| |
| |||||||
Log-Analyse und Auswertung: 50 Euro Trojaner blockiert Windows SystemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2012, 17:32
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  50 Euro Trojaner blockiert Windows System Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 17:51
| #17 |
 | 50 Euro Trojaner blockiert Windows System Hab mir grade die TDSSKiller.exe datei geladen, allerdings zeigt Avira an dass Malware gefunden wurde: TR/Crypt.ULPM.Gen
__________________Der Zugriff wurde mir Verweigert und ich kann nur auf Entfernen und Details klicken. Was kann ich tun um die Datei trotzdem auszuführen? Gruß |
|
15.02.2012, 18:18
| #18 |
| | 50 Euro Trojaner blockiert Windows System So, habs geschafft
__________________Hier das Log: Code:
ATTFilter 18:08:17.0017 0172 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
18:08:17.0922 0172 ============================================================
18:08:17.0922 0172 Current date / time: 2012/02/15 18:08:17.0922
18:08:17.0922 0172 SystemInfo:
18:08:17.0922 0172
18:08:17.0922 0172 OS Version: 6.0.6001 ServicePack: 1.0
18:08:17.0922 0172 Product type: Workstation
18:08:17.0922 0172 ComputerName: HAUS-PC
18:08:17.0922 0172 UserName: ***
18:08:17.0922 0172 Windows directory: C:\Windows
18:08:17.0922 0172 System windows directory: C:\Windows
18:08:17.0922 0172 Running under WOW64
18:08:17.0922 0172 Processor architecture: Intel x64
18:08:17.0922 0172 Number of processors: 2
18:08:17.0922 0172 Page size: 0x1000
18:08:17.0922 0172 Boot type: Normal boot
18:08:17.0922 0172 ============================================================
18:08:19.0061 0172 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:08:19.0061 0172 \Device\Harddisk0\DR0:
18:08:19.0061 0172 MBR used
18:08:19.0061 0172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23C22800
18:08:19.0061 0172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23C23000, BlocksNum 0x180A000
18:08:19.0170 0172 Initialize success
18:08:19.0170 0172 ============================================================
18:08:28.0218 4744 ============================================================
18:08:28.0218 4744 Scan started
18:08:28.0218 4744 Mode: Manual; SigCheck; TDLFS;
18:08:28.0218 4744 ============================================================
18:08:29.0279 4744 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:08:29.0450 4744 Accelerometer - ok
18:08:29.0497 4744 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
18:08:29.0528 4744 ACPI - ok
18:08:29.0559 4744 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:08:29.0622 4744 adp94xx - ok
18:08:29.0669 4744 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:08:29.0715 4744 adpahci - ok
18:08:29.0715 4744 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:08:29.0731 4744 adpu160m - ok
18:08:29.0747 4744 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:08:29.0762 4744 adpu320 - ok
18:08:29.0856 4744 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
18:08:29.0934 4744 AFD - ok
18:08:30.0027 4744 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:08:30.0043 4744 agp440 - ok
18:08:30.0121 4744 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:08:30.0137 4744 aic78xx - ok
18:08:30.0168 4744 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
18:08:30.0183 4744 aliide - ok
18:08:30.0199 4744 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
18:08:30.0215 4744 amdide - ok
18:08:30.0261 4744 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:08:30.0464 4744 AmdK8 - ok
18:08:30.0636 4744 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:08:30.0651 4744 arc - ok
18:08:30.0683 4744 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:08:30.0698 4744 arcsas - ok
18:08:30.0729 4744 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:30.0792 4744 AsyncMac - ok
18:08:30.0823 4744 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
18:08:30.0839 4744 atapi - ok
18:08:31.0041 4744 atikmdag (4b42547ae95a31d0e1e200b68a6c7647) C:\Windows\system32\DRIVERS\atikmdag.sys
18:08:31.0338 4744 atikmdag - ok
18:08:31.0494 4744 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:08:31.0541 4744 avgntflt - ok
18:08:31.0634 4744 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:08:31.0650 4744 avipbb - ok
18:08:31.0665 4744 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:08:31.0681 4744 avkmgr - ok
18:08:31.0899 4744 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:08:32.0040 4744 blbdrive - ok
18:08:32.0336 4744 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
18:08:32.0414 4744 bowser - ok
18:08:32.0508 4744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:08:32.0664 4744 BrFiltLo - ok
18:08:32.0679 4744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:08:32.0742 4744 BrFiltUp - ok
18:08:32.0804 4744 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:08:33.0038 4744 Brserid - ok
18:08:33.0147 4744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:08:33.0272 4744 BrSerWdm - ok
18:08:33.0288 4744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:08:33.0381 4744 BrUsbMdm - ok
18:08:33.0428 4744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:08:33.0491 4744 BrUsbSer - ok
18:08:33.0584 4744 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:08:33.0662 4744 BTHMODEM - ok
18:08:33.0725 4744 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:08:33.0771 4744 cdfs - ok
18:08:33.0818 4744 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
18:08:33.0834 4744 cdrbsdrv - ok
18:08:33.0865 4744 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
18:08:33.0943 4744 cdrom - ok
18:08:33.0990 4744 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:08:34.0068 4744 circlass - ok
18:08:34.0099 4744 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
18:08:34.0146 4744 CLFS - ok
18:08:34.0255 4744 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:34.0333 4744 CmBatt - ok
18:08:34.0364 4744 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
18:08:34.0380 4744 cmdide - ok
18:08:34.0411 4744 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:08:34.0427 4744 Compbatt - ok
18:08:34.0442 4744 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:08:34.0473 4744 crcdisk - ok
18:08:34.0520 4744 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
18:08:34.0598 4744 DfsC - ok
18:08:34.0785 4744 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
18:08:34.0801 4744 disk - ok
18:08:34.0910 4744 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
18:08:34.0988 4744 Dot4 - ok
18:08:35.0082 4744 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:08:35.0144 4744 Dot4Print - ok
18:08:35.0175 4744 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
18:08:35.0253 4744 dot4usb - ok
18:08:35.0347 4744 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
18:08:35.0409 4744 drmkaud - ok
18:08:35.0456 4744 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
18:08:35.0581 4744 DXGKrnl - ok
18:08:35.0675 4744 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:08:35.0737 4744 E1G60 - ok
18:08:35.0784 4744 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
18:08:35.0799 4744 Ecache - ok
18:08:35.0846 4744 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:08:35.0877 4744 elxstor - ok
18:08:35.0909 4744 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
18:08:35.0955 4744 enecir - ok
18:08:36.0002 4744 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:08:36.0080 4744 ErrDev - ok
18:08:36.0111 4744 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
18:08:36.0189 4744 exfat - ok
18:08:36.0267 4744 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
18:08:36.0361 4744 fastfat - ok
18:08:36.0377 4744 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:08:36.0439 4744 fdc - ok
18:08:36.0486 4744 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:08:36.0501 4744 FileInfo - ok
18:08:36.0517 4744 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:08:36.0579 4744 Filetrace - ok
18:08:36.0595 4744 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:36.0673 4744 flpydisk - ok
18:08:36.0704 4744 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
18:08:36.0735 4744 FltMgr - ok
18:08:36.0782 4744 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
18:08:36.0782 4744 fssfltr - ok
18:08:36.0860 4744 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:08:36.0954 4744 Fs_Rec - ok
18:08:37.0313 4744 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:08:37.0328 4744 gagp30kx - ok
18:08:37.0406 4744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:37.0422 4744 GEARAspiWDM - ok
18:08:37.0469 4744 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:08:37.0578 4744 HdAudAddService - ok
18:08:37.0625 4744 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:08:37.0687 4744 HDAudBus - ok
18:08:37.0734 4744 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:08:37.0827 4744 HidBth - ok
18:08:37.0859 4744 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
18:08:37.0905 4744 HidIr - ok
18:08:37.0952 4744 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
18:08:38.0046 4744 HidUsb - ok
18:08:38.0093 4744 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:08:38.0108 4744 HpCISSs - ok
18:08:38.0155 4744 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:08:38.0171 4744 hpdskflt - ok
18:08:38.0202 4744 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:08:38.0249 4744 HpqKbFiltr - ok
18:08:38.0342 4744 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
18:08:38.0451 4744 HTTP - ok
18:08:38.0545 4744 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:08:38.0576 4744 i2omp - ok
18:08:38.0592 4744 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:08:38.0654 4744 i8042prt - ok
18:08:38.0717 4744 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:08:38.0732 4744 iaStorV - ok
18:08:38.0779 4744 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:08:38.0795 4744 iirsp - ok
18:08:38.0841 4744 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
18:08:38.0857 4744 intelide - ok
18:08:38.0857 4744 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:08:38.0951 4744 intelppm - ok
18:08:38.0982 4744 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:39.0044 4744 IpFilterDriver - ok
18:08:39.0075 4744 IpInIp - ok
18:08:39.0091 4744 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:08:39.0153 4744 IPMIDRV - ok
18:08:39.0185 4744 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:08:39.0247 4744 IPNAT - ok
18:08:39.0278 4744 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:08:39.0356 4744 IRENUM - ok
18:08:39.0434 4744 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:08:39.0450 4744 isapnp - ok
18:08:39.0481 4744 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
18:08:39.0497 4744 iScsiPrt - ok
18:08:39.0528 4744 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:08:39.0543 4744 iteatapi - ok
18:08:39.0543 4744 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:08:39.0559 4744 iteraid - ok
18:08:39.0590 4744 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
18:08:39.0637 4744 JMCR - ok
18:08:39.0653 4744 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:08:39.0668 4744 kbdclass - ok
18:08:39.0699 4744 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:08:39.0762 4744 kbdhid - ok
18:08:39.0824 4744 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
18:08:39.0855 4744 KSecDD - ok
18:08:39.0918 4744 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:08:40.0011 4744 ksthunk - ok
18:08:40.0121 4744 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:08:40.0199 4744 lltdio - ok
18:08:40.0245 4744 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:08:40.0261 4744 LSI_FC - ok
18:08:40.0277 4744 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:08:40.0292 4744 LSI_SAS - ok
18:08:40.0339 4744 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:08:40.0355 4744 LSI_SCSI - ok
18:08:40.0370 4744 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:08:40.0448 4744 luafv - ok
18:08:40.0495 4744 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:08:40.0511 4744 megasas - ok
18:08:40.0557 4744 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:08:40.0604 4744 MegaSR - ok
18:08:40.0651 4744 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:08:40.0713 4744 Modem - ok
18:08:40.0760 4744 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:08:40.0823 4744 monitor - ok
18:08:40.0869 4744 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:08:40.0885 4744 mouclass - ok
18:08:40.0932 4744 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:08:41.0010 4744 mouhid - ok
18:08:41.0041 4744 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:08:41.0057 4744 MountMgr - ok
18:08:41.0088 4744 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:08:41.0103 4744 mpio - ok
18:08:41.0119 4744 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:08:41.0181 4744 mpsdrv - ok
18:08:41.0213 4744 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:08:41.0228 4744 Mraid35x - ok
18:08:41.0259 4744 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
18:08:41.0306 4744 MRxDAV - ok
18:08:41.0337 4744 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:41.0415 4744 mrxsmb - ok
18:08:41.0447 4744 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:41.0478 4744 mrxsmb10 - ok
18:08:41.0509 4744 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:41.0540 4744 mrxsmb20 - ok
18:08:41.0587 4744 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
18:08:41.0603 4744 msahci - ok
18:08:41.0618 4744 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:08:41.0634 4744 msdsm - ok
18:08:41.0665 4744 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:08:41.0743 4744 Msfs - ok
18:08:41.0790 4744 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:08:41.0805 4744 msisadrv - ok
18:08:41.0852 4744 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:08:41.0915 4744 MSKSSRV - ok
18:08:41.0946 4744 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:42.0024 4744 MSPCLOCK - ok
18:08:42.0086 4744 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:08:42.0149 4744 MSPQM - ok
18:08:42.0195 4744 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
18:08:42.0211 4744 MsRPC - ok
18:08:42.0242 4744 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:08:42.0258 4744 mssmbios - ok
18:08:42.0289 4744 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:08:42.0367 4744 MSTEE - ok
18:08:42.0383 4744 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
18:08:42.0398 4744 Mup - ok
18:08:42.0445 4744 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
18:08:42.0507 4744 NativeWifiP - ok
18:08:42.0601 4744 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
18:08:42.0710 4744 NDIS - ok
18:08:42.0788 4744 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:42.0835 4744 NdisTapi - ok
18:08:42.0913 4744 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:42.0975 4744 Ndisuio - ok
18:08:43.0007 4744 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:43.0085 4744 NdisWan - ok
18:08:43.0116 4744 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:08:43.0163 4744 NDProxy - ok
18:08:43.0256 4744 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:08:43.0334 4744 NetBIOS - ok
18:08:43.0381 4744 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
18:08:43.0443 4744 netbt - ok
18:08:43.0568 4744 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
18:08:43.0833 4744 NETw3v64 - ok
18:08:44.0036 4744 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:08:44.0348 4744 NETw5v64 - ok
18:08:44.0411 4744 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:08:44.0426 4744 nfrd960 - ok
18:08:44.0457 4744 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
18:08:44.0504 4744 Npfs - ok
18:08:44.0520 4744 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:08:44.0598 4744 nsiproxy - ok
18:08:44.0660 4744 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
18:08:44.0754 4744 Ntfs - ok
18:08:44.0879 4744 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:08:44.0941 4744 Null - ok
18:08:44.0972 4744 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:08:44.0988 4744 nvraid - ok
18:08:45.0003 4744 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:08:45.0035 4744 nvstor - ok
18:08:45.0066 4744 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:08:45.0081 4744 nv_agp - ok
18:08:45.0097 4744 NwlnkFlt - ok
18:08:45.0097 4744 NwlnkFwd - ok
18:08:45.0159 4744 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
18:08:45.0237 4744 ohci1394 - ok
18:08:45.0269 4744 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:08:45.0378 4744 Parport - ok
18:08:45.0393 4744 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
18:08:45.0425 4744 partmgr - ok
18:08:45.0440 4744 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
18:08:45.0456 4744 pci - ok
18:08:45.0487 4744 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
18:08:45.0503 4744 pciide - ok
18:08:45.0534 4744 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:08:45.0549 4744 pcmcia - ok
18:08:45.0596 4744 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:08:45.0737 4744 PEAUTH - ok
18:08:45.0877 4744 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:45.0939 4744 PptpMiniport - ok
18:08:45.0955 4744 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:08:46.0033 4744 Processor - ok
18:08:46.0095 4744 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
18:08:46.0142 4744 PSched - ok
18:08:46.0220 4744 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:08:46.0283 4744 ql2300 - ok
18:08:46.0345 4744 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:08:46.0345 4744 ql40xx - ok
18:08:46.0376 4744 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:08:46.0407 4744 QWAVEdrv - ok
18:08:46.0407 4744 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:46.0485 4744 RasAcd - ok
18:08:46.0548 4744 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:46.0626 4744 Rasl2tp - ok
18:08:46.0657 4744 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:46.0735 4744 RasPppoe - ok
18:08:46.0797 4744 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:46.0860 4744 RasSstp - ok
18:08:46.0907 4744 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:46.0985 4744 rdbss - ok
18:08:47.0016 4744 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:47.0078 4744 RDPCDD - ok
18:08:47.0125 4744 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:08:47.0187 4744 rdpdr - ok
18:08:47.0219 4744 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:08:47.0281 4744 RDPENCDD - ok
18:08:47.0328 4744 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
18:08:47.0406 4744 RDPWD - ok
18:08:47.0531 4744 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:08:47.0593 4744 rspndr - ok
18:08:47.0640 4744 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:08:47.0687 4744 RTL8169 - ok
18:08:47.0733 4744 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:08:47.0765 4744 sbp2port - ok
18:08:47.0811 4744 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:08:47.0874 4744 sdbus - ok
18:08:47.0905 4744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:08:47.0999 4744 secdrv - ok
18:08:48.0030 4744 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:08:48.0139 4744 Serenum - ok
18:08:48.0170 4744 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:08:48.0279 4744 Serial - ok
18:08:48.0357 4744 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:08:48.0435 4744 sermouse - ok
18:08:48.0467 4744 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:08:48.0545 4744 sffdisk - ok
18:08:48.0560 4744 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:08:48.0638 4744 sffp_mmc - ok
18:08:48.0654 4744 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:08:48.0732 4744 sffp_sd - ok
18:08:48.0763 4744 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:48.0825 4744 sfloppy - ok
18:08:48.0872 4744 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:08:48.0888 4744 SiSRaid2 - ok
18:08:48.0903 4744 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:08:48.0919 4744 SiSRaid4 - ok
18:08:48.0950 4744 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
18:08:49.0013 4744 Smb - ok
18:08:49.0075 4744 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
18:08:49.0091 4744 spldr - ok
18:08:49.0137 4744 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
18:08:49.0231 4744 srv - ok
18:08:49.0309 4744 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
18:08:49.0371 4744 srv2 - ok
18:08:49.0449 4744 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
18:08:49.0481 4744 srvnet - ok
18:08:49.0527 4744 STHDA (0c2bf91cdc0575f5713a4d2d5118bc06) C:\Windows\system32\DRIVERS\stwrt64.sys
18:08:49.0605 4744 STHDA - ok
18:08:49.0668 4744 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:08:49.0683 4744 swenum - ok
18:08:49.0730 4744 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:08:49.0746 4744 Symc8xx - ok
18:08:49.0761 4744 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:08:49.0777 4744 Sym_hi - ok
18:08:49.0793 4744 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:08:49.0808 4744 Sym_u3 - ok
18:08:49.0839 4744 SynTP (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys
18:08:49.0871 4744 SynTP - ok
18:08:49.0933 4744 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
18:08:50.0042 4744 Tcpip - ok
18:08:50.0151 4744 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
18:08:50.0214 4744 Tcpip6 - ok
18:08:50.0276 4744 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
18:08:50.0354 4744 tcpipreg - ok
18:08:50.0370 4744 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:08:50.0448 4744 TDPIPE - ok
18:08:50.0463 4744 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:08:50.0526 4744 TDTCP - ok
18:08:50.0541 4744 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
18:08:50.0619 4744 tdx - ok
18:08:50.0651 4744 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
18:08:50.0682 4744 TermDD - ok
18:08:50.0729 4744 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:50.0775 4744 tssecsrv - ok
18:08:50.0822 4744 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:08:50.0869 4744 tunmp - ok
18:08:50.0916 4744 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
18:08:50.0947 4744 tunnel - ok
18:08:50.0994 4744 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:08:51.0009 4744 uagp35 - ok
18:08:51.0041 4744 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
18:08:51.0119 4744 udfs - ok
18:08:51.0150 4744 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:08:51.0165 4744 uliagpkx - ok
18:08:51.0197 4744 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:08:51.0228 4744 uliahci - ok
18:08:51.0243 4744 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:08:51.0275 4744 UlSata - ok
18:08:51.0290 4744 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:08:51.0337 4744 ulsata2 - ok
18:08:51.0368 4744 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:08:51.0431 4744 umbus - ok
18:08:51.0555 4744 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:08:51.0602 4744 USBAAPL64 - ok
18:08:51.0649 4744 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:51.0711 4744 usbccgp - ok
18:08:51.0774 4744 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:08:51.0883 4744 usbcir - ok
18:08:51.0945 4744 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
18:08:52.0023 4744 usbehci - ok
18:08:52.0055 4744 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
18:08:52.0117 4744 usbhub - ok
18:08:52.0133 4744 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:08:52.0211 4744 usbohci - ok
18:08:52.0257 4744 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:08:52.0304 4744 usbprint - ok
18:08:52.0335 4744 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:08:52.0382 4744 usbscan - ok
18:08:52.0413 4744 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:52.0460 4744 USBSTOR - ok
18:08:52.0476 4744 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:52.0523 4744 usbuhci - ok
18:08:52.0601 4744 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:08:52.0647 4744 usbvideo - ok
18:08:52.0679 4744 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:52.0741 4744 vga - ok
18:08:52.0772 4744 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:08:52.0819 4744 VgaSave - ok
18:08:52.0819 4744 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
18:08:52.0835 4744 viaide - ok
18:08:52.0866 4744 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
18:08:52.0866 4744 volmgr - ok
18:08:52.0897 4744 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
18:08:52.0928 4744 volmgrx - ok
18:08:52.0975 4744 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
18:08:52.0991 4744 volsnap - ok
18:08:53.0022 4744 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:08:53.0053 4744 vsmraid - ok
18:08:53.0084 4744 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:08:53.0193 4744 WacomPen - ok
18:08:53.0225 4744 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:53.0287 4744 Wanarp - ok
18:08:53.0303 4744 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:53.0349 4744 Wanarpv6 - ok
18:08:53.0381 4744 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:08:53.0396 4744 Wd - ok
18:08:53.0443 4744 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:08:53.0490 4744 Wdf01000 - ok
18:08:53.0568 4744 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:08:53.0630 4744 WmiAcpi - ok
18:08:53.0677 4744 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
18:08:53.0739 4744 WpdUsb - ok
18:08:53.0802 4744 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:08:53.0880 4744 ws2ifsl - ok
18:08:53.0927 4744 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:54.0005 4744 WUDFRd - ok
18:08:54.0098 4744 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:08:54.0207 4744 yukonx64 - ok
18:08:54.0239 4744 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:08:54.0363 4744 \Device\Harddisk0\DR0 - ok
18:08:54.0395 4744 Boot (0x1200) (a76a474408eb675201e350b6f1f99a7e) \Device\Harddisk0\DR0\Partition0
18:08:54.0395 4744 \Device\Harddisk0\DR0\Partition0 - ok
18:08:54.0441 4744 Boot (0x1200) (357e9131dbd7cb0bfe90a54a6d405813) \Device\Harddisk0\DR0\Partition1
18:08:54.0441 4744 \Device\Harddisk0\DR0\Partition1 - ok
18:08:54.0441 4744 ============================================================
18:08:54.0441 4744 Scan finished
18:08:54.0441 4744 ============================================================
18:08:54.0457 4052 Detected object count: 0
18:08:54.0457 4052 Actual detected object count: 0
|
|
15.02.2012, 19:11
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Trojaner blockiert Windows System Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 21:43
| #20 |
| | 50 Euro Trojaner blockiert Windows System Hallo, hier mein Logfile für Combofix: Code:
ATTFilter ComboFix 12-02-15.01 - *** 15.02.2012 21:23:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.4062.2659 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-15 bis 2012-02-15 ))))))))))))))))))))))))))))))
.
.
2012-02-15 20:30 . 2012-02-15 20:32 -------- d-----w- c:\users\***\AppData\Local\temp
2012-02-15 20:30 . 2012-02-15 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 16:08 . 2012-02-15 16:08 -------- d-----w- C:\_OTL
2012-02-14 21:48 . 2012-02-14 21:48 -------- d-----w- c:\program files (x86)\ESET
2012-02-14 18:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{679B6F73-751E-49A7-9891-46C8B15CB67B}\mpengine.dll
2012-02-13 19:27 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 19:21 . 2012-02-13 19:21 -------- d-----w- c:\windows\system32\EventProviders
2012-02-12 21:59 . 2012-02-12 21:59 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-02-12 21:59 . 2012-02-12 21:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 21:58 . 2012-02-13 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-01-03 11:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 21:35 . 2011-05-24 13:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 17:08 . 2011-12-17 17:08 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-08 17:19 . 2011-10-25 20:37 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1yvyjyf3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-15 21:37:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-15 20:37
.
Vor Suchlauf: 9 Verzeichnis(se), 147.590.393.856 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 147.389.128.704 Bytes frei
.
- - End Of File - - 2A21F038097A9415152ED05FF0240055
|
|
15.02.2012, 21:56
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Trojaner blockiert Windows System Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ --> 50 Euro Trojaner blockiert Windows System |
|
15.02.2012, 22:31
| #22 |
| | 50 Euro Trojaner blockiert Windows System Hallo nochmal, hab jetzt mit dem Tool gescannt, hier die Ergebnisse: Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 22:01:44
-----------------------------
22:01:44.789 OS Version: Windows x64 6.0.6001 Service Pack 1
22:01:44.789 Number of processors: 2 586 0x170A
22:01:44.789 ComputerName: HAUS-PC UserName:
22:01:47.207 Initialize success
22:02:52.173 AVAST engine defs: 12021501
22:03:12.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:03:12.219 Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 3
22:03:12.281 Disk 0 MBR read successfully
22:03:12.281 Disk 0 MBR scan
22:03:12.313 Disk 0 unknown MBR code
22:03:12.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292933 MB offset 2048
22:03:12.359 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12308 MB offset 599928832
22:03:12.375 Service scanning
22:03:13.873 Modules scanning
22:03:13.873 Disk 0 trace - called modules:
22:03:13.935 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:03:13.935 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f88530]
22:03:13.935 3 CLASSPNP.SYS[fffffa6000a43b3a] -> nt!IofCallDriver -> [0xfffffa8004f836b0]
22:03:14.450 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004be59b0]
22:03:14.450 7 acpi.sys[fffffa60008f8ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be1940]
22:03:15.370 AVAST engine scan C:\Windows
22:03:22.858 AVAST engine scan C:\Windows\system32
22:08:38.939 AVAST engine scan C:\Windows\system32\drivers
22:09:00.514 AVAST engine scan C:\Users\***
22:23:18.922 AVAST engine scan C:\ProgramData
22:27:30.630 Scan finished successfully
22:29:13.122 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
22:29:13.122 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
15.02.2012, 22:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Trojaner blockiert Windows System Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 23:58
| #24 |
| | 50 Euro Trojaner blockiert Windows System Hallo, ich habe die Schritte wie besagt ausgeführt. Hier der Log: Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-15 23:07:34
-----------------------------
23:07:35.040 OS Version: Windows x64 6.0.6001 Service Pack 1
23:07:35.040 Number of processors: 2 586 0x170A
23:07:35.040 ComputerName: HAUS-PC UserName:
23:07:44.650 Initialize success
23:07:55.086 AVAST engine defs: 12021501
23:07:59.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:07:59.688 Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 3
23:07:59.704 Disk 0 MBR read successfully
23:07:59.704 Disk 0 MBR scan
23:07:59.735 Disk 0 Windows VISTA default MBR code
23:07:59.766 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292933 MB offset 2048
23:07:59.797 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12308 MB offset 599928832
23:07:59.797 Service scanning
23:08:03.916 Modules scanning
23:08:03.916 Disk 0 trace - called modules:
23:08:03.947 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:08:03.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa1790]
23:08:03.963 3 CLASSPNP.SYS[fffffa6000a47b3a] -> nt!IofCallDriver -> [0xfffffa8004f9c9a0]
23:08:04.477 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004bb85b0]
23:08:04.477 7 acpi.sys[fffffa60008f3ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be7060]
23:08:07.816 AVAST engine scan C:\Windows
23:08:18.876 AVAST engine scan C:\Windows\system32
23:14:21.140 AVAST engine scan C:\Windows\system32\drivers
23:14:56.334 AVAST engine scan C:\Users\***
23:28:24.991 AVAST engine scan C:\ProgramData
23:32:51.923 Scan finished successfully
23:36:07.890 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
23:36:07.890 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR2.txt"
|
|
16.02.2012, 13:12
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Trojaner blockiert Windows System Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 50 Euro Trojaner blockiert Windows System |
| 64-bit, avira, bho, bildschirm, bingbar, blockiert, bonjour, converter, error, euro, excel, flash player, home, install.exe, launch, malware, microsoft office word, mp3, office 2007, plug-in, realtek, scan, security, security update, senden, server, software, studio, svchost.exe, system, trojaner, trojaner blockiert windows, version=1.0, vista, windows |
Linear-Darstellung
