| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2012, 22:50
| #16 |
 |  Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." ok..hab jetzt alles was ich gefunden hab und McAfee angeht gelöscht und nochmal gescannt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/8/2012 10:04:46 PM - Run 6 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Oly\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.37 Mb Total Physical Memory | 687.83 Mb Available Physical Memory | 67.81% Memory free 1.99 Gb Paging File | 1.65 Gb Available in Paging File | 82.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 65.63 Gb Total Space | 30.18 Gb Free Space | 45.98% Space Free | Partition Type: NTFS Drive D: | 68.32 Gb Total Space | 68.23 Gb Free Space | 99.87% Space Free | Partition Type: NTFS Computer Name: OLY-PC | User Name: Oly | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/05 01:35:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (McSysmon) SRV - File not found [Unknown | Stopped] -- -- (McShield) SRV - [2009/08/11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/05/11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 22:40:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 22:39:58 | 000,000,000 | ---D | M] [2009/12/23 20:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oly\AppData\Roaming\mozilla\Extensions [2012/01/07 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oly\AppData\Roaming\mozilla\Firefox\Profiles\0crdlkzg.default\extensions [2011/08/07 18:23:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Oly\AppData\Roaming\mozilla\Firefox\Profiles\0crdlkzg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/01/07 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/02/20 15:10:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/08/20 19:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/08/20 19:14:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/08/20 19:14:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/08/20 19:14:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/08/20 19:14:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.70.240.53 129.70.182.24 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01677D5D-AADB-4B17-835F-C79B4052D3D7}: DhcpNameServer = 129.70.240.53 129.70.182.24 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4C11B8-919E-4D67-A037-585ABB74D52D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/01/07 00:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/01/07 00:30:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Oly\Desktop\esetsmartinstaller_enu.exe [2012/01/06 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Oly\AppData\Roaming\Malwarebytes [2012/01/06 23:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/06 23:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/06 23:35:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/01/06 23:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/06 12:54:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/05 01:35:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe [2011/12/31 17:35:20 | 000,000,000 | ---D | C] -- C:\Users\Oly\Desktop\accutane [2011/12/29 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Oly\Desktop\Spieltheorie [1 C:\Users\Oly\AppData\Local\*.tmp files -> C:\Users\Oly\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/08 21:56:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/01/08 21:56:07 | 797,728,768 | -HS- | M] () -- C:\hiberfil.sys [2012/01/08 21:53:06 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/07 16:09:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/07 16:09:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/07 16:09:23 | 000,008,212 | ---- | M] () -- C:\windows\mfebcdata [2012/01/07 00:31:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Oly\Desktop\esetsmartinstaller_enu.exe [2012/01/06 23:35:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/06 15:57:18 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/05 01:35:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe [2011/12/19 12:40:52 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/12/19 12:40:52 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/12/19 12:40:52 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/12/19 12:40:52 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/12/15 21:52:01 | 000,408,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [1 C:\Users\Oly\AppData\Local\*.tmp files -> C:\Users\Oly\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/07 16:09:23 | 000,008,212 | ---- | C] () -- C:\windows\mfebcdata [2012/01/06 23:35:41 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/05/20 20:56:43 | 000,000,000 | ---- | C] () -- C:\Users\Oly\AppData\Local\{3DEB4785-F293-459E-8F23-1AD7997834B6} [2010/02/20 15:20:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/12/19 12:13:14 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/08/28 01:09:59 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/08/28 01:09:58 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/08/28 01:09:58 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/08/28 01:09:58 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/08/27 08:40:34 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/08/27 08:39:21 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,408,672 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.# [2011/08/07 18:23:50 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoft [2011/08/07 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers [2009/12/22 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Windows Live Writer [2011/10/05 10:20:37 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.# [2010/02/17 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Adobe [2011/09/16 21:44:42 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Apple Computer [2011/08/07 18:23:50 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoft [2011/08/07 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers [2009/12/19 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Google [2009/12/19 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Identities [2009/12/20 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Macromedia [2012/01/06 23:36:13 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Malwarebytes [2012/01/06 12:54:02 | 000,000,000 | --SD | M] -- C:\Users\Oly\AppData\Roaming\Microsoft [2009/12/23 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Mozilla [2011/11/04 10:44:33 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Skype [2011/11/04 10:44:20 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\skypePM [2009/12/22 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Windows Live Writer [2011/05/28 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > |
|
09.01.2012, 10:20
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
SRV - File not found [Disabled | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun
O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
[2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
13.01.2012, 01:23
| #18 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." habs mehrfach versucht....aber OTL bleibt immer bei O34 - HKLM BootExecute: (autocheck autochk *) stecken: Keine Rückmeldung
__________________ |
|
13.01.2012, 12:22
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Probier es im abgesicherten Modus Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2012, 12:24
| #20 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." habe ich bereits probiert...  |
|
13.01.2012, 15:28
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Hm, der O34-Eintrag sollte sowieso raus, muss wohl versehentlich mit reingekommen sein  Nimm mal zum Fixen das Script hier:Code:
ATTFilter :OTL
SRV - File not found [Disabled | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun
O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
:Commands
[emptytemp]
__________________ --> Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." |
|
13.01.2012, 16:34
| #22 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." ja danke das hat geklappt....allerdings hat er vorm neustart noch die automatischen updates gemacht...könnte es sein, dass er killing process dadurch beeinträchtigt wurde?! hier der log Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named McSysmon was found to stop!
Service\Driver key McSysmon not found.
Error: No service named McShield was found to stop!
Service\Driver key McShield not found.
Error: No service named Rezip was found to stop!
Service\Driver key Rezip not found.
File C:\Windows\System32\Rezip.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Oly\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Oly
->Temp folder emptied: 1092 bytes
->Temporary Internet Files folder emptied: 78800 bytes
->FireFox cache emptied: 58133779 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1170 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7126232 bytes
RecycleBin emptied: 10854325 bytes
Total Files Cleaned = 73.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_162118
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
13.01.2012, 16:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2012, 17:11
| #24 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." ok ausgeführt Code:
ATTFilter 17:05:36.0173 2744 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
17:05:36.0235 2744 ============================================================
17:05:36.0235 2744 Current date / time: 2012/01/13 17:05:36.0235
17:05:36.0235 2744 SystemInfo:
17:05:36.0235 2744
17:05:36.0235 2744 OS Version: 6.1.7600 ServicePack: 0.0
17:05:36.0235 2744 Product type: Workstation
17:05:36.0235 2744 ComputerName: OLY-PC
17:05:36.0235 2744 UserName: Oly
17:05:36.0235 2744 Windows directory: C:\windows
17:05:36.0235 2744 System windows directory: C:\windows
17:05:36.0235 2744 Processor architecture: Intel x86
17:05:36.0235 2744 Number of processors: 2
17:05:36.0235 2744 Page size: 0x1000
17:05:36.0235 2744 Boot type: Normal boot
17:05:36.0235 2744 ============================================================
17:05:37.0951 2744 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
17:05:38.0029 2744 Initialize success
17:06:53.0654 2528 ============================================================
17:06:53.0654 2528 Scan started
17:06:53.0654 2528 Mode: Manual; SigCheck; TDLFS;
17:06:53.0654 2528 ============================================================
17:06:55.0354 2528 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
17:06:55.0588 2528 1394ohci - ok
17:06:55.0620 2528 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
17:06:55.0666 2528 ACPI - ok
17:06:55.0776 2528 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
17:06:55.0854 2528 AcpiPmi - ok
17:06:55.0978 2528 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
17:06:56.0056 2528 adp94xx - ok
17:06:56.0119 2528 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
17:06:56.0166 2528 adpahci - ok
17:06:56.0244 2528 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
17:06:56.0290 2528 adpu320 - ok
17:06:56.0384 2528 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
17:06:56.0431 2528 AFD - ok
17:06:56.0478 2528 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
17:06:56.0509 2528 agp440 - ok
17:06:56.0571 2528 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
17:06:56.0602 2528 aic78xx - ok
17:06:56.0649 2528 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
17:06:56.0680 2528 aliide - ok
17:06:56.0727 2528 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
17:06:56.0758 2528 amdagp - ok
17:06:56.0836 2528 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
17:06:56.0868 2528 amdide - ok
17:06:56.0899 2528 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
17:06:56.0946 2528 AmdK8 - ok
17:06:56.0961 2528 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
17:06:57.0008 2528 AmdPPM - ok
17:06:57.0086 2528 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
17:06:57.0133 2528 amdsata - ok
17:06:57.0211 2528 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
17:06:57.0258 2528 amdsbs - ok
17:06:57.0273 2528 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
17:06:57.0304 2528 amdxata - ok
17:06:57.0367 2528 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
17:06:57.0429 2528 AppID - ok
17:06:57.0554 2528 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
17:06:57.0585 2528 arc - ok
17:06:57.0632 2528 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
17:06:57.0663 2528 arcsas - ok
17:06:57.0694 2528 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
17:06:57.0772 2528 AsyncMac - ok
17:06:57.0804 2528 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
17:06:57.0835 2528 atapi - ok
17:06:57.0913 2528 athr (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
17:06:58.0022 2528 athr - ok
17:06:58.0116 2528 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:06:58.0162 2528 avgio - ok
17:06:58.0240 2528 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\windows\system32\DRIVERS\avgntflt.sys
17:06:58.0334 2528 avgntflt - ok
17:06:58.0396 2528 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\windows\system32\DRIVERS\avipbb.sys
17:06:58.0428 2528 avipbb - ok
17:06:58.0537 2528 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
17:06:58.0615 2528 b06bdrv - ok
17:06:58.0708 2528 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
17:06:58.0755 2528 b57nd60x - ok
17:06:58.0864 2528 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
17:06:58.0942 2528 Beep - ok
17:06:59.0005 2528 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
17:06:59.0052 2528 blbdrive - ok
17:06:59.0192 2528 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
17:06:59.0254 2528 bowser - ok
17:06:59.0301 2528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:06:59.0348 2528 BrFiltLo - ok
17:06:59.0410 2528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:06:59.0457 2528 BrFiltUp - ok
17:06:59.0535 2528 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
17:06:59.0598 2528 Brserid - ok
17:06:59.0660 2528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
17:06:59.0738 2528 BrSerWdm - ok
17:06:59.0785 2528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
17:06:59.0816 2528 BrUsbMdm - ok
17:06:59.0832 2528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
17:06:59.0878 2528 BrUsbSer - ok
17:06:59.0972 2528 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
17:07:00.0019 2528 BthEnum - ok
17:07:00.0050 2528 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
17:07:00.0097 2528 BTHMODEM - ok
17:07:00.0144 2528 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
17:07:00.0190 2528 BthPan - ok
17:07:00.0331 2528 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
17:07:00.0393 2528 BTHPORT - ok
17:07:00.0471 2528 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
17:07:00.0518 2528 BTHUSB - ok
17:07:00.0596 2528 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
17:07:00.0658 2528 btwaudio - ok
17:07:00.0705 2528 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
17:07:00.0752 2528 btwavdt - ok
17:07:00.0830 2528 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
17:07:00.0846 2528 btwl2cap - ok
17:07:00.0939 2528 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
17:07:00.0986 2528 btwrchid - ok
17:07:01.0033 2528 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
17:07:01.0111 2528 cdfs - ok
17:07:01.0173 2528 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
17:07:01.0220 2528 cdrom - ok
17:07:01.0282 2528 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
17:07:01.0345 2528 circlass - ok
17:07:01.0407 2528 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
17:07:01.0438 2528 CLFS - ok
17:07:01.0532 2528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
17:07:01.0579 2528 CmBatt - ok
17:07:01.0641 2528 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
17:07:01.0688 2528 cmdide - ok
17:07:01.0735 2528 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
17:07:01.0813 2528 CNG - ok
17:07:01.0891 2528 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
17:07:01.0922 2528 Compbatt - ok
17:07:01.0984 2528 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
17:07:02.0031 2528 CompositeBus - ok
17:07:02.0094 2528 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
17:07:02.0140 2528 crcdisk - ok
17:07:02.0265 2528 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
17:07:02.0328 2528 DfsC - ok
17:07:02.0406 2528 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
17:07:02.0499 2528 discache - ok
17:07:02.0577 2528 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
17:07:02.0624 2528 Disk - ok
17:07:02.0702 2528 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
17:07:02.0749 2528 drmkaud - ok
17:07:02.0811 2528 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
17:07:02.0889 2528 DXGKrnl - ok
17:07:03.0076 2528 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
17:07:03.0279 2528 ebdrv - ok
17:07:03.0373 2528 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
17:07:03.0435 2528 elxstor - ok
17:07:03.0498 2528 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
17:07:03.0544 2528 ErrDev - ok
17:07:03.0654 2528 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
17:07:03.0732 2528 exfat - ok
17:07:03.0810 2528 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
17:07:03.0919 2528 fastfat - ok
17:07:03.0997 2528 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
17:07:04.0044 2528 fdc - ok
17:07:04.0122 2528 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
17:07:04.0153 2528 FileInfo - ok
17:07:04.0168 2528 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
17:07:04.0262 2528 Filetrace - ok
17:07:04.0309 2528 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
17:07:04.0356 2528 flpydisk - ok
17:07:04.0434 2528 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
17:07:04.0480 2528 FltMgr - ok
17:07:04.0558 2528 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
17:07:04.0574 2528 FsDepends - ok
17:07:04.0636 2528 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
17:07:04.0668 2528 fssfltr - ok
17:07:04.0730 2528 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
17:07:04.0777 2528 Fs_Rec - ok
17:07:04.0870 2528 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
17:07:04.0917 2528 fvevol - ok
17:07:04.0948 2528 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
17:07:04.0980 2528 gagp30kx - ok
17:07:05.0104 2528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:07:05.0136 2528 GEARAspiWDM - ok
17:07:05.0229 2528 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
17:07:05.0276 2528 hcw85cir - ok
17:07:05.0354 2528 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
17:07:05.0416 2528 HdAudAddService - ok
17:07:05.0479 2528 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
17:07:05.0526 2528 HDAudBus - ok
17:07:05.0588 2528 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
17:07:05.0635 2528 HidBatt - ok
17:07:05.0666 2528 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
17:07:05.0713 2528 HidBth - ok
17:07:05.0760 2528 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
17:07:05.0806 2528 HidIr - ok
17:07:05.0900 2528 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
17:07:05.0931 2528 HidUsb - ok
17:07:05.0994 2528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
17:07:06.0025 2528 HpSAMD - ok
17:07:06.0103 2528 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
17:07:06.0212 2528 HTTP - ok
17:07:06.0290 2528 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
17:07:06.0337 2528 hwpolicy - ok
17:07:06.0384 2528 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
17:07:06.0430 2528 i8042prt - ok
17:07:06.0493 2528 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
17:07:06.0540 2528 iaStorV - ok
17:07:06.0789 2528 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
17:07:07.0070 2528 igfx - ok
17:07:07.0148 2528 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
17:07:07.0195 2528 iirsp - ok
17:07:07.0398 2528 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys
17:07:07.0600 2528 IntcAzAudAddService - ok
17:07:07.0647 2528 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
17:07:07.0678 2528 intelide - ok
17:07:07.0725 2528 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
17:07:07.0772 2528 intelppm - ok
17:07:07.0881 2528 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:07:08.0006 2528 IpFilterDriver - ok
17:07:08.0053 2528 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
17:07:08.0115 2528 IPMIDRV - ok
17:07:08.0209 2528 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
17:07:08.0302 2528 IPNAT - ok
17:07:08.0380 2528 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
17:07:08.0412 2528 IRENUM - ok
17:07:08.0490 2528 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
17:07:08.0552 2528 isapnp - ok
17:07:08.0614 2528 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
17:07:08.0661 2528 iScsiPrt - ok
17:07:08.0739 2528 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
17:07:08.0786 2528 kbdclass - ok
17:07:08.0864 2528 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
17:07:08.0926 2528 kbdhid - ok
17:07:09.0004 2528 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
17:07:09.0051 2528 KSecDD - ok
17:07:09.0098 2528 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
17:07:09.0145 2528 KSecPkg - ok
17:07:09.0254 2528 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
17:07:09.0363 2528 lltdio - ok
17:07:09.0472 2528 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
17:07:09.0519 2528 LSI_FC - ok
17:07:09.0582 2528 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
17:07:09.0613 2528 LSI_SAS - ok
17:07:09.0660 2528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:07:09.0691 2528 LSI_SAS2 - ok
17:07:09.0769 2528 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:07:09.0816 2528 LSI_SCSI - ok
17:07:09.0878 2528 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
17:07:09.0972 2528 luafv - ok
17:07:10.0034 2528 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
17:07:10.0081 2528 megasas - ok
17:07:10.0159 2528 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
17:07:10.0206 2528 MegaSR - ok
17:07:10.0284 2528 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
17:07:10.0362 2528 Modem - ok
17:07:10.0471 2528 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
17:07:10.0549 2528 monitor - ok
17:07:10.0596 2528 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
17:07:10.0642 2528 mouclass - ok
17:07:10.0720 2528 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
17:07:10.0767 2528 mouhid - ok
17:07:10.0830 2528 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
17:07:10.0861 2528 mountmgr - ok
17:07:10.0892 2528 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
17:07:10.0923 2528 mpio - ok
17:07:10.0954 2528 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
17:07:11.0032 2528 mpsdrv - ok
17:07:11.0110 2528 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
17:07:11.0173 2528 MRxDAV - ok
17:07:11.0251 2528 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
17:07:11.0298 2528 mrxsmb - ok
17:07:11.0376 2528 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:07:11.0438 2528 mrxsmb10 - ok
17:07:11.0485 2528 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:07:11.0532 2528 mrxsmb20 - ok
17:07:11.0578 2528 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
17:07:11.0610 2528 msahci - ok
17:07:11.0672 2528 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
17:07:11.0734 2528 msdsm - ok
17:07:11.0812 2528 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
17:07:11.0890 2528 Msfs - ok
17:07:11.0937 2528 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
17:07:12.0031 2528 mshidkmdf - ok
17:07:12.0093 2528 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
17:07:12.0140 2528 msisadrv - ok
17:07:12.0218 2528 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
17:07:12.0312 2528 MSKSSRV - ok
17:07:12.0374 2528 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
17:07:12.0452 2528 MSPCLOCK - ok
17:07:12.0499 2528 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
17:07:12.0577 2528 MSPQM - ok
17:07:12.0624 2528 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
17:07:12.0670 2528 MsRPC - ok
17:07:12.0717 2528 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
17:07:12.0764 2528 mssmbios - ok
17:07:12.0858 2528 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
17:07:12.0967 2528 MSTEE - ok
17:07:12.0982 2528 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
17:07:13.0029 2528 MTConfig - ok
17:07:13.0076 2528 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
17:07:13.0107 2528 Mup - ok
17:07:13.0170 2528 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
17:07:13.0216 2528 NativeWifiP - ok
17:07:13.0341 2528 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
17:07:13.0404 2528 NDIS - ok
17:07:13.0450 2528 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
17:07:13.0528 2528 NdisCap - ok
17:07:13.0591 2528 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
17:07:13.0653 2528 NdisTapi - ok
17:07:13.0731 2528 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
17:07:13.0809 2528 Ndisuio - ok
17:07:13.0856 2528 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
17:07:13.0934 2528 NdisWan - ok
17:07:13.0996 2528 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
17:07:14.0074 2528 NDProxy - ok
17:07:14.0152 2528 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
17:07:14.0230 2528 NetBIOS - ok
17:07:14.0293 2528 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
17:07:14.0371 2528 NetBT - ok
17:07:14.0496 2528 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
17:07:14.0542 2528 nfrd960 - ok
17:07:14.0589 2528 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
17:07:14.0667 2528 Npfs - ok
17:07:14.0698 2528 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
17:07:14.0792 2528 nsiproxy - ok
17:07:14.0870 2528 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
17:07:14.0979 2528 Ntfs - ok
17:07:15.0042 2528 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
17:07:15.0120 2528 Null - ok
17:07:15.0198 2528 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
17:07:15.0244 2528 nvraid - ok
17:07:15.0276 2528 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
17:07:15.0322 2528 nvstor - ok
17:07:15.0385 2528 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
17:07:15.0416 2528 nv_agp - ok
17:07:15.0478 2528 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
17:07:15.0525 2528 ohci1394 - ok
17:07:15.0634 2528 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
17:07:15.0697 2528 Parport - ok
17:07:15.0759 2528 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
17:07:15.0790 2528 partmgr - ok
17:07:15.0822 2528 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
17:07:15.0868 2528 Parvdm - ok
17:07:15.0962 2528 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
17:07:16.0009 2528 pci - ok
17:07:16.0056 2528 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
17:07:16.0102 2528 pciide - ok
17:07:16.0149 2528 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
17:07:16.0196 2528 pcmcia - ok
17:07:16.0274 2528 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
17:07:16.0321 2528 pcw - ok
17:07:16.0399 2528 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
17:07:16.0539 2528 PEAUTH - ok
17:07:16.0726 2528 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
17:07:16.0804 2528 PptpMiniport - ok
17:07:16.0867 2528 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
17:07:16.0914 2528 Processor - ok
17:07:17.0038 2528 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
17:07:17.0132 2528 Psched - ok
17:07:17.0241 2528 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
17:07:17.0350 2528 ql2300 - ok
17:07:17.0428 2528 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
17:07:17.0460 2528 ql40xx - ok
17:07:17.0522 2528 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
17:07:17.0584 2528 QWAVEdrv - ok
17:07:17.0616 2528 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
17:07:17.0678 2528 RasAcd - ok
17:07:17.0756 2528 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
17:07:17.0834 2528 RasAgileVpn - ok
17:07:17.0928 2528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
17:07:18.0037 2528 Rasl2tp - ok
17:07:18.0130 2528 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
17:07:18.0208 2528 RasPppoe - ok
17:07:18.0302 2528 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
17:07:18.0396 2528 RasSstp - ok
17:07:18.0442 2528 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
17:07:18.0520 2528 rdbss - ok
17:07:18.0583 2528 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
17:07:18.0645 2528 rdpbus - ok
17:07:18.0723 2528 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
17:07:18.0817 2528 RDPCDD - ok
17:07:18.0879 2528 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
17:07:18.0957 2528 RDPENCDD - ok
17:07:19.0035 2528 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
17:07:19.0113 2528 RDPREFMP - ok
17:07:19.0176 2528 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
17:07:19.0254 2528 RDPWD - ok
17:07:19.0316 2528 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
17:07:19.0363 2528 rdyboost - ok
17:07:19.0503 2528 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
17:07:19.0550 2528 RFCOMM - ok
17:07:19.0644 2528 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
17:07:19.0722 2528 rspndr - ok
17:07:19.0815 2528 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
17:07:19.0893 2528 RTL8167 - ok
17:07:19.0956 2528 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
17:07:20.0018 2528 SABI - ok
17:07:20.0143 2528 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
17:07:20.0190 2528 sbp2port - ok
17:07:20.0236 2528 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
17:07:20.0330 2528 scfilter - ok
17:07:20.0439 2528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
17:07:20.0548 2528 secdrv - ok
17:07:20.0642 2528 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
17:07:20.0689 2528 Serenum - ok
17:07:20.0767 2528 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
17:07:20.0814 2528 Serial - ok
17:07:20.0845 2528 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
17:07:20.0892 2528 sermouse - ok
17:07:20.0985 2528 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
17:07:21.0032 2528 sffdisk - ok
17:07:21.0110 2528 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
17:07:21.0172 2528 sffp_mmc - ok
17:07:21.0204 2528 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
17:07:21.0250 2528 sffp_sd - ok
17:07:21.0297 2528 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
17:07:21.0328 2528 sfloppy - ok
17:07:21.0406 2528 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
17:07:21.0453 2528 sisagp - ok
17:07:21.0484 2528 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:07:21.0531 2528 SiSRaid2 - ok
17:07:21.0547 2528 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
17:07:21.0578 2528 SiSRaid4 - ok
17:07:21.0640 2528 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
17:07:21.0750 2528 Smb - ok
17:07:21.0890 2528 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
17:07:21.0921 2528 spldr - ok
17:07:21.0999 2528 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
17:07:22.0062 2528 srv - ok
17:07:22.0140 2528 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
17:07:22.0218 2528 srv2 - ok
17:07:22.0264 2528 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
17:07:22.0327 2528 srvnet - ok
17:07:22.0436 2528 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
17:07:22.0467 2528 sscdbus - ok
17:07:22.0545 2528 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\windows\system32\DRIVERS\ssmdrv.sys
17:07:22.0576 2528 ssmdrv - ok
17:07:22.0701 2528 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
17:07:22.0748 2528 stexstor - ok
17:07:22.0779 2528 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
17:07:22.0810 2528 swenum - ok
17:07:22.0873 2528 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
17:07:22.0935 2528 SynTP - ok
17:07:23.0138 2528 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
17:07:23.0263 2528 Tcpip - ok
17:07:23.0341 2528 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
17:07:23.0419 2528 TCPIP6 - ok
17:07:23.0528 2528 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
17:07:23.0622 2528 tcpipreg - ok
17:07:23.0668 2528 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
17:07:23.0731 2528 TDPIPE - ok
17:07:23.0762 2528 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
17:07:23.0840 2528 TDTCP - ok
17:07:23.0887 2528 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
17:07:23.0965 2528 tdx - ok
17:07:24.0074 2528 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
17:07:24.0121 2528 TermDD - ok
17:07:24.0214 2528 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
17:07:24.0308 2528 tssecsrv - ok
17:07:24.0433 2528 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
17:07:24.0526 2528 tunnel - ok
17:07:24.0573 2528 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
17:07:24.0604 2528 uagp35 - ok
17:07:24.0651 2528 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
17:07:24.0745 2528 udfs - ok
17:07:24.0870 2528 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
17:07:24.0901 2528 uliagpkx - ok
17:07:24.0948 2528 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
17:07:25.0010 2528 umbus - ok
17:07:25.0057 2528 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
17:07:25.0104 2528 UmPass - ok
17:07:25.0228 2528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
17:07:25.0275 2528 USBAAPL - ok
17:07:25.0322 2528 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
17:07:25.0369 2528 usbccgp - ok
17:07:25.0462 2528 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
17:07:25.0525 2528 usbcir - ok
17:07:25.0587 2528 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
17:07:25.0650 2528 usbehci - ok
17:07:25.0728 2528 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
17:07:25.0790 2528 usbhub - ok
17:07:25.0868 2528 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
17:07:25.0946 2528 usbohci - ok
17:07:26.0040 2528 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
17:07:26.0086 2528 usbprint - ok
17:07:26.0149 2528 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
17:07:26.0196 2528 usbscan - ok
17:07:26.0274 2528 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:07:26.0320 2528 USBSTOR - ok
17:07:26.0414 2528 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
17:07:26.0476 2528 usbuhci - ok
17:07:26.0554 2528 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
17:07:26.0617 2528 usbvideo - ok
17:07:26.0726 2528 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
17:07:26.0757 2528 vdrvroot - ok
17:07:26.0820 2528 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
17:07:26.0866 2528 vga - ok
17:07:26.0913 2528 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
17:07:26.0976 2528 VgaSave - ok
17:07:27.0100 2528 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
17:07:27.0178 2528 vhdmp - ok
17:07:27.0225 2528 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
17:07:27.0272 2528 viaagp - ok
17:07:27.0303 2528 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
17:07:27.0334 2528 ViaC7 - ok
17:07:27.0397 2528 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
17:07:27.0428 2528 viaide - ok
17:07:27.0490 2528 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
17:07:27.0522 2528 volmgr - ok
17:07:27.0568 2528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
17:07:27.0615 2528 volmgrx - ok
17:07:27.0678 2528 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
17:07:27.0724 2528 volsnap - ok
17:07:27.0834 2528 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
17:07:27.0880 2528 vsmraid - ok
17:07:27.0943 2528 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
17:07:27.0990 2528 vwifibus - ok
17:07:28.0036 2528 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
17:07:28.0083 2528 vwififlt - ok
17:07:28.0192 2528 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
17:07:28.0224 2528 WacomPen - ok
17:07:28.0302 2528 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
17:07:28.0395 2528 WANARP - ok
17:07:28.0411 2528 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
17:07:28.0489 2528 Wanarpv6 - ok
17:07:28.0567 2528 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
17:07:28.0598 2528 Wd - ok
17:07:28.0676 2528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
17:07:28.0738 2528 Wdf01000 - ok
17:07:28.0832 2528 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
17:07:28.0926 2528 WfpLwf - ok
17:07:29.0019 2528 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
17:07:29.0050 2528 WIMMount - ok
17:07:29.0206 2528 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
17:07:29.0253 2528 WinUsb - ok
17:07:29.0362 2528 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
17:07:29.0425 2528 WmiAcpi - ok
17:07:29.0518 2528 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
17:07:29.0596 2528 ws2ifsl - ok
17:07:29.0721 2528 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
17:07:29.0815 2528 WudfPf - ok
17:07:29.0877 2528 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
17:07:29.0986 2528 WUDFRd - ok
17:07:30.0111 2528 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
17:07:30.0704 2528 \Device\Harddisk0\DR0 - ok
17:07:30.0720 2528 Boot (0x1200) (cbe609ee266154d97fb02d3871d6fd04) \Device\Harddisk0\DR0\Partition0
17:07:30.0720 2528 \Device\Harddisk0\DR0\Partition0 - ok
17:07:30.0751 2528 Boot (0x1200) (99ff42cc5830f3215940b2ac0a58154b) \Device\Harddisk0\DR0\Partition1
17:07:30.0751 2528 \Device\Harddisk0\DR0\Partition1 - ok
17:07:30.0782 2528 Boot (0x1200) (1355bf71ada6110bdeaec645e22c1087) \Device\Harddisk0\DR0\Partition2
17:07:30.0782 2528 \Device\Harddisk0\DR0\Partition2 - ok
17:07:30.0782 2528 ============================================================
17:07:30.0782 2528 Scan finished
17:07:30.0782 2528 ============================================================
17:07:30.0813 2536 Detected object count: 0
17:07:30.0813 2536 Actual detected object count: 0
|
|
13.01.2012, 18:32
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2012, 00:24
| #26 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Combofix Logfile: Code:
ATTFilter ComboFix 12-01-13.05 - Oly 13.01.2012 23:41:57.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1014.409 [GMT 1:00]
ausgeführt von:: c:\users\Oly\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-13 bis 2012-01-13 ))))))))))))))))))))))))))))))
.
.
2012-01-13 23:03 . 2012-01-13 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 00:49 . 2011-11-30 01:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{033B30AD-8AE7-4B7A-BB49-2903679E6C67}\mpengine.dll
2012-01-13 00:49 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-13 00:48 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 00:48 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-13 00:48 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 00:48 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-06 23:32 . 2012-01-06 23:32 -------- d-----w- c:\program files\ESET
2012-01-06 22:36 . 2012-01-06 22:36 -------- d-----w- c:\users\Oly\AppData\Roaming\Malwarebytes
2012-01-06 22:35 . 2012-01-06 22:35 -------- d-----w- c:\programdata\Malwarebytes
2012-01-06 22:35 . 2012-01-06 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 22:35 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 11:54 . 2012-01-06 11:54 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 19:17 . 2011-12-03 19:17 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:23 . 2011-12-14 22:52 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35 . 2011-12-14 22:52 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-14 22:52 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 22:51 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-14 22:52 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-14 22:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42 . 2011-12-14 22:50 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42 . 2011-12-14 22:50 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25 . 2011-12-14 22:50 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\Oly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca99606cdf7d3e;Google Update Service (gupdate1ca99606cdf7d3e);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 133104]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:36]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Oly\AppData\Roaming\Mozilla\Firefox\Profiles\0crdlkzg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-14 00:12:17
ComboFix-quarantined-files.txt 2012-01-13 23:12
ComboFix2.txt 2012-01-13 21:45
.
Vor Suchlauf: 11 Verzeichnis(se), 40.445.894.656 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 40.393.789.440 Bytes frei
.
- - End Of File - - 8871212038EBF234FB2BFF64BD84AE19
|
|
14.01.2012, 13:56
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2012, 18:46
| #28 |
| | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." so endlich bin ich dazu gekommen... GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-18 18:04:19
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2160BH_G2 rev.008B000B
Running: e444s5d1.exe; Driver: C:\Users\Oly\AppData\Local\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
SSDT 8B49B3CC ZwCreateThread
SSDT 8B49B3B8 ZwOpenProcess
SSDT 8B49B3BD ZwOpenThread
SSDT 8B49B3C7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 820478A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 820672F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14C3 8206E690 4 Bytes [CC, B3, 49, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 165F 8206E82C 4 Bytes [B8, B3, 49, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 167F 8206E84C 4 Bytes [BD, B3, 49, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8206EAFC 4 Bytes [C7, B3, 49, 8B]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000084 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:2420] A4F5DF2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cda7544
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9ab33
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bb88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bba2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bf15
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d4fbc2
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???k?u?????? ???????????????? ???Z?????????????????????????????s?????k?k?k???j???k???????p???????????k???????j??????????? ???????????????j??????s???LegacyDriver?????????????b????????X??t?????????e?????_?f?h?i?j?j?|????X??n???????????j??LegacyDriver?????????????????????k???????????????????2???????????????k?k?/???????????o??????nf???????j??????s???PNP Filter????????????????????N??k????????D?????? ???????k?????j?????j??????????????????????? ???????????????????v??? ???????j???????????j??????????N???????????LegacyDriver????????????????t??????j?&???????????Z?j?j?j?????????????j???????????W?h?j?j?????????????????3???3???????@???0???e??{4d36e972-e325-11ce-bfc1-08002be10318}??????Keyboard Class Driver????j??????p?????N????????????D????6-21-2006????e?zB8?????????????????s?????????j??????????????????Le??LegacyDriver?????k???????????d???e??LegacyDriver?-???[?e?j?j?k?k?z???? ??[???????e???????k??????p????k???????j???s??s ??Microsoft-6zu4-Adapter #5???Volume?ice???????v??????????HIDClass????McAfee Inc.??????k?????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cda7544 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9ab33 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bb88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bba2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bf15 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d4fbc2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?o???????2????2??o????????h?????????????????t????????????????l???????????????o???????u??? ???????o???????????i??????????R?>??????m??? ???U???:?????:?:???????????????????????f?g????????????????????????? ??????????????l????????????????????????????????????4???/??????????????????? ???????o??????????????????????R?@?????????Brother RemovableDisk(U)????system32\drivers\fileinfo.sys???????????????????p????????????.??76???????l????????????X??t?????????n????????????????????????????????????di???????????{?{?p??????????????t???????????????????????*isatap?????????????????t????????p??????p?????J??o?????????n??????(??o??????p??????????????????????????????????g?????????????????d???o????R??o????????h?????\SystemRoot\System32\Drivers\BTHport.sys?.????,??o?????????e????Bluetooth-Porttreiber????o?o?o?o?o?o?z??p????????????&??????? ???????????????????5???????????0???????????~?~?~???????p??? ????????????????????????????????????????????s??????????o???????????o??? ???????o?????d???????????????????????????????o????? ???????o?????
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:13:11 on 18.01.2012 OS: Windows 7 Starter Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.18 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Oly\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys "uwldapow" (uwldapow) - ? - C:\Users\Oly\AppData\Local\Temp\uwldapow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Oly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate1ca99606cdf7d3e)" (gupdate1ca99606cdf7d3e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] aswMBR : Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 18:14:54
-----------------------------
18:14:54.622 OS Version: Windows 6.1.7600
18:14:54.622 Number of processors: 2 586 0x1C02
18:14:54.622 ComputerName: OLY-PC UserName: Oly
18:15:00.394 Initialize success
18:15:48.988 AVAST engine defs: 12011800
18:17:29.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:17:29.546 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 008B000B Size: 152627MB BusType: 3
18:17:29.577 Disk 0 MBR read successfully
18:17:29.593 Disk 0 MBR scan
18:17:29.655 Disk 0 unknown MBR code
18:17:29.811 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
18:17:29.858 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
18:17:29.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 67210 MB offset 31664128
18:17:29.983 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 69955 MB offset 169310208
18:17:30.076 Disk 0 scanning sectors +312578048
18:17:30.529 Disk 0 scanning C:\windows\system32\drivers
18:18:59.995 Service scanning
18:19:01.992 Modules scanning
18:21:01.815 Disk 0 trace - called modules:
18:21:01.940 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:21:01.956 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843a8030]
18:21:01.971 3 CLASSPNP.SYS[8701559e] -> nt!IofCallDriver -> [0x83f45848]
18:21:01.987 5 ACPI.sys[86e433b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83645610]
18:21:02.751 AVAST engine scan C:\windows
18:21:37.259 AVAST engine scan C:\windows\system32
18:26:36.810 AVAST engine scan C:\windows\system32\drivers
18:26:52.192 AVAST engine scan C:\Users\Oly
18:29:14.636 AVAST engine scan C:\ProgramData
18:29:56.772 Scan finished successfully
18:42:38.802 Disk 0 MBR has been saved successfully to "C:\Users\Oly\Desktop\MBR.dat"
18:42:38.817 The log file has been saved successfully to "C:\Users\Oly\Desktop\aswMBR.txt"
|
|
18.01.2012, 20:24
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." |
| alternate, antivir, autorun, avira, bho, bonjour, converter, defender, device driver, euro, explorer, firefox, format, google chrome, install.exe, installation, logfile, microsoft office word, mp3, nvidia, nvstor.sys, office 2007, phishing, realtek, registry, required, rundll, scan, sched.exe, security update, sicherheitsgründen wurde ihr windows-system blockiert, siteadvisor, software, studio, trojaner, version=1.0, webcheck, windows, winlogon.exe, wurde ihr |
Linear-Darstellung
