\Harddisk0\DR0
10:42:34.0910 4980        \Device\Harddisk0\DR0 - ok
10:42:34.0926 4980        Boot (0x1200)  (ed705ab412008ffb3d967c026fa11fd4) \Device\Harddisk0\DR0\Partition0
10:42:34.0926 4980        \Device\Harddisk0\DR0\Partition0 - ok
10:42:34.0942 4980        Boot (0x1200)  (3f8243c55a3dda5a2458cc2ba80e2f88) \Device\Harddisk0\DR0\Partition1
10:42:34.0942 4980        \Device\Harddisk0\DR0\Partition1 - ok
10:42:34.0988 4980        Boot (0x1200)  (6e7648a582adbaffa149e369159a07d4) \Device\Harddisk0\DR0\Partition2
10:42:34.0988 4980        \Device\Harddisk0\DR0\Partition2 - ok
10:42:34.0988 4980        ============================================================
10:42:34.0988 4980        Scan finished
10:42:34.0988 4980        ============================================================
10:42:35.0004 1328        Detected object count: 0
10:42:35.0004 1328        Actual detected object count: 0

cosinus 17.02.2012 11:41
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

BlackCat 17.02.2012 12:37
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
Meldung kam - Windows daraufhin neu gestartet - alles wieder ok.

combofix Log
Code:
ComboFix 12-02-16.02 - Anja 17.02.2012  12:09:44.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4078.2770 [GMT 1:00]
ausgeführt von:: c:\users\Anja\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pthreadVC.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-17 bis 2012-02-17  ))))))))))))))))))))))))))))))
.
.
2012-02-16 21:45 . 2012-02-16 21:45        --------        d-----w-        C:\_OTL
2012-02-15 20:07 . 2012-02-15 20:07        --------        d-----w-        c:\program files (x86)\ESET
2012-02-15 16:31 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 16:31 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-02-15 16:31 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 16:31 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2012-02-15 16:31 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 16:31 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-02-15 16:31 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 16:31 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2012-02-14 16:57 . 2012-02-16 21:45        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-02-14 16:57 . 2012-02-15 16:25        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\users\Anja\AppData\Roaming\Malwarebytes
2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-14 16:43 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-09 13:52 . 2012-02-09 13:52        --------        d-----w-        c:\program files (x86)\FreeTime
2012-02-04 22:36 . 2012-02-04 22:36        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2012-02-04 22:34 . 2012-02-04 22:36        --------        d-----w-        c:\program files\Common Files\Adobe
2012-02-04 21:53 . 2012-02-04 21:53        --------        d-----w-        c:\users\Anja\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-04 21:53 . 2012-02-04 21:53        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2012-02-01 19:31 . 2012-02-01 19:31        --------        d-----w-        c:\users\Anja\AppData\Roaming\mkvtoolnix
2012-02-01 18:26 . 2012-02-01 18:27        --------        d-----w-        c:\program files (x86)\MKVToolNix
2012-02-01 18:25 . 2012-02-01 18:25        --------        d-----w-        c:\program files (x86)\AviSynth 2.5
2012-02-01 17:55 . 2012-02-01 17:55        --------        d-----w-        c:\programdata\DivX
2012-01-31 16:39 . 2012-01-31 16:39        --------        d-----w-        c:\users\Anja\AppData\Roaming\Publish Providers
2012-01-31 16:30 . 2012-01-31 16:30        --------        d-----w-        c:\programdata\Sony
2012-01-31 16:30 . 2012-01-31 16:30        --------        d-----w-        c:\program files (x86)\Sony
2012-01-31 16:26 . 2012-01-31 16:26        715038        ----a-w-        c:\windows\unins000.exe
2012-01-31 16:26 . 2011-12-07 18:37        148992        ----a-w-        c:\windows\system32\lagarith.dll
2012-01-31 16:26 . 2011-12-07 18:32        216064        ----a-w-        c:\windows\SysWow64\lagarith.dll
2012-01-31 16:11 . 2012-01-31 16:35        --------        d-----w-        c:\users\Anja\AppData\Local\Sony
2012-01-31 16:11 . 2012-01-31 16:11        --------        d-----w-        c:\windows\SysWow64\spool
2012-01-31 16:10 . 2012-01-31 16:49        --------        d-----w-        c:\users\Anja\AppData\Roaming\Sony
2012-01-31 11:13 . 2012-02-01 14:36        --------        d-----w-        c:\users\Anja\AppData\Roaming\avidemux
2012-01-31 11:12 . 2012-01-31 11:12        --------        d-----w-        c:\program files\Avidemux 2.5
2012-01-22 16:36 . 2012-01-22 16:36        --------        d-----w-        c:\users\Anja\AppData\Local\Opera
2012-01-22 16:36 . 2012-01-25 17:06        --------        d-----w-        c:\program files (x86)\Opera
2012-01-20 11:28 . 2012-01-20 11:28        --------        d-----w-        c:\users\Anja\AppData\Roaming\FireShot
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-07-21 10:49        41184        ----a-w-        c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-21 10:49        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-07-21 10:50        256960        ----a-w-        c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-07-21 10:50        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-21 10:50        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-21 10:50        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-21 10:50        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-21 10:50        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-07-21 10:50        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-11-21 16:08 . 2011-07-29 06:32        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-19 14:58 . 2012-01-11 19:59        77312        ----a-w-        c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 19:59        67072        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SaiH0109;SaiH0109;c:\windows\system32\DRIVERS\SaiH0109.sys [x]
R3 SaiU0109;SaiU0109;c:\windows\system32\DRIVERS\SaiU0109.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 10:08]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 10:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\7zyldyxz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-17  12:21:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-17 11:21
.
Vor Suchlauf: 12 Verzeichnis(se), 1.293.204.783.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 1.292.925.722.624 Bytes frei
.
- - End Of File - - E932CC307CA73F1818AD77EA1602800B

cosinus 17.02.2012 14:12
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

BlackCat 17.02.2012 14:33
aswMBR.txt
Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 14:20:31
-----------------------------
14:20:31.669    OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:31.669    Number of processors: 4 586 0x2A07
14:20:31.669    ComputerName: MEDION-PC  UserName: Anja
14:20:33.838    Initialize success
14:20:34.025    AVAST engine defs: 12021700
14:21:46.482    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:21:46.482    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
14:21:46.513    Disk 0 MBR read successfully
14:21:46.513    Disk 0 MBR scan
14:21:46.513    Disk 0 unknown MBR code
14:21:46.513    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:21:46.528    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      1388713 MB offset 206848
14:21:46.575    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 2844291072
14:21:46.591    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 2928177152
14:21:46.591    Service scanning
14:21:47.948    Modules scanning
14:21:47.948    Disk 0 trace - called modules:
14:21:47.948    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:21:48.463    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f1060]
14:21:48.463    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004715050]
14:21:49.726    AVAST engine scan C:\Windows
14:21:53.096    AVAST engine scan C:\Windows\system32
14:23:25.916    AVAST engine scan C:\Windows\system32\drivers
14:23:33.950    AVAST engine scan C:\Users\Anja
14:28:28.136    AVAST engine scan C:\ProgramData
14:29:12.315    Scan finished successfully
14:29:27.291    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"
14:29:27.291    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR.txt"
Eine Abfrage zur Virendefinition kam bei mir nicht.

cosinus 17.02.2012 14:39
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

BlackCat 17.02.2012 15:08
- MBR-Fix erledigt
- Windows neugestartet
- aswMBR gestartet und gescannt (wieder keine Abfrage zur Virendefinition, Avast war bei diesem Scan deaktiviert)

Hinweis: Ich habe vor beiden Scans die Einstellungen in aswMBR nicht verändert, "AV scan: QuickScan" war eingestellt.

Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 14:50:49
-----------------------------
14:50:49.659    OS Version: Windows x64 6.1.7601 Service Pack 1
14:50:49.659    Number of processors: 4 586 0x2A07
14:50:49.659    ComputerName: MEDION-PC  UserName: Anja
14:50:51.437    Initialize success
14:50:51.531    AVAST engine defs: 12021700
14:51:02.404    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:51:02.404    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
14:51:02.420    Disk 0 MBR read successfully
14:51:02.420    Disk 0 MBR scan
14:51:03.137    Disk 0 Windows 7 default MBR code
14:51:03.168    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:51:03.324    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      1388713 MB offset 206848
14:51:03.371    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 2844291072
14:51:03.371    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 2928177152
14:51:03.387    Service scanning
14:51:05.399    Modules scanning
14:51:05.399    Disk 0 trace - called modules:
14:51:05.430    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:51:05.961    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2060]
14:51:05.961    3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ab8050]
14:51:08.004    AVAST engine scan C:\Windows
14:51:15.805    AVAST engine scan C:\Windows\system32
14:53:07.891    AVAST engine scan C:\Windows\system32\drivers
14:53:17.204    AVAST engine scan C:\Users\Anja
14:57:44.838    AVAST engine scan C:\ProgramData
14:58:44.180    Scan finished successfully
14:59:29.701    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"
14:59:29.701    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR (2).txt"
Nach was suchen wir eigentlich noch, oder ist das ein Routine-Check?

cosinus 17.02.2012 17:45
Ich such nach alles Möglichem. Man kann sich nie darauf verlassen, dass bei einer Infektion immer in fest definierten Ordnern oder Bereichen ist. Wär zu schön wenn das so einfach wäre :D deswegen muss man alles sehr gründlich absuchen.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

BlackCat 17.02.2012 19:32
Gut, Scans sind durch.

Malwarebytes
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anja :: MEDION-PC [Administrator]

Schutz: Deaktiviert

17.02.2012 17:56:45
mbam-log-2012-02-17 (17-56-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342191
Laufzeit: 29 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SuperAntiSpyware
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/17/2012 at 07:28 PM

Application Version : 5.0.1144

Core Rules Database Version : 8258
Trace Rules Database Version: 6070

Scan type      : Complete Scan
Total Scan Time : 00:55:04

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 543
Memory threats detected  : 0
Registry items scanned    : 65393
Registry threats detected : 0
File items scanned        : 231991
File threats detected    : 0

cosinus 17.02.2012 20:00
Keine Funde! :daumenhoc
Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

BlackCat 17.02.2012 20:08
Soweit nicht, das war's. Vielen Dank! :dankeschoen:

Was mache ich nun mit den ganzen Programmen? Was davon kann bzw. sollte ich behalten und was wieder deinstallieren?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:22 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129