Bundespolizei Trojaner

cosinus · 21.12.2011, 20:41

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - [2011.09.27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.web.de "
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
[2011.12.12 14:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.21 19:46:40 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com
[2011.11.04 16:56:23 | 000,000,933 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\11-suche.xml
[2011.11.04 16:56:23 | 000,002,419 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\englische-ergebnisse.xml
[2011.11.04 16:56:22 | 000,010,525 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\gmx-suche.xml
[2011.11.04 16:56:23 | 000,002,457 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\lastminute.xml
[2011.10.07 11:03:27 | 000,005,508 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\webde-suche.xml
[2011.10.18 12:34:01 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKCU..\Run: [AdobeBridge]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8a1ffe10-e412-11df-9884-001a802657dd}\Shell - "" = AutoRun
O33 - MountPoints2\{8a1ffe10-e412-11df-9884-001a802657dd}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{eaa6a66a-e37b-11df-a29e-001a802657dd}\Shell - "" = AutoRun
O33 - MountPoints2\{eaa6a66a-e37b-11df-a29e-001a802657dd}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2011.12.15 18:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\AskToolbar
:Files
C:\Program Files\Ask.com
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kim1980 · 21.12.2011, 22:17

die neue otl-file:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.web.de " removed from browser.startup.homepage
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-21-Nov-2011-20-50-16-GMT folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\spatfka6.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\spatfka6.default\searchplugins\webde-suche.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\components_20 folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a1ffe10-e412-11df-9884-001a802657dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a1ffe10-e412-11df-9884-001a802657dd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a1ffe10-e412-11df-9884-001a802657dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a1ffe10-e412-11df-9884-001a802657dd}\ not found.
File F:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eaa6a66a-e37b-11df-a29e-001a802657dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eaa6a66a-e37b-11df-a29e-001a802657dd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eaa6a66a-e37b-11df-a29e-001a802657dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eaa6a66a-e37b-11df-a29e-001a802657dd}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\USBAutoRun.exe not found.
C:\Users\Kim\AppData\Local\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Users\Kim\AppData\Local\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Users\Kim\AppData\Local\AskToolbar folder moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kim
->Temp folder emptied: 2407828725 bytes
->Temporary Internet Files folder emptied: 56300516 bytes
->Java cache emptied: 3108911 bytes
->FireFox cache emptied: 680317796 bytes
->Flash cache emptied: 191341 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45222413 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.045,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12212011_220327

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 21.12.2011, 22:21

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Kim1980 · 21.12.2011, 22:43

tdsskiller-file:

Code:

ATTFilter

 22:39:25.0588 3460	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:39:26.0136 3460	============================================================
22:39:26.0136 3460	Current date / time: 2011/12/21 22:39:26.0136
22:39:26.0137 3460	SystemInfo:
22:39:26.0137 3460	
22:39:26.0137 3460	OS Version: 6.0.6002 ServicePack: 2.0
22:39:26.0137 3460	Product type: Workstation
22:39:26.0137 3460	ComputerName: KIM-PC
22:39:26.0137 3460	UserName: Kim
22:39:26.0137 3460	Windows directory: C:\Windows
22:39:26.0137 3460	System windows directory: C:\Windows
22:39:26.0137 3460	Processor architecture: Intel x86
22:39:26.0137 3460	Number of processors: 2
22:39:26.0137 3460	Page size: 0x1000
22:39:26.0137 3460	Boot type: Normal boot
22:39:26.0137 3460	============================================================
22:39:30.0302 3460	Initialize success
22:40:11.0921 2184	============================================================
22:40:11.0921 2184	Scan started
22:40:11.0921 2184	Mode: Manual; SigCheck; TDLFS; 
22:40:11.0921 2184	============================================================
22:40:28.0294 2184	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:40:28.0408 2184	ACPI - ok
22:40:28.0861 2184	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
22:40:28.0876 2184	adfs - ok
22:40:29.0327 2184	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:40:29.0412 2184	adp94xx - ok
22:40:29.0836 2184	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:40:29.0858 2184	adpahci - ok
22:40:30.0138 2184	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:40:30.0181 2184	adpu160m - ok
22:40:30.0517 2184	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:40:30.0555 2184	adpu320 - ok
22:40:30.0871 2184	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:40:31.0027 2184	AFD - ok
22:40:31.0376 2184	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:40:31.0415 2184	agp440 - ok
22:40:31.0702 2184	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:40:31.0741 2184	aic78xx - ok
22:40:32.0017 2184	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:40:32.0061 2184	aliide - ok
22:40:32.0318 2184	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:40:32.0358 2184	amdagp - ok
22:40:32.0851 2184	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:40:32.0864 2184	amdide - ok
22:40:33.0073 2184	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:40:33.0782 2184	AmdK7 - ok
22:40:34.0041 2184	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:40:34.0132 2184	AmdK8 - ok
22:40:34.0527 2184	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:40:34.0561 2184	arc - ok
22:40:34.0819 2184	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:40:34.0853 2184	arcsas - ok
22:40:35.0096 2184	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:36.0624 2184	AsyncMac - ok
22:40:36.0975 2184	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:40:36.0985 2184	atapi - ok
22:40:37.0316 2184	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:40:37.0874 2184	avgntflt - ok
22:40:38.0180 2184	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:40:38.0252 2184	avipbb - ok
22:40:38.0502 2184	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:40:38.0542 2184	avkmgr - ok
22:40:38.0945 2184	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:40:39.0060 2184	Beep - ok
22:40:39.0288 2184	blbdrive - ok
22:40:39.0624 2184	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:40:39.0721 2184	bowser - ok
22:40:39.0961 2184	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:40:40.0976 2184	BrFiltLo - ok
22:40:41.0181 2184	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:40:41.0265 2184	BrFiltUp - ok
22:40:41.0521 2184	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:40:41.0641 2184	Brserid - ok
22:40:41.0868 2184	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:40:42.0005 2184	BrSerWdm - ok
22:40:42.0256 2184	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:40:42.0378 2184	BrUsbMdm - ok
22:40:42.0628 2184	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:40:42.0738 2184	BrUsbSer - ok
22:40:43.0258 2184	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:40:43.0348 2184	BTHMODEM - ok
22:40:43.0633 2184	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:43.0740 2184	cdfs - ok
22:40:44.0091 2184	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:44.0163 2184	cdrom - ok
22:40:44.0434 2184	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:40:44.0554 2184	circlass - ok
22:40:44.0838 2184	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:40:44.0878 2184	CLFS - ok
22:40:45.0224 2184	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:45.0265 2184	CmBatt - ok
22:40:45.0577 2184	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:40:45.0608 2184	cmdide - ok
22:40:45.0809 2184	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:45.0844 2184	Compbatt - ok
22:40:46.0088 2184	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:40:46.0130 2184	crcdisk - ok
22:40:46.0496 2184	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:40:46.0564 2184	Crusoe - ok
22:40:46.0851 2184	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:40:46.0948 2184	DfsC - ok
22:40:47.0371 2184	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:40:47.0417 2184	disk - ok
22:40:47.0678 2184	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:40:47.0759 2184	drmkaud - ok
22:40:48.0035 2184	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:48.0085 2184	DXGKrnl - ok
22:40:48.0355 2184	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:40:48.0489 2184	E1G60 - ok
22:40:48.0788 2184	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:40:48.0811 2184	Ecache - ok
22:40:49.0076 2184	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:40:49.0119 2184	elxstor - ok
22:40:49.0392 2184	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:40:49.0486 2184	exfat - ok
22:40:49.0731 2184	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:40:49.0790 2184	fastfat - ok
22:40:50.0063 2184	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:40:50.0150 2184	fdc - ok
22:40:50.0747 2184	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:40:50.0784 2184	FileInfo - ok
22:40:51.0018 2184	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:40:51.0101 2184	Filetrace - ok
22:40:51.0358 2184	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:51.0544 2184	flpydisk - ok
22:40:51.0838 2184	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:40:51.0887 2184	FltMgr - ok
22:40:52.0071 2184	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:52.0143 2184	Fs_Rec - ok
22:40:52.0395 2184	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:40:52.0411 2184	gagp30kx - ok
22:40:52.0669 2184	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:52.0712 2184	GEARAspiWDM - ok
22:40:52.0937 2184	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:40:53.0026 2184	HdAudAddService - ok
22:40:53.0250 2184	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:53.0330 2184	HDAudBus - ok
22:40:53.0637 2184	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:40:53.0701 2184	HidBth - ok
22:40:53.0962 2184	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:40:54.0081 2184	HidIr - ok
22:40:54.0274 2184	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:40:54.0374 2184	HidUsb - ok
22:40:54.0618 2184	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:40:54.0661 2184	HpCISSs - ok
22:40:54.0905 2184	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:40:54.0988 2184	HSFHWAZL - ok
22:40:55.0285 2184	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:40:55.0497 2184	HSF_DPV - ok
22:40:55.0762 2184	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:40:55.0885 2184	HTTP - ok
22:40:56.0384 2184	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:40:56.0432 2184	i2omp - ok
22:40:56.0716 2184	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:56.0769 2184	i8042prt - ok
22:40:57.0337 2184	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:40:57.0383 2184	iaStorV - ok
22:40:57.0768 2184	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:40:58.0346 2184	igfx - ok
22:40:58.0803 2184	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:40:58.0818 2184	iirsp - ok
22:40:59.0151 2184	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:40:59.0165 2184	intelide - ok
22:40:59.0322 2184	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:59.0373 2184	intelppm - ok
22:40:59.0444 2184	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:59.0516 2184	IpFilterDriver - ok
22:40:59.0529 2184	IpInIp - ok
22:40:59.0571 2184	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:40:59.0668 2184	IPMIDRV - ok
22:40:59.0776 2184	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:40:59.0852 2184	IPNAT - ok
22:41:00.0145 2184	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:41:00.0261 2184	IRENUM - ok
22:41:00.0442 2184	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:41:00.0482 2184	isapnp - ok
22:41:00.0721 2184	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:41:00.0734 2184	iScsiPrt - ok
22:41:00.0997 2184	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:41:01.0011 2184	iteatapi - ok
22:41:01.0317 2184	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:41:01.0332 2184	iteraid - ok
22:41:01.0634 2184	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:41:01.0672 2184	kbdclass - ok
22:41:01.0883 2184	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:41:01.0941 2184	kbdhid - ok
22:41:02.0178 2184	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:41:02.0241 2184	KSecDD - ok
22:41:02.0485 2184	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:41:02.0564 2184	lltdio - ok
22:41:02.0838 2184	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:41:02.0885 2184	LSI_FC - ok
22:41:03.0074 2184	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:41:03.0090 2184	LSI_SAS - ok
22:41:03.0315 2184	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:41:03.0354 2184	LSI_SCSI - ok
22:41:03.0605 2184	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:41:03.0682 2184	luafv - ok
22:41:03.0919 2184	MBAMSwissArmy - ok
22:41:04.0187 2184	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:41:04.0235 2184	megasas - ok
22:41:04.0446 2184	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:41:04.0528 2184	Modem - ok
22:41:04.0757 2184	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:41:04.0781 2184	monitor - ok
22:41:04.0967 2184	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:41:05.0019 2184	mouclass - ok
22:41:05.0233 2184	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:41:05.0302 2184	mouhid - ok
22:41:05.0485 2184	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:41:05.0526 2184	MountMgr - ok
22:41:05.0756 2184	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:41:05.0773 2184	mpio - ok
22:41:05.0996 2184	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:41:06.0058 2184	mpsdrv - ok
22:41:06.0314 2184	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:41:06.0345 2184	Mraid35x - ok
22:41:06.0848 2184	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:41:07.0024 2184	MRxDAV - ok
22:41:07.0243 2184	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:41:07.0337 2184	mrxsmb - ok
22:41:07.0616 2184	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:41:07.0679 2184	mrxsmb10 - ok
22:41:07.0941 2184	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:41:07.0998 2184	mrxsmb20 - ok
22:41:08.0244 2184	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:41:08.0288 2184	msahci - ok
22:41:08.0531 2184	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:41:08.0564 2184	msdsm - ok
22:41:08.0853 2184	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:41:08.0937 2184	Msfs - ok
22:41:09.0188 2184	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:41:09.0229 2184	msisadrv - ok
22:41:09.0840 2184	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:41:09.0916 2184	MSKSSRV - ok
22:41:10.0028 2184	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:41:10.0074 2184	MSPCLOCK - ok
22:41:10.0352 2184	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:41:10.0400 2184	MSPQM - ok
22:41:10.0641 2184	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:41:10.0680 2184	MsRPC - ok
22:41:10.0891 2184	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:41:10.0900 2184	mssmbios - ok
22:41:11.0139 2184	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:41:11.0220 2184	MSTEE - ok
22:41:11.0537 2184	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:41:11.0573 2184	Mup - ok
22:41:11.0752 2184	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:41:11.0811 2184	NativeWifiP - ok
22:41:12.0270 2184	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:41:12.0317 2184	NDIS - ok
22:41:12.0575 2184	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:41:12.0655 2184	NdisTapi - ok
22:41:12.0909 2184	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:41:12.0978 2184	Ndisuio - ok
22:41:13.0216 2184	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:41:13.0285 2184	NdisWan - ok
22:41:13.0809 2184	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:41:13.0882 2184	NDProxy - ok
22:41:14.0180 2184	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:41:14.0225 2184	NetBIOS - ok
22:41:14.0633 2184	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:41:14.0694 2184	netbt - ok
22:41:15.0336 2184	NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:41:16.0423 2184	NETw3v32 - ok
22:41:16.0872 2184	NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:41:17.0616 2184	NETw4v32 - ok
22:41:17.0831 2184	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:41:17.0867 2184	nfrd960 - ok
22:41:18.0093 2184	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:41:18.0159 2184	Npfs - ok
22:41:18.0391 2184	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:41:18.0504 2184	nsiproxy - ok
22:41:18.0751 2184	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:41:19.0274 2184	Ntfs - ok
22:41:19.0547 2184	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:41:19.0642 2184	ntrigdigi - ok
22:41:19.0897 2184	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:41:19.0964 2184	Null - ok
22:41:20.0181 2184	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:41:20.0231 2184	nvraid - ok
22:41:20.0428 2184	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:41:20.0461 2184	nvstor - ok
22:41:20.0688 2184	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:41:20.0730 2184	nv_agp - ok
22:41:20.0963 2184	NwlnkFlt - ok
22:41:21.0173 2184	NwlnkFwd - ok
22:41:21.0483 2184	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:41:21.0519 2184	ohci1394 - ok
22:41:21.0979 2184	PAC7302         (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS
22:41:22.0429 2184	PAC7302 - ok
22:41:22.0887 2184	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:41:22.0981 2184	Parport - ok
22:41:23.0251 2184	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:41:23.0291 2184	partmgr - ok
22:41:23.0510 2184	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:41:23.0616 2184	Parvdm - ok
22:41:23.0944 2184	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:41:23.0959 2184	pci - ok
22:41:24.0159 2184	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
22:41:24.0199 2184	pciide - ok
22:41:24.0439 2184	pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
22:41:24.0504 2184	pcmcia - ok
22:41:24.0799 2184	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:41:25.0068 2184	PEAUTH - ok
22:41:25.0320 2184	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:41:25.0375 2184	PptpMiniport - ok
22:41:25.0610 2184	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:41:25.0696 2184	Processor - ok
22:41:25.0899 2184	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:41:25.0949 2184	PSched - ok
22:41:26.0434 2184	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:41:26.0877 2184	ql2300 - ok
22:41:27.0220 2184	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:41:27.0264 2184	ql40xx - ok
22:41:27.0472 2184	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:41:27.0556 2184	QWAVEdrv - ok
22:41:27.0721 2184	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:41:27.0805 2184	RasAcd - ok
22:41:27.0992 2184	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:41:28.0043 2184	Rasl2tp - ok
22:41:28.0291 2184	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:41:28.0351 2184	RasPppoe - ok
22:41:28.0613 2184	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:41:28.0660 2184	RasSstp - ok
22:41:29.0197 2184	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:41:29.0275 2184	rdbss - ok
22:41:29.0430 2184	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:41:29.0456 2184	RDPCDD - ok
22:41:29.0705 2184	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:41:29.0775 2184	rdpdr - ok
22:41:29.0965 2184	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:41:30.0044 2184	RDPENCDD - ok
22:41:30.0249 2184	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:41:30.0299 2184	RDPWD - ok
22:41:30.0529 2184	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:41:30.0611 2184	rspndr - ok
22:41:30.0875 2184	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:41:31.0039 2184	sbp2port - ok
22:41:31.0220 2184	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:41:31.0308 2184	secdrv - ok
22:41:31.0552 2184	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:41:31.0635 2184	Serenum - ok
22:41:31.0904 2184	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:41:31.0987 2184	Serial - ok
22:41:32.0214 2184	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:41:32.0293 2184	sermouse - ok
22:41:32.0541 2184	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:41:32.0638 2184	sffdisk - ok
22:41:32.0821 2184	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:41:32.0915 2184	sffp_mmc - ok
22:41:33.0241 2184	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:41:33.0336 2184	sffp_sd - ok
22:41:33.0637 2184	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:41:33.0717 2184	sfloppy - ok
22:41:33.0912 2184	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:41:33.0956 2184	sisagp - ok
22:41:34.0145 2184	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:41:34.0182 2184	SiSRaid2 - ok
22:41:34.0423 2184	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:41:34.0466 2184	SiSRaid4 - ok
22:41:34.0699 2184	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:41:34.0744 2184	Smb - ok
22:41:35.0008 2184	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:41:35.0042 2184	spldr - ok
22:41:35.0326 2184	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:41:35.0390 2184	srv - ok
22:41:35.0687 2184	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:41:35.0778 2184	srv2 - ok
22:41:36.0018 2184	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:41:36.0082 2184	srvnet - ok
22:41:36.0287 2184	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:41:36.0354 2184	ssmdrv - ok
22:41:36.0844 2184	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:41:36.0857 2184	swenum - ok
22:41:37.0117 2184	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:41:37.0156 2184	Symc8xx - ok
22:41:37.0331 2184	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:41:37.0365 2184	Sym_hi - ok
22:41:37.0625 2184	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:41:37.0673 2184	Sym_u3 - ok
22:41:37.0981 2184	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:41:38.0145 2184	Tcpip - ok
22:41:38.0359 2184	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:41:38.0500 2184	Tcpip6 - ok
22:41:38.0844 2184	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:41:38.0936 2184	tcpipreg - ok
22:41:39.0116 2184	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:41:39.0227 2184	TDPIPE - ok
22:41:39.0463 2184	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:41:39.0579 2184	TDTCP - ok
22:41:39.0787 2184	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:41:39.0833 2184	tdx - ok
22:41:40.0067 2184	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:41:40.0085 2184	TermDD - ok
22:41:40.0301 2184	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:41:40.0363 2184	tssecsrv - ok
22:41:40.0540 2184	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:41:40.0608 2184	tunmp - ok
22:41:40.0846 2184	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:41:40.0896 2184	tunnel - ok
22:41:41.0131 2184	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:41:41.0165 2184	uagp35 - ok
22:41:41.0445 2184	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:41:41.0475 2184	udfs - ok
22:41:41.0679 2184	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:41:41.0714 2184	uliagpkx - ok
22:41:41.0924 2184	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:41:41.0970 2184	uliahci - ok
22:41:42.0250 2184	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:41:42.0295 2184	UlSata - ok
22:41:42.0537 2184	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:41:42.0570 2184	ulsata2 - ok
22:41:42.0765 2184	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:41:42.0855 2184	umbus - ok
22:41:43.0170 2184	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:41:43.0280 2184	USBAAPL - ok
22:41:43.0512 2184	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:41:43.0585 2184	usbaudio - ok
22:41:43.0776 2184	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
22:41:43.0861 2184	usbbus - ok
22:41:44.0059 2184	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:41:44.0107 2184	usbccgp - ok
22:41:44.0329 2184	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:41:44.0404 2184	usbcir - ok
22:41:45.0133 2184	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:41:45.0194 2184	usbehci - ok
22:41:45.0435 2184	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:41:45.0509 2184	usbhub - ok
22:41:45.0769 2184	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:41:45.0848 2184	usbohci - ok
22:41:46.0036 2184	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:41:46.0096 2184	usbprint - ok
22:41:46.0302 2184	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:41:46.0359 2184	USBSTOR - ok
22:41:46.0558 2184	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:41:46.0623 2184	usbuhci - ok
22:41:46.0862 2184	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:41:46.0938 2184	vga - ok
22:41:47.0089 2184	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:41:47.0153 2184	VgaSave - ok
22:41:47.0346 2184	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:41:47.0387 2184	viaagp - ok
22:41:47.0689 2184	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:41:47.0778 2184	ViaC7 - ok
22:41:48.0009 2184	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:41:48.0049 2184	viaide - ok
22:41:48.0254 2184	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:41:48.0289 2184	volmgr - ok
22:41:48.0545 2184	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:41:48.0606 2184	volmgrx - ok
22:41:48.0894 2184	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:41:48.0917 2184	volsnap - ok
22:41:49.0174 2184	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:41:49.0214 2184	vsmraid - ok
22:41:49.0458 2184	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:41:49.0552 2184	WacomPen - ok
22:41:49.0763 2184	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:41:49.0838 2184	Wanarp - ok
22:41:49.0866 2184	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:41:49.0886 2184	Wanarpv6 - ok
22:41:50.0448 2184	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:41:50.0590 2184	Wd - ok
22:41:50.0876 2184	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:41:50.0910 2184	Wdf01000 - ok
22:41:51.0256 2184	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:41:51.0333 2184	winachsf - ok
22:41:51.0678 2184	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:41:51.0736 2184	WmiAcpi - ok
22:41:52.0224 2184	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:41:52.0261 2184	WpdUsb - ok
22:41:52.0648 2184	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:41:52.0743 2184	ws2ifsl - ok
22:41:53.0262 2184	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:41:53.0314 2184	WUDFRd - ok
22:41:53.0642 2184	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
22:41:53.0734 2184	yukonwlh - ok
22:41:53.0763 2184	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:42:02.0586 2184	\Device\Harddisk0\DR0 - ok
22:42:02.0629 2184	Boot (0x1200)   (09ea3d54355b545f7aab8f372c1a4004) \Device\Harddisk0\DR0\Partition0
22:42:02.0631 2184	\Device\Harddisk0\DR0\Partition0 - ok
22:42:02.0659 2184	Boot (0x1200)   (d3d31ab35cd3af9bcf203671b977501b) \Device\Harddisk0\DR0\Partition1
22:42:02.0661 2184	\Device\Harddisk0\DR0\Partition1 - ok
22:42:02.0661 2184	============================================================
22:42:02.0661 2184	Scan finished
22:42:02.0661 2184	============================================================
22:42:02.0682 3336	Detected object count: 0
22:42:02.0682 3336	Actual detected object count: 0

cosinus · 22.12.2011, 08:50

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kim1980 · 22.12.2011, 16:00

combofix konnte die datei nicht schreiben?!?!? eigentlich hat sich das prozedere so gestaltet, wie du es beschrieben hast (update...), nur die datei konnte eben nicht geschrieben werden.
soll ich es nochmal versuchen?

cosinus · 22.12.2011, 18:22

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

22.12.2011, 18:22	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner

Log-Analyse und Auswertung: Bundespolizei Trojaner