| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus hat auch mich erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2012, 12:01
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  50 Euro Virus hat auch mich erwischt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2630102896-260595033-1478422663-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell - "" = AutoRun
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SISetup.exe
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe - ()
[2012.02.15 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Kyq
:Files
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.02.2012, 12:15
| #17 |
 | 50 Euro Virus hat auch mich erwischtCode:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\ deleted successfully.
C:\Program Files\Windows Live\Family Safety\fssbho.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2630102896-260595033-1478422663-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2630102896-260595033-1478422663-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aedd25e-8ada-11e0-a679-485b39736daa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aedd25e-8ada-11e0-a679-485b39736daa}\ not found.
File F:\SISetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\SISetup.exe not found.
C:\Users\bodbeli\AppData\Roaming\Kyq folder moved successfully.
========== FILES ==========
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: bodbeli
->Temp folder emptied: 400692530 bytes
->Temporary Internet Files folder emptied: 3351139147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 263884500 bytes
->Flash cache emptied: 28266 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 239662040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 42993970 bytes
Total Files Cleaned = 4.099,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.2 log created on 02272012_120826
Files\Folders moved on Reboot...
File\Folder C:\Users\bodbeli\AppData\Local\Temp\2011-09-01-1178365613_04-RG-1.PDF not found!
File\Folder C:\Users\bodbeli\AppData\Local\Temp\2011-09-01-1178365613_04-RG.PDF not found!
C:\Users\bodbeli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
27.02.2012, 12:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
27.02.2012, 13:18
| #19 |
| | 50 Euro Virus hat auch mich erwischt ich habe alles durchgeführt, aber ich kann log file nicht finden??? |
|
27.02.2012, 14:57
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Ich hab doch geschrieben wo das zu finden ist. Direkt auf C
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2012, 16:25
| #21 |
| | 50 Euro Virus hat auch mich erwischtCode:
ATTFilter 12:57:31.0370 3492 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
12:57:31.0479 3492 ============================================================
12:57:31.0479 3492 Current date / time: 2012/02/27 12:57:31.0479
12:57:31.0479 3492 SystemInfo:
12:57:31.0479 3492
12:57:31.0479 3492 OS Version: 6.1.7601 ServicePack: 1.0
12:57:31.0479 3492 Product type: Workstation
12:57:31.0479 3492 ComputerName: BODBELI-PC
12:57:31.0479 3492 UserName: bodbeli
12:57:31.0479 3492 Windows directory: C:\Windows
12:57:31.0479 3492 System windows directory: C:\Windows
12:57:31.0479 3492 Running under WOW64
12:57:31.0479 3492 Processor architecture: Intel x64
12:57:31.0479 3492 Number of processors: 4
12:57:31.0479 3492 Page size: 0x1000
12:57:31.0479 3492 Boot type: Normal boot
12:57:31.0479 3492 ============================================================
12:57:32.0118 3492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:57:32.0118 3492 \Device\Harddisk0\DR0:
12:57:32.0118 3492 MBR used
12:57:32.0118 3492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0xE8E0360
12:57:32.0134 3492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10A13756, BlocksNum 0x299714EB
12:57:32.0243 3492 Initialize success
12:57:32.0243 3492 ============================================================
12:57:43.0834 4532 ============================================================
12:57:43.0834 4532 Scan started
12:57:43.0834 4532 Mode: Manual; SigCheck; TDLFS;
12:57:43.0834 4532 ============================================================
12:57:44.0442 4532 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:57:44.0552 4532 1394ohci - ok
12:57:45.0316 4532 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:57:45.0347 4532 ACPI - ok
12:57:45.0768 4532 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:57:45.0800 4532 AcpiPmi - ok
12:57:46.0330 4532 acsock (e42f90b27bdddd611fa7040afd256fda) C:\Windows\system32\DRIVERS\acsock64.sys
12:57:46.0392 4532 acsock - ok
12:57:46.0751 4532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:57:46.0782 4532 adp94xx - ok
12:57:47.0141 4532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:57:47.0172 4532 adpahci - ok
12:57:47.0531 4532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:57:47.0547 4532 adpu320 - ok
12:57:47.0937 4532 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:57:47.0999 4532 AFD - ok
12:57:48.0342 4532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:57:48.0358 4532 agp440 - ok
12:57:48.0732 4532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:57:48.0748 4532 aliide - ok
12:57:49.0154 4532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:57:49.0169 4532 amdide - ok
12:57:49.0528 4532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:57:49.0575 4532 AmdK8 - ok
12:57:49.0918 4532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:57:49.0949 4532 AmdPPM - ok
12:57:50.0292 4532 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:57:50.0324 4532 amdsata - ok
12:57:50.0667 4532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:57:50.0698 4532 amdsbs - ok
12:57:51.0041 4532 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:57:51.0057 4532 amdxata - ok
12:57:51.0416 4532 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:57:51.0494 4532 AppID - ok
12:57:51.0837 4532 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:57:51.0868 4532 arc - ok
12:57:52.0211 4532 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:57:52.0227 4532 arcsas - ok
12:57:52.0586 4532 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
12:57:52.0601 4532 AsDsm - ok
12:57:52.0695 4532 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:57:52.0710 4532 ASMMAP64 - ok
12:57:53.0054 4532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:53.0132 4532 AsyncMac - ok
12:57:53.0490 4532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:57:53.0506 4532 atapi - ok
12:57:53.0896 4532 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
12:57:54.0021 4532 athr - ok
12:57:54.0380 4532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:57:54.0442 4532 b06bdrv - ok
12:57:54.0801 4532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:57:54.0832 4532 b57nd60a - ok
12:57:55.0191 4532 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:57:55.0269 4532 Beep - ok
12:57:55.0659 4532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:55.0706 4532 blbdrive - ok
12:57:56.0049 4532 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:57:56.0096 4532 bowser - ok
12:57:56.0470 4532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:57:56.0517 4532 BrFiltLo - ok
12:57:56.0860 4532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:57:56.0907 4532 BrFiltUp - ok
12:57:57.0281 4532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:57:57.0328 4532 Brserid - ok
12:57:57.0687 4532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:57.0734 4532 BrSerWdm - ok
12:57:58.0061 4532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:58.0108 4532 BrUsbMdm - ok
12:57:58.0436 4532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:58.0482 4532 BrUsbSer - ok
12:57:58.0810 4532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:57:58.0857 4532 BTHMODEM - ok
12:57:59.0216 4532 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:57:59.0294 4532 cdfs - ok
12:57:59.0668 4532 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:57:59.0715 4532 cdrom - ok
12:58:00.0089 4532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:58:00.0120 4532 circlass - ok
12:58:00.0401 4532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:58:00.0448 4532 CLFS - ok
12:58:00.0838 4532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:58:00.0854 4532 CmBatt - ok
12:58:01.0212 4532 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:58:01.0244 4532 cmdide - ok
12:58:01.0618 4532 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:58:01.0665 4532 CNG - ok
12:58:02.0039 4532 CnxtHdAudService (f7ca3accf5aa0e2182546c5be42b2e96) C:\Windows\system32\drivers\CHDRT64.sys
12:58:02.0086 4532 CnxtHdAudService - ok
12:58:02.0445 4532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:58:02.0460 4532 Compbatt - ok
12:58:02.0819 4532 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:58:02.0850 4532 CompositeBus - ok
12:58:03.0209 4532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:58:03.0225 4532 crcdisk - ok
12:58:03.0599 4532 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:58:03.0677 4532 DfsC - ok
12:58:04.0036 4532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:58:04.0098 4532 discache - ok
12:58:04.0457 4532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:58:04.0473 4532 Disk - ok
12:58:04.0878 4532 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:58:04.0925 4532 drmkaud - ok
12:58:05.0315 4532 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:58:05.0378 4532 DXGKrnl - ok
12:58:05.0814 4532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:58:05.0939 4532 ebdrv - ok
12:58:06.0298 4532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:58:06.0329 4532 elxstor - ok
12:58:06.0688 4532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:58:06.0735 4532 ErrDev - ok
12:58:07.0094 4532 ETD (06c94be9d9e1e6411429433a64a76936) C:\Windows\system32\DRIVERS\ETD.sys
12:58:07.0125 4532 ETD - ok
12:58:07.0515 4532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:58:07.0577 4532 exfat - ok
12:58:07.0952 4532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:58:08.0014 4532 fastfat - ok
12:58:08.0357 4532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:58:08.0420 4532 fdc - ok
12:58:08.0794 4532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:58:08.0810 4532 FileInfo - ok
12:58:09.0184 4532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:58:09.0262 4532 Filetrace - ok
12:58:09.0605 4532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:58:09.0636 4532 flpydisk - ok
12:58:10.0011 4532 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:58:10.0042 4532 FltMgr - ok
12:58:10.0401 4532 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:58:10.0416 4532 FsDepends - ok
12:58:10.0760 4532 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
12:58:10.0775 4532 fssfltr - ok
12:58:11.0134 4532 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:58:11.0150 4532 Fs_Rec - ok
12:58:11.0508 4532 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:58:11.0540 4532 fvevol - ok
12:58:11.0898 4532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:58:11.0914 4532 gagp30kx - ok
12:58:12.0288 4532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:58:12.0320 4532 hcw85cir - ok
12:58:12.0710 4532 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:58:12.0756 4532 HdAudAddService - ok
12:58:13.0162 4532 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:58:13.0193 4532 HDAudBus - ok
12:58:13.0552 4532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:58:13.0568 4532 HECIx64 - ok
12:58:13.0911 4532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:58:13.0958 4532 HidBatt - ok
12:58:14.0301 4532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:58:14.0332 4532 HidBth - ok
12:58:14.0706 4532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:58:14.0738 4532 HidIr - ok
12:58:15.0096 4532 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:58:15.0128 4532 HidUsb - ok
12:58:15.0502 4532 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:58:15.0518 4532 HpSAMD - ok
12:58:15.0923 4532 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:58:16.0017 4532 HTTP - ok
12:58:16.0376 4532 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:58:16.0391 4532 hwpolicy - ok
12:58:16.0766 4532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:58:16.0781 4532 i8042prt - ok
12:58:17.0156 4532 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
12:58:17.0187 4532 iaStor - ok
12:58:17.0546 4532 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:58:17.0577 4532 iaStorV - ok
12:58:18.0138 4532 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:58:18.0482 4532 igfx - ok
12:58:18.0856 4532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:58:18.0872 4532 iirsp - ok
12:58:19.0230 4532 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
12:58:19.0262 4532 Impcd - ok
12:58:19.0620 4532 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:58:19.0652 4532 IntcDAud - ok
12:58:20.0010 4532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:58:20.0026 4532 intelide - ok
12:58:20.0400 4532 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:58:20.0416 4532 intelppm - ok
12:58:20.0775 4532 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:58:20.0853 4532 IpFilterDriver - ok
12:58:21.0258 4532 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:58:21.0305 4532 IPMIDRV - ok
12:58:21.0664 4532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:58:21.0726 4532 IPNAT - ok
12:58:22.0085 4532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:58:22.0116 4532 IRENUM - ok
12:58:22.0475 4532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:58:22.0491 4532 isapnp - ok
12:58:22.0850 4532 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:58:22.0881 4532 iScsiPrt - ok
12:58:23.0240 4532 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
12:58:23.0255 4532 JMCR - ok
12:58:23.0614 4532 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
12:58:23.0630 4532 JME - ok
12:58:23.0988 4532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:58:24.0004 4532 kbdclass - ok
12:58:24.0363 4532 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:58:24.0394 4532 kbdhid - ok
12:58:24.0753 4532 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:58:24.0768 4532 kbfiltr - ok
12:58:25.0112 4532 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:58:25.0143 4532 KSecDD - ok
12:58:25.0502 4532 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:58:25.0517 4532 KSecPkg - ok
12:58:25.0860 4532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:58:25.0938 4532 ksthunk - ok
12:58:26.0297 4532 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:58:26.0360 4532 lltdio - ok
12:58:26.0718 4532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:58:26.0734 4532 LSI_FC - ok
12:58:27.0093 4532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:58:27.0108 4532 LSI_SAS - ok
12:58:27.0467 4532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:58:27.0483 4532 LSI_SAS2 - ok
12:58:27.0857 4532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:58:27.0873 4532 LSI_SCSI - ok
12:58:28.0232 4532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:58:28.0310 4532 luafv - ok
12:58:28.0668 4532 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
12:58:28.0684 4532 lullaby - ok
12:58:29.0058 4532 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:58:29.0074 4532 MBAMProtector - ok
12:58:29.0480 4532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:58:29.0511 4532 megasas - ok
12:58:29.0870 4532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:58:29.0901 4532 MegaSR - ok
12:58:30.0291 4532 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:58:30.0369 4532 Modem - ok
12:58:30.0712 4532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:58:30.0743 4532 monitor - ok
12:58:31.0102 4532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:58:31.0118 4532 mouclass - ok
12:58:31.0476 4532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:31.0508 4532 mouhid - ok
12:58:31.0866 4532 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:58:31.0882 4532 mountmgr - ok
12:58:32.0241 4532 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:58:32.0256 4532 mpio - ok
12:58:32.0631 4532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:58:32.0709 4532 mpsdrv - ok
12:58:33.0068 4532 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:58:33.0130 4532 MRxDAV - ok
12:58:33.0473 4532 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:33.0504 4532 mrxsmb - ok
12:58:33.0863 4532 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:33.0910 4532 mrxsmb10 - ok
12:58:34.0253 4532 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:34.0300 4532 mrxsmb20 - ok
12:58:34.0659 4532 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:58:34.0674 4532 msahci - ok
12:58:35.0033 4532 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:58:35.0064 4532 msdsm - ok
12:58:35.0408 4532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:58:35.0470 4532 Msfs - ok
12:58:35.0813 4532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:58:35.0876 4532 mshidkmdf - ok
12:58:36.0234 4532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:58:36.0250 4532 msisadrv - ok
12:58:36.0609 4532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:36.0656 4532 MSKSSRV - ok
12:58:37.0014 4532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:37.0077 4532 MSPCLOCK - ok
12:58:37.0451 4532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:58:37.0514 4532 MSPQM - ok
12:58:37.0872 4532 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:58:37.0904 4532 MsRPC - ok
12:58:38.0262 4532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:58:38.0278 4532 mssmbios - ok
12:58:38.0637 4532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:58:38.0699 4532 MSTEE - ok
12:58:39.0058 4532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:58:39.0105 4532 MTConfig - ok
12:58:39.0448 4532 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
12:58:39.0464 4532 MTsensor - ok
12:58:39.0822 4532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:58:39.0838 4532 Mup - ok
12:58:40.0197 4532 mvusbews (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys
12:58:40.0228 4532 mvusbews - ok
12:58:40.0602 4532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:40.0634 4532 NativeWifiP - ok
12:58:41.0008 4532 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:58:41.0070 4532 NDIS - ok
12:58:41.0429 4532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:41.0507 4532 NdisCap - ok
12:58:41.0850 4532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:41.0913 4532 NdisTapi - ok
12:58:42.0287 4532 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:42.0350 4532 Ndisuio - ok
12:58:42.0708 4532 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:42.0786 4532 NdisWan - ok
12:58:43.0130 4532 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:58:43.0208 4532 NDProxy - ok
12:58:43.0566 4532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:58:43.0629 4532 NetBIOS - ok
12:58:44.0003 4532 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:58:44.0066 4532 NetBT - ok
12:58:44.0440 4532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:58:44.0456 4532 nfrd960 - ok
12:58:44.0814 4532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:58:44.0877 4532 Npfs - ok
12:58:45.0236 4532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:58:45.0298 4532 nsiproxy - ok
12:58:45.0735 4532 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:58:45.0829 4532 Ntfs - ok
12:58:46.0187 4532 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:58:46.0265 4532 Null - ok
12:58:46.0874 4532 nvlddmkm (03ea35ad85e43596a17658370dccf59f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:58:47.0295 4532 nvlddmkm - ok
12:58:47.0638 4532 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:58:47.0669 4532 nvraid - ok
12:58:48.0028 4532 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:58:48.0044 4532 nvstor - ok
12:58:48.0403 4532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:58:48.0434 4532 nv_agp - ok
12:58:48.0793 4532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:58:48.0839 4532 ohci1394 - ok
12:58:49.0214 4532 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:58:49.0245 4532 Parport - ok
12:58:49.0588 4532 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:58:49.0604 4532 partmgr - ok
12:58:49.0963 4532 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:58:49.0994 4532 pci - ok
12:58:50.0337 4532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:58:50.0353 4532 pciide - ok
12:58:50.0711 4532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:58:50.0743 4532 pcmcia - ok
12:58:51.0086 4532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:58:51.0117 4532 pcw - ok
12:58:51.0476 4532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:58:51.0585 4532 PEAUTH - ok
12:58:51.0959 4532 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:52.0022 4532 PptpMiniport - ok
12:58:52.0381 4532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:58:52.0412 4532 Processor - ok
12:58:52.0771 4532 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:58:52.0833 4532 Psched - ok
12:58:53.0223 4532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:58:53.0301 4532 ql2300 - ok
12:58:53.0691 4532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:58:53.0707 4532 ql40xx - ok
12:58:54.0065 4532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:58:54.0112 4532 QWAVEdrv - ok
12:58:54.0455 4532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:54.0533 4532 RasAcd - ok
12:58:54.0877 4532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:54.0923 4532 RasAgileVpn - ok
12:58:55.0298 4532 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:55.0360 4532 Rasl2tp - ok
12:58:55.0703 4532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:55.0781 4532 RasPppoe - ok
12:58:56.0140 4532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:56.0203 4532 RasSstp - ok
12:58:56.0561 4532 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:56.0624 4532 rdbss - ok
12:58:56.0967 4532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:58:56.0998 4532 rdpbus - ok
12:58:57.0357 4532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:57.0419 4532 RDPCDD - ok
12:58:57.0763 4532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:58:57.0825 4532 RDPENCDD - ok
12:58:58.0184 4532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:58:58.0262 4532 RDPREFMP - ok
12:58:58.0621 4532 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:58:58.0699 4532 RDPWD - ok
12:58:59.0057 4532 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:58:59.0073 4532 rdyboost - ok
12:58:59.0447 4532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:59.0525 4532 rspndr - ok
12:58:59.0884 4532 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:58:59.0915 4532 sbp2port - ok
12:59:00.0274 4532 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:59:00.0337 4532 scfilter - ok
12:59:00.0695 4532 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:59:00.0727 4532 sdbus - ok
12:59:01.0085 4532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:59:01.0148 4532 secdrv - ok
12:59:01.0538 4532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:59:01.0569 4532 Serenum - ok
12:59:01.0928 4532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:59:01.0959 4532 Serial - ok
12:59:02.0318 4532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:59:02.0349 4532 sermouse - ok
12:59:02.0723 4532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:59:02.0755 4532 sffdisk - ok
12:59:03.0113 4532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:59:03.0145 4532 sffp_mmc - ok
12:59:03.0503 4532 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:59:03.0535 4532 sffp_sd - ok
12:59:03.0878 4532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:59:03.0925 4532 sfloppy - ok
12:59:04.0315 4532 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:59:04.0330 4532 SiSGbeLH - ok
12:59:04.0689 4532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:59:04.0705 4532 SiSRaid2 - ok
12:59:05.0126 4532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:59:05.0141 4532 SiSRaid4 - ok
12:59:05.0500 4532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:59:05.0563 4532 Smb - ok
12:59:05.0984 4532 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:59:06.0093 4532 SNP2UVC - ok
12:59:06.0467 4532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:59:06.0483 4532 spldr - ok
12:59:06.0873 4532 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:59:06.0920 4532 srv - ok
12:59:07.0294 4532 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:59:07.0325 4532 srv2 - ok
12:59:07.0684 4532 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:59:07.0715 4532 srvnet - ok
12:59:08.0074 4532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:59:08.0090 4532 stexstor - ok
12:59:08.0449 4532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:59:08.0464 4532 swenum - ok
12:59:08.0885 4532 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:59:08.0963 4532 Tcpip - ok
12:59:09.0369 4532 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:59:09.0416 4532 TCPIP6 - ok
12:59:09.0790 4532 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:59:09.0868 4532 tcpipreg - ok
12:59:10.0211 4532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:59:10.0274 4532 TDPIPE - ok
12:59:10.0633 4532 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:59:10.0711 4532 TDTCP - ok
12:59:11.0069 4532 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:59:11.0132 4532 tdx - ok
12:59:11.0475 4532 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:59:11.0506 4532 TermDD - ok
12:59:11.0881 4532 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:59:11.0943 4532 tssecsrv - ok
12:59:12.0302 4532 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:59:12.0333 4532 TsUsbFlt - ok
12:59:12.0676 4532 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:59:12.0754 4532 tunnel - ok
12:59:13.0113 4532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:59:13.0129 4532 uagp35 - ok
12:59:13.0487 4532 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:59:13.0565 4532 udfs - ok
12:59:13.0924 4532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:59:13.0955 4532 uliagpkx - ok
12:59:14.0299 4532 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:59:14.0330 4532 umbus - ok
12:59:14.0689 4532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:59:14.0720 4532 UmPass - ok
12:59:15.0079 4532 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:59:15.0125 4532 usbccgp - ok
12:59:15.0469 4532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:59:15.0531 4532 usbcir - ok
12:59:15.0874 4532 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:59:15.0905 4532 usbehci - ok
12:59:16.0264 4532 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:59:16.0311 4532 usbhub - ok
12:59:16.0670 4532 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:59:16.0685 4532 usbohci - ok
12:59:17.0060 4532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:59:17.0107 4532 usbprint - ok
12:59:17.0465 4532 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:59:17.0497 4532 USBSTOR - ok
12:59:17.0887 4532 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:59:17.0933 4532 usbuhci - ok
12:59:18.0308 4532 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:59:18.0355 4532 usbvideo - ok
12:59:18.0713 4532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:59:18.0745 4532 vdrvroot - ok
12:59:19.0103 4532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:59:19.0135 4532 vga - ok
12:59:19.0493 4532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:59:19.0540 4532 VgaSave - ok
12:59:19.0899 4532 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:59:19.0930 4532 vhdmp - ok
12:59:20.0289 4532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:59:20.0305 4532 viaide - ok
12:59:20.0663 4532 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:59:20.0679 4532 volmgr - ok
12:59:21.0038 4532 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:59:21.0069 4532 volmgrx - ok
12:59:21.0412 4532 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:59:21.0443 4532 volsnap - ok
12:59:21.0802 4532 vpnva (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
12:59:21.0818 4532 vpnva - ok
12:59:22.0177 4532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:59:22.0208 4532 vsmraid - ok
12:59:22.0582 4532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:59:22.0613 4532 vwifibus - ok
12:59:22.0957 4532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:59:23.0003 4532 vwififlt - ok
12:59:23.0347 4532 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:59:23.0378 4532 vwifimp - ok
12:59:23.0768 4532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:59:23.0799 4532 WacomPen - ok
12:59:24.0158 4532 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:59:24.0220 4532 WANARP - ok
12:59:24.0236 4532 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:59:24.0267 4532 Wanarpv6 - ok
12:59:24.0641 4532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:59:24.0657 4532 Wd - ok
12:59:25.0047 4532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:59:25.0094 4532 Wdf01000 - ok
12:59:25.0484 4532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:59:25.0546 4532 WfpLwf - ok
12:59:25.0936 4532 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:59:25.0952 4532 WimFltr - ok
12:59:26.0295 4532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:59:26.0326 4532 WIMMount - ok
12:59:26.0701 4532 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:59:26.0747 4532 WinUsb - ok
12:59:27.0106 4532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:59:27.0137 4532 WmiAcpi - ok
12:59:27.0496 4532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:59:27.0574 4532 ws2ifsl - ok
12:59:27.0933 4532 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:59:27.0980 4532 WudfPf - ok
12:59:28.0339 4532 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:59:28.0417 4532 WUDFRd - ok
12:59:28.0463 4532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:59:28.0713 4532 \Device\Harddisk0\DR0 - ok
12:59:28.0713 4532 Boot (0x1200) (fb20ae1609ea69a1ef384719af58072e) \Device\Harddisk0\DR0\Partition0
12:59:28.0713 4532 \Device\Harddisk0\DR0\Partition0 - ok
12:59:28.0729 4532 Boot (0x1200) (4c6adb1ed953e18043d4346be35f1de7) \Device\Harddisk0\DR0\Partition1
12:59:28.0729 4532 \Device\Harddisk0\DR0\Partition1 - ok
12:59:28.0729 4532 ============================================================
12:59:28.0729 4532 Scan finished
12:59:28.0729 4532 ============================================================
12:59:28.0744 3304 Detected object count: 0
12:59:28.0744 3304 Actual detected object count: 0
13:03:02.0601 4144 Deinitialize success
|
|
27.02.2012, 21:10
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2012, 21:56
| #23 |
| | 50 Euro Virus hat auch mich erwischtCode:
ATTFilter ComboFix 12-02-27.02 - bodbeli 27.02.2012 21:37:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3884.2134 [GMT 1:00]
ausgeführt von:: c:\users\bodbeli\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-27 bis 2012-02-27 ))))))))))))))))))))))))))))))
.
.
2012-02-27 20:44 . 2012-02-27 20:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-27 20:44 . 2012-02-27 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 20:44 . 2012-02-27 20:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0271B7A-1720-4BC8-8A89-4FD3EE1B9929}\offreg.dll
2012-02-27 11:08 . 2012-02-27 11:08 -------- d-----w- C:\_OTL
2012-02-26 15:14 . 2012-02-26 15:14 -------- d-----w- c:\program files (x86)\ESET
2012-02-26 13:11 . 2012-02-26 13:11 -------- d-----w- c:\users\bodbeli\AppData\Roaming\Malwarebytes
2012-02-26 13:11 . 2012-02-26 13:11 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 13:11 . 2012-02-26 13:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-26 13:11 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 13:04 . 2012-02-26 13:04 -------- d-----w- c:\users\bodbeli\AppData\Local\ElevatedDiagnostics
2012-02-24 16:35 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0271B7A-1720-4BC8-8A89-4FD3EE1B9929}\mpengine.dll
2012-02-16 11:58 . 2012-02-16 12:03 2228 ----a-w- c:\windows\system32\ASOROSet.bin
2012-02-16 11:47 . 2012-02-16 11:48 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-16 11:47 . 2012-02-19 09:07 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-16 11:40 . 2012-02-16 11:44 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-02-16 11:40 . 2012-02-16 11:41 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-02-16 11:39 . 2012-02-16 11:39 -------- d-----w- c:\program files\Microsoft SDKs
2012-02-16 11:39 . 2012-02-16 11:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-16 10:56 . 2012-02-16 10:56 -------- d-----w- c:\users\bodbeli\AppData\Roaming\Systweak
2012-02-16 10:56 . 2012-02-09 11:00 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-02-16 10:56 . 2012-02-16 11:53 -------- d-----w- c:\program files (x86)\RegClean Pro
2012-02-15 16:09 . 2012-02-24 08:54 -------- d-----w- c:\users\bodbeli\AppData\Roaming\Coreyc
2012-02-15 07:20 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:20 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:20 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:20 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:20 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:20 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:20 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 18:43 . 2011-05-04 07:32 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-29 04:10 . 2010-11-02 21:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-11 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-01 1918216]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 08:56]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 08:56]
.
2012-02-27 c:\windows\Tasks\RegClean Pro.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-02-16 11:00]
.
2012-02-27 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-02-16 11:00]
.
2012-02-16 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-02-16 11:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-01 17404008]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.vwl.uni-muenchen.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6ABD17F0-6A14-4A65-AA1E-EFFED453A618}: NameServer = 10.149.184.2,10.156.33.53
FF - ProfilePath - c:\users\bodbeli\AppData\Roaming\Mozilla\Firefox\Profiles\172p011x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vwl.uni-muenchen.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-27 21:50:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-27 20:50
.
Vor Suchlauf: 10 Verzeichnis(se), 70.684.893.184 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 70.077.038.592 Bytes frei
.
- - End Of File - - 0B13BA8A1E32A08BCBCBA279E53A1958
|
|
27.02.2012, 22:20
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Wieso läuft auf der Kiste eigentlich ein MSSQL Server? Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2012, 13:44
| #25 |
| | 50 Euro Virus hat auch mich erwischt Vielen Dank für Hilfe und Tipps. Ich werde Registry Cleaner deaktivieren |
|
28.02.2012, 15:31
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Und warum läuft da ein SQL-Server? Ist das so gewollt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2012, 21:05
| #27 |
| | 50 Euro Virus hat auch mich erwischt ich hate vor, etwas damit zu machen, aber jetzt brauche ich das eigentlich nicht mehr. soll ich auch das deaktivieren? |
|
28.02.2012, 22:36
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus hat auch mich erwischt Ja! Was sollen Programme für eine Aufgabe erfüllen, wenn die nicht gebraucht werden? Angriffsfläche erhöhen? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 50 Euro Virus hat auch mich erwischt |
| 50 euro, 50 euro virus, aus sicherheitsgründen, bereinige, bereinigen, bezahlen, blockiert, erschein, erscheint, erwischt, euro, extras.txt, fenster, sicherheitsgründe, sicherheitsgründen, viren, virus, windowssystem, windowssystem blockiert |
Linear-Darstellung
