| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.02.2012, 10:48
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2012, 18:54
| #17 |
 | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Hier das Log gemäß Deiner Anleitung. Aber es wurde nichts gefunden.
__________________Code:
ATTFilter 18:50:03.0677 4620 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:50:03.0801 4620 ============================================================
18:50:03.0801 4620 Current date / time: 2012/02/28 18:50:03.0801
18:50:03.0801 4620 SystemInfo:
18:50:03.0801 4620
18:50:03.0802 4620 OS Version: 6.1.7601 ServicePack: 1.0
18:50:03.0802 4620 Product type: Workstation
18:50:03.0802 4620 ComputerName: KRATZWALD-VAIO
18:50:03.0802 4620 UserName: kratzwald
18:50:03.0802 4620 Windows directory: C:\Windows
18:50:03.0802 4620 System windows directory: C:\Windows
18:50:03.0802 4620 Running under WOW64
18:50:03.0802 4620 Processor architecture: Intel x64
18:50:03.0802 4620 Number of processors: 4
18:50:03.0802 4620 Page size: 0x1000
18:50:03.0802 4620 Boot type: Normal boot
18:50:03.0802 4620 ============================================================
18:50:04.0154 4620 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:50:04.0157 4620 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:50:04.0547 4620 \Device\Harddisk0\DR0:
18:50:04.0598 4620 MBR used
18:50:04.0599 4620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B07800, BlocksNum 0x32000
18:50:04.0599 4620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B39800, BlocksNum 0x48D1EAB0
18:50:04.0599 4620 \Device\Harddisk1\DR1:
18:50:04.0600 4620 MBR used
18:50:04.0600 4620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:50:04.0657 4620 Initialize success
18:50:04.0657 4620 ============================================================
18:51:01.0671 5568 ============================================================
18:51:01.0671 5568 Scan started
18:51:01.0671 5568 Mode: Manual; SigCheck; TDLFS;
18:51:01.0671 5568 ============================================================
18:51:02.0384 5568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:51:02.0511 5568 1394ohci - ok
18:51:02.0624 5568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:51:02.0661 5568 ACPI - ok
18:51:02.0763 5568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:51:02.0863 5568 AcpiPmi - ok
18:51:02.0993 5568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:51:03.0031 5568 adp94xx - ok
18:51:03.0145 5568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:51:03.0166 5568 adpahci - ok
18:51:03.0287 5568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:51:03.0316 5568 adpu320 - ok
18:51:03.0438 5568 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:51:03.0545 5568 AFD - ok
18:51:03.0768 5568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:51:03.0790 5568 agp440 - ok
18:51:03.0966 5568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:51:03.0983 5568 aliide - ok
18:51:04.0128 5568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:51:04.0151 5568 amdide - ok
18:51:04.0307 5568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:51:04.0392 5568 AmdK8 - ok
18:51:04.0561 5568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:51:04.0596 5568 AmdPPM - ok
18:51:04.0709 5568 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:51:04.0734 5568 amdsata - ok
18:51:04.0924 5568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:51:04.0940 5568 amdsbs - ok
18:51:05.0067 5568 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:51:05.0074 5568 amdxata - ok
18:51:05.0357 5568 ApfiltrService (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:51:05.0405 5568 ApfiltrService - ok
18:51:05.0517 5568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:51:05.0870 5568 AppID - ok
18:51:06.0019 5568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:51:06.0035 5568 arc - ok
18:51:06.0166 5568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:51:06.0186 5568 arcsas - ok
18:51:06.0290 5568 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:51:06.0295 5568 ArcSoftKsUFilter - ok
18:51:06.0566 5568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:51:06.0696 5568 AsyncMac - ok
18:51:06.0830 5568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:51:06.0941 5568 atapi - ok
18:51:07.0045 5568 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
18:51:07.0050 5568 AthBTPort - ok
18:51:07.0188 5568 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
18:51:07.0204 5568 ATHDFU - ok
18:51:07.0412 5568 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
18:51:07.0518 5568 athr - ok
18:51:07.0634 5568 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:51:07.0654 5568 avgntflt - ok
18:51:07.0749 5568 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
18:51:07.0770 5568 avipbb - ok
18:51:07.0849 5568 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:51:07.0867 5568 avkmgr - ok
18:51:07.0977 5568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:51:08.0030 5568 b06bdrv - ok
18:51:08.0131 5568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:51:08.0189 5568 b57nd60a - ok
18:51:08.0312 5568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:51:08.0384 5568 Beep - ok
18:51:08.0500 5568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:51:08.0524 5568 blbdrive - ok
18:51:08.0609 5568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:51:08.0677 5568 bowser - ok
18:51:08.0795 5568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:51:08.0862 5568 BrFiltLo - ok
18:51:08.0960 5568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:51:08.0995 5568 BrFiltUp - ok
18:51:09.0095 5568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:51:09.0150 5568 Brserid - ok
18:51:09.0238 5568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:51:09.0287 5568 BrSerWdm - ok
18:51:09.0383 5568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:51:09.0426 5568 BrUsbMdm - ok
18:51:09.0497 5568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:51:09.0539 5568 BrUsbSer - ok
18:51:09.0646 5568 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
18:51:09.0666 5568 BTATH_A2DP - ok
18:51:09.0764 5568 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
18:51:09.0781 5568 btath_avdt - ok
18:51:09.0886 5568 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys
18:51:09.0901 5568 BTATH_BUS - ok
18:51:10.0001 5568 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys
18:51:10.0020 5568 BTATH_HCRP - ok
18:51:10.0113 5568 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:51:10.0128 5568 BTATH_LWFLT - ok
18:51:10.0251 5568 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys
18:51:10.0277 5568 BTATH_RCP - ok
18:51:10.0385 5568 BtFilter (6c4911b6fb92984fbef775674795cfa2) C:\Windows\system32\DRIVERS\btfilter.sys
18:51:10.0409 5568 BtFilter - ok
18:51:10.0512 5568 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:51:10.0562 5568 BthEnum - ok
18:51:10.0674 5568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:51:10.0724 5568 BTHMODEM - ok
18:51:10.0829 5568 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:51:10.0881 5568 BthPan - ok
18:51:11.0002 5568 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:51:11.0049 5568 BTHPORT - ok
18:51:11.0146 5568 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:51:11.0185 5568 BTHUSB - ok
18:51:11.0273 5568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:51:11.0366 5568 cdfs - ok
18:51:11.0470 5568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:51:11.0522 5568 cdrom - ok
18:51:11.0619 5568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:51:11.0672 5568 circlass - ok
18:51:11.0766 5568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:51:11.0795 5568 CLFS - ok
18:51:11.0901 5568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:51:11.0939 5568 CmBatt - ok
18:51:12.0025 5568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:51:12.0038 5568 cmdide - ok
18:51:12.0078 5568 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:51:12.0106 5568 CNG - ok
18:51:12.0240 5568 CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys
18:51:12.0277 5568 CnxtHdAudService - ok
18:51:12.0375 5568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:51:12.0395 5568 Compbatt - ok
18:51:12.0443 5568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:51:12.0483 5568 CompositeBus - ok
18:51:12.0577 5568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:51:12.0602 5568 crcdisk - ok
18:51:12.0790 5568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:51:12.0845 5568 DfsC - ok
18:51:12.0955 5568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:51:13.0012 5568 discache - ok
18:51:13.0119 5568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:51:13.0142 5568 Disk - ok
18:51:13.0277 5568 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:51:13.0325 5568 Dot4 - ok
18:51:13.0434 5568 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:51:13.0477 5568 Dot4Print - ok
18:51:13.0569 5568 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:51:13.0616 5568 dot4usb - ok
18:51:13.0712 5568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:51:13.0754 5568 drmkaud - ok
18:51:13.0871 5568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:51:13.0903 5568 DXGKrnl - ok
18:51:14.0006 5568 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:51:14.0035 5568 e1yexpress - ok
18:51:14.0212 5568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:51:14.0267 5568 ebdrv - ok
18:51:14.0388 5568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:51:14.0424 5568 elxstor - ok
18:51:14.0512 5568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:51:14.0560 5568 ErrDev - ok
18:51:14.0708 5568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:51:14.0804 5568 exfat - ok
18:51:14.0897 5568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:51:14.0973 5568 fastfat - ok
18:51:15.0068 5568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:51:15.0112 5568 fdc - ok
18:51:15.0224 5568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:51:15.0247 5568 FileInfo - ok
18:51:15.0336 5568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:51:15.0409 5568 Filetrace - ok
18:51:15.0505 5568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:51:15.0533 5568 flpydisk - ok
18:51:15.0624 5568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:51:15.0651 5568 FltMgr - ok
18:51:15.0742 5568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:51:15.0765 5568 FsDepends - ok
18:51:15.0854 5568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:51:15.0874 5568 Fs_Rec - ok
18:51:15.0973 5568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:51:16.0001 5568 fvevol - ok
18:51:16.0086 5568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:51:16.0110 5568 gagp30kx - ok
18:51:16.0223 5568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:51:16.0257 5568 hcw85cir - ok
18:51:16.0383 5568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:51:16.0425 5568 HdAudAddService - ok
18:51:16.0523 5568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:51:16.0560 5568 HDAudBus - ok
18:51:16.0644 5568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:51:16.0693 5568 HidBatt - ok
18:51:16.0795 5568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:51:16.0838 5568 HidBth - ok
18:51:16.0934 5568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:51:16.0963 5568 HidIr - ok
18:51:17.0066 5568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:51:17.0097 5568 HidUsb - ok
18:51:17.0195 5568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:51:17.0219 5568 HpSAMD - ok
18:51:17.0341 5568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:51:17.0409 5568 HTTP - ok
18:51:17.0502 5568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:51:17.0523 5568 hwpolicy - ok
18:51:17.0627 5568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:51:17.0657 5568 i8042prt - ok
18:51:17.0749 5568 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
18:51:17.0772 5568 iaStor - ok
18:51:17.0889 5568 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:51:17.0927 5568 iaStorV - ok
18:51:18.0048 5568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:51:18.0060 5568 iirsp - ok
18:51:18.0157 5568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:51:18.0179 5568 intelide - ok
18:51:18.0280 5568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:51:18.0324 5568 intelppm - ok
18:51:18.0420 5568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:51:18.0474 5568 IpFilterDriver - ok
18:51:18.0569 5568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:51:18.0610 5568 IPMIDRV - ok
18:51:18.0715 5568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:51:18.0796 5568 IPNAT - ok
18:51:18.0889 5568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:51:18.0984 5568 IRENUM - ok
18:51:19.0082 5568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:51:19.0104 5568 isapnp - ok
18:51:19.0203 5568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:51:19.0232 5568 iScsiPrt - ok
18:51:19.0332 5568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:51:19.0353 5568 kbdclass - ok
18:51:19.0454 5568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:51:19.0494 5568 kbdhid - ok
18:51:19.0594 5568 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:51:19.0618 5568 KSecDD - ok
18:51:19.0722 5568 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:51:19.0749 5568 KSecPkg - ok
18:51:19.0847 5568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:51:19.0918 5568 ksthunk - ok
18:51:20.0035 5568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:51:20.0077 5568 lltdio - ok
18:51:20.0192 5568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:51:20.0218 5568 LSI_FC - ok
18:51:20.0312 5568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:51:20.0337 5568 LSI_SAS - ok
18:51:20.0426 5568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:51:20.0449 5568 LSI_SAS2 - ok
18:51:20.0542 5568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:51:20.0568 5568 LSI_SCSI - ok
18:51:20.0656 5568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:51:20.0745 5568 luafv - ok
18:51:20.0874 5568 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:51:20.0892 5568 MBAMProtector - ok
18:51:20.0995 5568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:51:21.0016 5568 megasas - ok
18:51:21.0126 5568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:51:21.0155 5568 MegaSR - ok
18:51:21.0251 5568 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
18:51:21.0269 5568 MEIx64 - ok
18:51:21.0360 5568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:51:21.0419 5568 Modem - ok
18:51:21.0511 5568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:51:21.0560 5568 monitor - ok
18:51:21.0652 5568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:51:21.0671 5568 mouclass - ok
18:51:21.0784 5568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:51:21.0817 5568 mouhid - ok
18:51:21.0914 5568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:51:21.0934 5568 mountmgr - ok
18:51:22.0024 5568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:51:22.0042 5568 mpio - ok
18:51:22.0130 5568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:51:22.0203 5568 mpsdrv - ok
18:51:22.0306 5568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:51:22.0354 5568 MRxDAV - ok
18:51:22.0446 5568 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:51:22.0489 5568 mrxsmb - ok
18:51:22.0592 5568 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:51:22.0623 5568 mrxsmb10 - ok
18:51:22.0716 5568 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:51:22.0742 5568 mrxsmb20 - ok
18:51:22.0821 5568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:51:22.0840 5568 msahci - ok
18:51:22.0863 5568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:51:22.0884 5568 msdsm - ok
18:51:22.0984 5568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:51:23.0054 5568 Msfs - ok
18:51:23.0143 5568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:51:23.0222 5568 mshidkmdf - ok
18:51:23.0309 5568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:51:23.0330 5568 msisadrv - ok
18:51:23.0433 5568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:51:23.0503 5568 MSKSSRV - ok
18:51:23.0600 5568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:51:23.0687 5568 MSPCLOCK - ok
18:51:23.0782 5568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:51:23.0859 5568 MSPQM - ok
18:51:23.0951 5568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:51:23.0976 5568 MsRPC - ok
18:51:24.0057 5568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:51:24.0074 5568 mssmbios - ok
18:51:24.0176 5568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:51:24.0262 5568 MSTEE - ok
18:51:24.0359 5568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:51:24.0423 5568 MTConfig - ok
18:51:24.0513 5568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:51:24.0535 5568 Mup - ok
18:51:24.0695 5568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:51:24.0738 5568 NativeWifiP - ok
18:51:24.0865 5568 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:51:24.0909 5568 NDIS - ok
18:51:24.0999 5568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:51:25.0055 5568 NdisCap - ok
18:51:25.0139 5568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:51:25.0223 5568 NdisTapi - ok
18:51:25.0326 5568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:51:25.0391 5568 Ndisuio - ok
18:51:25.0480 5568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:51:25.0547 5568 NdisWan - ok
18:51:25.0646 5568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:51:25.0714 5568 NDProxy - ok
18:51:25.0820 5568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:51:25.0890 5568 NetBIOS - ok
18:51:25.0979 5568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:51:26.0031 5568 NetBT - ok
18:51:26.0151 5568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:51:26.0174 5568 nfrd960 - ok
18:51:26.0274 5568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:51:26.0347 5568 Npfs - ok
18:51:26.0435 5568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:51:26.0499 5568 nsiproxy - ok
18:51:26.0625 5568 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:51:26.0677 5568 Ntfs - ok
18:51:26.0765 5568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:51:26.0836 5568 Null - ok
18:51:26.0936 5568 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
18:51:26.0956 5568 NVHDA - ok
18:51:27.0317 5568 nvlddmkm (08d56435647be1102c186f8f4819374d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:51:27.0478 5568 nvlddmkm - ok
18:51:27.0601 5568 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:51:27.0629 5568 nvraid - ok
18:51:27.0726 5568 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:51:27.0749 5568 nvstor - ok
18:51:27.0857 5568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:51:27.0884 5568 nv_agp - ok
18:51:27.0974 5568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:51:28.0018 5568 ohci1394 - ok
18:51:28.0111 5568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:51:28.0146 5568 Parport - ok
18:51:28.0234 5568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:51:28.0257 5568 partmgr - ok
18:51:28.0363 5568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:51:28.0389 5568 pci - ok
18:51:28.0489 5568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:51:28.0510 5568 pciide - ok
18:51:28.0609 5568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:51:28.0633 5568 pcmcia - ok
18:51:28.0744 5568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:51:28.0762 5568 pcw - ok
18:51:28.0873 5568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:51:28.0948 5568 PEAUTH - ok
18:51:29.0096 5568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:51:29.0162 5568 PptpMiniport - ok
18:51:29.0252 5568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:51:29.0287 5568 Processor - ok
18:51:29.0393 5568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:51:29.0468 5568 Psched - ok
18:51:29.0587 5568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:51:29.0631 5568 ql2300 - ok
18:51:29.0724 5568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:51:29.0747 5568 ql40xx - ok
18:51:29.0842 5568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:51:29.0888 5568 QWAVEdrv - ok
18:51:29.0981 5568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:51:30.0047 5568 RasAcd - ok
18:51:30.0153 5568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:51:30.0208 5568 RasAgileVpn - ok
18:51:30.0305 5568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:51:30.0379 5568 Rasl2tp - ok
18:51:30.0466 5568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:51:30.0537 5568 RasPppoe - ok
18:51:30.0632 5568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:51:30.0712 5568 RasSstp - ok
18:51:30.0817 5568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:51:30.0892 5568 rdbss - ok
18:51:30.0970 5568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:51:31.0015 5568 rdpbus - ok
18:51:31.0113 5568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:51:31.0161 5568 RDPCDD - ok
18:51:31.0251 5568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:51:31.0327 5568 RDPENCDD - ok
18:51:31.0421 5568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:51:31.0474 5568 RDPREFMP - ok
18:51:31.0570 5568 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:51:31.0612 5568 RDPWD - ok
18:51:31.0731 5568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:51:31.0760 5568 rdyboost - ok
18:51:31.0869 5568 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:51:31.0908 5568 RFCOMM - ok
18:51:32.0016 5568 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:51:32.0045 5568 RSPCIESTOR - ok
18:51:32.0134 5568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:51:32.0208 5568 rspndr - ok
18:51:32.0318 5568 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:51:32.0343 5568 RTL8167 - ok
18:51:32.0480 5568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:51:32.0505 5568 sbp2port - ok
18:51:32.0615 5568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:51:32.0678 5568 scfilter - ok
18:51:32.0775 5568 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:51:32.0824 5568 sdbus - ok
18:51:32.0937 5568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:51:33.0012 5568 secdrv - ok
18:51:33.0125 5568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:51:33.0161 5568 Serenum - ok
18:51:33.0275 5568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:51:33.0313 5568 Serial - ok
18:51:33.0415 5568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:51:33.0458 5568 sermouse - ok
18:51:33.0568 5568 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
18:51:33.0619 5568 SFEP - ok
18:51:33.0719 5568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:51:33.0750 5568 sffdisk - ok
18:51:33.0863 5568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:51:33.0907 5568 sffp_mmc - ok
18:51:34.0019 5568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:51:34.0049 5568 sffp_sd - ok
18:51:34.0138 5568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:51:34.0177 5568 sfloppy - ok
18:51:34.0282 5568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:51:34.0305 5568 SiSRaid2 - ok
18:51:34.0425 5568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:51:34.0443 5568 SiSRaid4 - ok
18:51:34.0597 5568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:51:34.0651 5568 Smb - ok
18:51:34.0779 5568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:51:34.0799 5568 spldr - ok
18:51:34.0968 5568 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:51:35.0044 5568 srv - ok
18:51:35.0224 5568 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:51:35.0288 5568 srv2 - ok
18:51:35.0423 5568 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:51:35.0469 5568 srvnet - ok
18:51:35.0621 5568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:51:35.0643 5568 stexstor - ok
18:51:35.0683 5568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:51:35.0701 5568 swenum - ok
18:51:35.0972 5568 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:51:36.0031 5568 Tcpip - ok
18:51:36.0263 5568 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:51:36.0310 5568 TCPIP6 - ok
18:51:36.0442 5568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:51:36.0519 5568 tcpipreg - ok
18:51:36.0637 5568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:51:36.0711 5568 TDPIPE - ok
18:51:36.0848 5568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:51:36.0916 5568 TDTCP - ok
18:51:37.0052 5568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:51:37.0108 5568 tdx - ok
18:51:37.0303 5568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:51:37.0323 5568 TermDD - ok
18:51:37.0492 5568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:51:37.0541 5568 tssecsrv - ok
18:51:37.0653 5568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:51:37.0701 5568 TsUsbFlt - ok
18:51:37.0856 5568 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:51:37.0911 5568 TsUsbGD - ok
18:51:38.0039 5568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:51:38.0102 5568 tunnel - ok
18:51:38.0219 5568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:51:38.0243 5568 uagp35 - ok
18:51:38.0411 5568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:51:38.0506 5568 udfs - ok
18:51:38.0623 5568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:51:38.0635 5568 uliagpkx - ok
18:51:38.0826 5568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:51:38.0863 5568 umbus - ok
18:51:38.0997 5568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:51:39.0032 5568 UmPass - ok
18:51:39.0163 5568 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:51:39.0206 5568 usbccgp - ok
18:51:39.0324 5568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:51:39.0361 5568 usbcir - ok
18:51:39.0502 5568 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
18:51:39.0539 5568 usbehci - ok
18:51:39.0675 5568 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:51:39.0725 5568 usbhub - ok
18:51:39.0859 5568 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
18:51:39.0897 5568 usbohci - ok
18:51:39.0998 5568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:51:40.0035 5568 usbprint - ok
18:51:40.0191 5568 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:51:40.0225 5568 usbscan - ok
18:51:40.0357 5568 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:51:40.0402 5568 USBSTOR - ok
18:51:40.0535 5568 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
18:51:40.0568 5568 usbuhci - ok
18:51:40.0739 5568 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:51:40.0770 5568 usbvideo - ok
18:51:40.0912 5568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:51:40.0931 5568 vdrvroot - ok
18:51:41.0031 5568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:51:41.0054 5568 vga - ok
18:51:41.0117 5568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:51:41.0194 5568 VgaSave - ok
18:51:41.0346 5568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:51:41.0374 5568 vhdmp - ok
18:51:41.0499 5568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:51:41.0520 5568 viaide - ok
18:51:41.0656 5568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:51:41.0680 5568 volmgr - ok
18:51:41.0814 5568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:51:41.0844 5568 volmgrx - ok
18:51:41.0978 5568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:51:42.0006 5568 volsnap - ok
18:51:42.0142 5568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:51:42.0165 5568 vsmraid - ok
18:51:42.0290 5568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:51:42.0328 5568 vwifibus - ok
18:51:42.0381 5568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:51:42.0432 5568 vwififlt - ok
18:51:42.0500 5568 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:51:42.0555 5568 vwifimp - ok
18:51:42.0655 5568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:51:42.0702 5568 WacomPen - ok
18:51:42.0853 5568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:51:42.0934 5568 WANARP - ok
18:51:42.0937 5568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:51:42.0967 5568 Wanarpv6 - ok
18:51:43.0084 5568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:51:43.0104 5568 Wd - ok
18:51:43.0264 5568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:51:43.0292 5568 Wdf01000 - ok
18:51:43.0400 5568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:51:43.0454 5568 WfpLwf - ok
18:51:43.0608 5568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:51:43.0623 5568 WIMMount - ok
18:51:43.0804 5568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:51:43.0828 5568 WmiAcpi - ok
18:51:44.0027 5568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:51:44.0070 5568 ws2ifsl - ok
18:51:44.0195 5568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:51:44.0271 5568 WudfPf - ok
18:51:44.0408 5568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:44.0483 5568 WUDFRd - ok
18:51:44.0542 5568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:51:45.0164 5568 \Device\Harddisk0\DR0 - ok
18:51:45.0532 5568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:51:45.0718 5568 \Device\Harddisk1\DR1 - ok
18:51:45.0729 5568 Boot (0x1200) (97c036f99ecffae477fe55583553e500) \Device\Harddisk0\DR0\Partition0
18:51:45.0730 5568 \Device\Harddisk0\DR0\Partition0 - ok
18:51:45.0747 5568 Boot (0x1200) (b4c148682f673e345cbbf78996eca13e) \Device\Harddisk0\DR0\Partition1
18:51:45.0748 5568 \Device\Harddisk0\DR0\Partition1 - ok
18:51:45.0751 5568 Boot (0x1200) (0c3ee019da7634ae3bffcdbd32096227) \Device\Harddisk1\DR1\Partition0
18:51:45.0753 5568 \Device\Harddisk1\DR1\Partition0 - ok
18:51:45.0753 5568 ============================================================
18:51:45.0753 5568 Scan finished
18:51:45.0753 5568 ============================================================
18:51:45.0760 4224 Detected object count: 0
18:51:45.0760 4224 Actual detected object count: 0
|
|
28.02.2012, 22:04
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
29.02.2012, 21:51
| #19 |
| | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Hier das ComboFix Logfile: Code:
ATTFilter ComboFix 12-02-29.01 - kratzwald 29.02.2012 21:42:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2307 [GMT 1:00]
ausgeführt von:: c:\users\kratzwald\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-28 bis 2012-02-29 ))))))))))))))))))))))))))))))
.
.
2012-02-29 20:47 . 2012-02-29 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 18:00 . 2012-02-29 18:00 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-02-29 18:00 . 2012-02-29 18:00 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-29 17:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 17:10 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-02-29 17:10 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-02-29 17:10 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-02-29 17:10 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-02-29 17:10 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-02-29 17:10 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-02-29 17:10 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-02-29 17:10 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-29 17:10 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-27 18:11 . 2012-02-27 18:11 -------- d-----w- C:\_OTL
2012-02-25 20:57 . 2012-02-25 20:57 -------- d-----w- c:\program files (x86)\AntiTwin
2012-02-25 18:46 . 2012-02-25 18:46 -------- d-----w- c:\program files (x86)\MARKEMENT
2012-02-24 20:17 . 2012-02-24 20:17 -------- d-----w- c:\program files (x86)\ESET
2012-02-23 19:31 . 2012-02-23 19:31 -------- d-----w- c:\users\kratzwald\AppData\Roaming\Malwarebytes
2012-02-23 19:31 . 2012-02-23 19:31 -------- d-----w- c:\programdata\Malwarebytes
2012-02-23 19:31 . 2012-02-23 19:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-23 19:31 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 17:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-11 07:35 . 2012-02-11 07:35 -------- d-----w- c:\users\kratzwald\AppData\Roaming\Avira
2012-02-11 07:30 . 2012-02-15 16:59 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-11 07:30 . 2011-12-15 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-11 07:30 . 2011-12-15 13:59 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-11 07:30 . 2012-02-11 07:30 -------- d-----w- c:\programdata\Avira
2012-02-11 07:30 . 2012-02-11 07:30 -------- d-----w- c:\program files (x86)\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 06:35 . 2011-09-28 16:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-09 273528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\kratzwald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PCSUITEDFRGSVC;PCSUITE DEFRAG SERVICE;c:\program files (x86)\MARKEMENT\PCSUITE DEFRAG\pcsuitedefragsvc.exe [2010-11-23 3507592]
S2 PCSUITEINSPECTORSVC;PCSUITE INSPECTOR Service;c:\program files (x86)\MARKEMENT\PCSUITE INSPECTOR\inspectorsvc.exe [2010-11-23 5108624]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-24 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kratzwald\AppData\Roaming\Mozilla\Firefox\Profiles\okzx5yly.default\
FF - prefs.js: browser.search.selectedEngine - google.de PWS
FF - prefs.js: browser.startup.homepage - www.webseitenmanager.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-29 21:49:40
ComboFix-quarantined-files.txt 2012-02-29 20:49
.
Vor Suchlauf: 14 Verzeichnis(se), 504.512.270.336 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 504.231.051.264 Bytes frei
.
- - End Of File - - E3BF7B02D1483ADFCE8588B0305093E7
|
|
01.03.2012, 14:04
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 20:00
| #21 |
| | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Nach einer Woche Urlaub geht es weiter im Kampf  Hier das logfile: Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 19:34:53
-----------------------------
19:34:53.083 OS Version: Windows x64 6.1.7601 Service Pack 1
19:34:53.083 Number of processors: 4 586 0x2A07
19:34:53.084 ComputerName: KRATZWALD-VAIO UserName: kratzwald
19:34:54.458 Initialize success
19:36:04.022 AVAST engine defs: 12031200
19:36:20.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:36:20.631 Disk 0 Vendor: TOSHIBA_ GH01 Size: 610480MB BusType: 3
19:36:20.645 Disk 0 MBR read successfully
19:36:20.653 Disk 0 MBR scan
19:36:20.662 Disk 0 Windows 7 default MBR code
19:36:20.676 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13837 MB offset 2048
19:36:20.699 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28342272
19:36:20.716 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596541 MB offset 28547072
19:36:20.755 Disk 0 scanning C:\Windows\system32\drivers
19:36:33.225 Service scanning
19:37:08.907 Modules scanning
19:37:08.924 Disk 0 trace - called modules:
19:37:08.965 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:37:08.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065dd060]
19:37:08.990 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471b050]
19:37:10.162 AVAST engine scan C:\Windows
19:37:13.296 AVAST engine scan C:\Windows\system32
19:39:52.153 AVAST engine scan C:\Windows\system32\drivers
19:40:04.141 AVAST engine scan C:\Users\kratzwald
19:57:31.075 Disk 0 MBR has been saved successfully to "C:\Users\kratzwald\Desktop\MBR.dat"
19:57:31.079 The log file has been saved successfully to "C:\Users\kratzwald\Desktop\aswMBR.txt"
|
|
12.03.2012, 20:02
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner: Aus Sicherheitsgründen wurde Ihre Windows Version gesperrt - 50 euro zahlen! |
| 50 euro zahlen, abgesicherten, administrator, anti-malware, appdata, autostart, backdoor.messa, bka-virus, code, dateien, dateisystem, ergebnis, euro, exploit.drop.2, explorer, gen, gesperrt, heuristiks/extra, heuristiks/shuriken, microsoft, modus, roaming, scan, service, software, speicher, surfen, temp, torrent.exe, trojaner, version, windows |
Linear-Darstellung
