Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox fehlermeldung : Proxy-Server verweigert die Verbindung (https://www.trojaner-board.de/107329-firefox-fehlermeldung-proxy-server-verweigert-verbindung.html)

88Tobi88 12.01.2012 18:03
so jetzt habe ich eine otl-fix

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: 1 removed from network.proxy.type
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File  not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{127f4380-ce48-11e0-b03f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{127f4380-ce48-11e0-b03f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{127f4380-ce48-11e0-b03f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{127f4380-ce48-11e0-b03f-806e6f6e6963}\ not found.
File move failed. E:\cdstart.exe scheduled to be moved on reboot.
Folder C:\Program Files (x86)\B7CA5\ not found.
Folder C:\Users\Tobi\AppData\Roaming\B7CA5\ not found.
Folder C:\Users\Tobi\AppData\Roaming\1E6B7\ not found.
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tobi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65536 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01122012_175532

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\cdstart.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 12.01.2012 19:59
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

88Tobi88 21.01.2012 14:17
hoffe das is so richtig

Code:
14:13:00.0656 4904        TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
14:13:01.0165 4904        ============================================================
14:13:01.0165 4904        Current date / time: 2012/01/21 14:13:01.0165
14:13:01.0165 4904        SystemInfo:
14:13:01.0165 4904       
14:13:01.0165 4904        OS Version: 6.1.7601 ServicePack: 1.0
14:13:01.0165 4904        Product type: Workstation
14:13:01.0165 4904        ComputerName: TOBI-PC
14:13:01.0165 4904        UserName: Tobi
14:13:01.0165 4904        Windows directory: C:\Windows
14:13:01.0165 4904        System windows directory: C:\Windows
14:13:01.0165 4904        Running under WOW64
14:13:01.0165 4904        Processor architecture: Intel x64
14:13:01.0165 4904        Number of processors: 3
14:13:01.0165 4904        Page size: 0x1000
14:13:01.0165 4904        Boot type: Normal boot
14:13:01.0165 4904        ============================================================
14:13:03.0316 4904        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:03.0320 4904        Drive \Device\Harddisk1\DR1 - Size: 0x3A8C00000 (14.64 Gb), SectorSize: 0x200, Cylinders: 0x776, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:13:03.0417 4904        Initialize success
14:14:39.0029 2388        ============================================================
14:14:39.0029 2388        Scan started
14:14:39.0029 2388        Mode: Manual; SigCheck; TDLFS;
14:14:39.0029 2388        ============================================================
14:14:40.0407 2388        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:14:40.0509 2388        1394ohci - ok
14:14:40.0623 2388        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:14:40.0636 2388        ACPI - ok
14:14:40.0731 2388        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:14:40.0801 2388        AcpiPmi - ok
14:14:40.0908 2388        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:14:40.0924 2388        adp94xx - ok
14:14:41.0029 2388        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:14:41.0042 2388        adpahci - ok
14:14:41.0151 2388        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:14:41.0161 2388        adpu320 - ok
14:14:41.0274 2388        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:14:41.0335 2388        AFD - ok
14:14:41.0440 2388        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:14:41.0448 2388        agp440 - ok
14:14:41.0623 2388        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:14:41.0631 2388        aliide - ok
14:14:41.0790 2388        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:14:41.0797 2388        amdide - ok
14:14:41.0929 2388        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:14:42.0009 2388        AmdK8 - ok
14:14:42.0257 2388        amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
14:14:42.0464 2388        amdkmdag - ok
14:14:42.0592 2388        amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:14:42.0635 2388        amdkmdap - ok
14:14:42.0757 2388        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:14:42.0800 2388        AmdPPM - ok
14:14:42.0916 2388        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:14:42.0925 2388        amdsata - ok
14:14:43.0026 2388        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:14:43.0037 2388        amdsbs - ok
14:14:43.0149 2388        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:14:43.0157 2388        amdxata - ok
14:14:43.0324 2388        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:14:43.0480 2388        AppID - ok
14:14:43.0595 2388        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:14:43.0604 2388        arc - ok
14:14:43.0712 2388        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:14:43.0720 2388        arcsas - ok
14:14:43.0825 2388        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:43.0968 2388        AsyncMac - ok
14:14:44.0048 2388        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:14:44.0055 2388        atapi - ok
14:14:44.0215 2388        AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
14:14:44.0270 2388        AtiHDAudioService - ok
14:14:44.0405 2388        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
14:14:44.0414 2388        avgntflt - ok
14:14:44.0516 2388        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
14:14:44.0524 2388        avipbb - ok
14:14:44.0628 2388        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:14:44.0634 2388        avkmgr - ok
14:14:44.0747 2388        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:14:44.0803 2388        b06bdrv - ok
14:14:44.0905 2388        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:14:44.0953 2388        b57nd60a - ok
14:14:45.0067 2388        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:14:45.0122 2388        Beep - ok
14:14:45.0317 2388        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:45.0355 2388        blbdrive - ok
14:14:45.0440 2388        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:14:45.0502 2388        bowser - ok
14:14:45.0741 2388        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:45.0824 2388        BrFiltLo - ok
14:14:45.0902 2388        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:45.0945 2388        BrFiltUp - ok
14:14:46.0064 2388        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:14:46.0129 2388        Brserid - ok
14:14:46.0232 2388        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:46.0281 2388        BrSerWdm - ok
14:14:46.0391 2388        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:46.0428 2388        BrUsbMdm - ok
14:14:46.0538 2388        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:46.0570 2388        BrUsbSer - ok
14:14:46.0683 2388        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:46.0716 2388        BTHMODEM - ok
14:14:46.0839 2388        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:14:46.0886 2388        cdfs - ok
14:14:47.0002 2388        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:14:47.0048 2388        cdrom - ok
14:14:47.0166 2388        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:14:47.0200 2388        circlass - ok
14:14:47.0324 2388        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:14:47.0340 2388        CLFS - ok
14:14:47.0485 2388        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:47.0519 2388        CmBatt - ok
14:14:47.0608 2388        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:14:47.0615 2388        cmdide - ok
14:14:47.0700 2388        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:14:47.0745 2388        CNG - ok
14:14:47.0832 2388        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:14:47.0840 2388        Compbatt - ok
14:14:47.0937 2388        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:14:47.0966 2388        CompositeBus - ok
14:14:48.0067 2388        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:48.0076 2388        crcdisk - ok
14:14:48.0199 2388        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:14:48.0250 2388        DfsC - ok
14:14:48.0365 2388        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:14:48.0420 2388        discache - ok
14:14:48.0541 2388        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:14:48.0550 2388        Disk - ok
14:14:48.0657 2388        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:14:48.0699 2388        drmkaud - ok
14:14:48.0813 2388        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:14:48.0837 2388        DXGKrnl - ok
14:14:48.0973 2388        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:14:49.0072 2388        ebdrv - ok
14:14:49.0210 2388        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:14:49.0226 2388        elxstor - ok
14:14:49.0297 2388        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:14:49.0325 2388        ErrDev - ok
14:14:49.0439 2388        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:14:49.0497 2388        exfat - ok
14:14:49.0590 2388        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:14:49.0636 2388        fastfat - ok
14:14:49.0747 2388        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:14:49.0790 2388        fdc - ok
14:14:49.0895 2388        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:14:49.0904 2388        FileInfo - ok
14:14:49.0987 2388        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:14:50.0045 2388        Filetrace - ok
14:14:50.0134 2388        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:50.0169 2388        flpydisk - ok
14:14:50.0275 2388        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:14:50.0287 2388        FltMgr - ok
14:14:50.0393 2388        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:14:50.0401 2388        FsDepends - ok
14:14:50.0484 2388        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:14:50.0493 2388        Fs_Rec - ok
14:14:50.0600 2388        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:14:50.0613 2388        fvevol - ok
14:14:50.0712 2388        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:50.0720 2388        gagp30kx - ok
14:14:50.0816 2388        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:14:50.0822 2388        hamachi - ok
14:14:50.0975 2388        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:14:51.0026 2388        hcw85cir - ok
14:14:51.0138 2388        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:14:51.0170 2388        HdAudAddService - ok
14:14:51.0283 2388        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:14:51.0313 2388        HDAudBus - ok
14:14:51.0411 2388        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:51.0441 2388        HidBatt - ok
14:14:51.0544 2388        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:14:51.0585 2388        HidBth - ok
14:14:51.0702 2388        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:14:51.0738 2388        HidIr - ok
14:14:51.0864 2388        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:14:51.0893 2388        HidUsb - ok
14:14:52.0008 2388        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:14:52.0017 2388        HpSAMD - ok
14:14:52.0115 2388        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:14:52.0186 2388        HTTP - ok
14:14:52.0279 2388        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:14:52.0288 2388        hwpolicy - ok
14:14:52.0495 2388        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:14:52.0506 2388        i8042prt - ok
14:14:52.0606 2388        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:14:52.0620 2388        iaStorV - ok
14:14:52.0723 2388        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:14:52.0731 2388        iirsp - ok
14:14:52.0880 2388        IntcAzAudAddService (2faaea2dc2719e67fd7c0d51f9e743f7) C:\Windows\system32\drivers\RTKVHD64.sys
14:14:52.0925 2388        IntcAzAudAddService - ok
14:14:53.0011 2388        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:14:53.0018 2388        intelide - ok
14:14:53.0134 2388        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:14:53.0161 2388        intelppm - ok
14:14:53.0260 2388        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:53.0288 2388        IpFilterDriver - ok
14:14:53.0377 2388        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:14:53.0419 2388        IPMIDRV - ok
14:14:53.0526 2388        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:14:53.0623 2388        IPNAT - ok
14:14:53.0787 2388        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:14:53.0869 2388        IRENUM - ok
14:14:53.0992 2388        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:14:54.0002 2388        isapnp - ok
14:14:54.0105 2388        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:14:54.0116 2388        iScsiPrt - ok
14:14:54.0238 2388        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:54.0247 2388        kbdclass - ok
14:14:54.0344 2388        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:54.0378 2388        kbdhid - ok
14:14:54.0481 2388        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:14:54.0491 2388        KSecDD - ok
14:14:54.0598 2388        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:14:54.0608 2388        KSecPkg - ok
14:14:54.0712 2388        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:14:54.0759 2388        ksthunk - ok
14:14:54.0886 2388        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:14:54.0937 2388        lltdio - ok
14:14:55.0055 2388        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:55.0065 2388        LSI_FC - ok
14:14:55.0162 2388        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:55.0170 2388        LSI_SAS - ok
14:14:55.0268 2388        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:55.0276 2388        LSI_SAS2 - ok
14:14:55.0384 2388        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:55.0393 2388        LSI_SCSI - ok
14:14:55.0480 2388        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:14:55.0510 2388        luafv - ok
14:14:55.0611 2388        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:14:55.0619 2388        megasas - ok
14:14:55.0737 2388        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:55.0750 2388        MegaSR - ok
14:14:55.0850 2388        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:14:55.0904 2388        Modem - ok
14:14:56.0023 2388        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:14:56.0060 2388        monitor - ok
14:14:56.0165 2388        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:14:56.0173 2388        mouclass - ok
14:14:56.0271 2388        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:14:56.0297 2388        mouhid - ok
14:14:56.0388 2388        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:14:56.0397 2388        mountmgr - ok
14:14:56.0477 2388        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:14:56.0487 2388        mpio - ok
14:14:56.0556 2388        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:14:56.0610 2388        mpsdrv - ok
14:14:56.0697 2388        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:14:56.0774 2388        MRxDAV - ok
14:14:56.0861 2388        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:56.0919 2388        mrxsmb - ok
14:14:57.0012 2388        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:57.0045 2388        mrxsmb10 - ok
14:14:57.0144 2388        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:57.0180 2388        mrxsmb20 - ok
14:14:57.0266 2388        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:14:57.0273 2388        msahci - ok
14:14:57.0355 2388        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:14:57.0365 2388        msdsm - ok
14:14:57.0462 2388        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:14:57.0508 2388        Msfs - ok
14:14:57.0698 2388        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:14:57.0755 2388        mshidkmdf - ok
14:14:57.0849 2388        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:14:57.0856 2388        msisadrv - ok
14:14:57.0956 2388        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:14:57.0983 2388        MSKSSRV - ok
14:14:58.0078 2388        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:58.0123 2388        MSPCLOCK - ok
14:14:58.0214 2388        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:14:58.0263 2388        MSPQM - ok
14:14:58.0358 2388        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:14:58.0371 2388        MsRPC - ok
14:14:58.0452 2388        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:14:58.0460 2388        mssmbios - ok
14:14:58.0541 2388        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:14:58.0585 2388        MSTEE - ok
14:14:58.0675 2388        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:58.0703 2388        MTConfig - ok
14:14:58.0790 2388        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:14:58.0799 2388        Mup - ok
14:14:58.0895 2388        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:14:58.0932 2388        NativeWifiP - ok
14:14:59.0052 2388        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:14:59.0075 2388        NDIS - ok
14:14:59.0172 2388        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:59.0221 2388        NdisCap - ok
14:14:59.0312 2388        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:59.0358 2388        NdisTapi - ok
14:14:59.0453 2388        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:59.0505 2388        Ndisuio - ok
14:14:59.0595 2388        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:59.0640 2388        NdisWan - ok
14:14:59.0735 2388        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:14:59.0789 2388        NDProxy - ok
14:14:59.0884 2388        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:14:59.0933 2388        NetBIOS - ok
14:15:00.0053 2388        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:15:00.0102 2388        NetBT - ok
14:15:00.0233 2388        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:00.0242 2388        nfrd960 - ok
14:15:00.0337 2388        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:15:00.0388 2388        Npfs - ok
14:15:00.0471 2388        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:15:00.0520 2388        nsiproxy - ok
14:15:00.0636 2388        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:15:00.0670 2388        Ntfs - ok
14:15:00.0746 2388        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:15:00.0792 2388        Null - ok
14:15:00.0889 2388        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:15:00.0899 2388        nvraid - ok
14:15:00.0984 2388        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:15:00.0995 2388        nvstor - ok
14:15:01.0097 2388        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:15:01.0106 2388        nv_agp - ok
14:15:01.0188 2388        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:15:01.0220 2388        ohci1394 - ok
14:15:01.0304 2388        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:15:01.0335 2388        Parport - ok
14:15:01.0421 2388        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:15:01.0429 2388        partmgr - ok
14:15:01.0515 2388        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:15:01.0525 2388        pci - ok
14:15:01.0606 2388        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:15:01.0614 2388        pciide - ok
14:15:01.0690 2388        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:01.0701 2388        pcmcia - ok
14:15:01.0778 2388        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:15:01.0786 2388        pcw - ok
14:15:01.0870 2388        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:15:01.0927 2388        PEAUTH - ok
14:15:02.0064 2388        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:02.0110 2388        PptpMiniport - ok
14:15:02.0197 2388        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:15:02.0237 2388        Processor - ok
14:15:02.0345 2388        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:15:02.0402 2388        Psched - ok
14:15:02.0506 2388        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:15:02.0539 2388        ql2300 - ok
14:15:02.0643 2388        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:02.0660 2388        ql40xx - ok
14:15:02.0755 2388        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:15:02.0801 2388        QWAVEdrv - ok
14:15:02.0920 2388        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:02.0974 2388        RasAcd - ok
14:15:03.0084 2388        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:03.0136 2388        RasAgileVpn - ok
14:15:03.0236 2388        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:03.0284 2388        Rasl2tp - ok
14:15:03.0381 2388        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:03.0440 2388        RasPppoe - ok
14:15:03.0535 2388        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:03.0585 2388        RasSstp - ok
14:15:03.0687 2388        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:03.0742 2388        rdbss - ok
14:15:03.0827 2388        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:03.0863 2388        rdpbus - ok
14:15:03.0953 2388        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:03.0998 2388        RDPCDD - ok
14:15:04.0104 2388        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:15:04.0153 2388        RDPENCDD - ok
14:15:04.0251 2388        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:15:04.0313 2388        RDPREFMP - ok
14:15:04.0411 2388        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:15:04.0462 2388        RDPWD - ok
14:15:04.0574 2388        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:15:04.0585 2388        rdyboost - ok
14:15:04.0695 2388        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:04.0749 2388        rspndr - ok
14:15:04.0877 2388        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:15:04.0892 2388        RTL8167 - ok
14:15:05.0022 2388        RTL8192su      (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:15:05.0039 2388        RTL8192su - ok
14:15:05.0180 2388        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:15:05.0213 2388        sbp2port - ok
14:15:05.0347 2388        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:05.0440 2388        scfilter - ok
14:15:05.0570 2388        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:15:05.0618 2388        secdrv - ok
14:15:05.0726 2388        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:15:05.0738 2388        Serenum - ok
14:15:05.0845 2388        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:15:05.0890 2388        Serial - ok
14:15:06.0028 2388        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:15:06.0042 2388        sermouse - ok
14:15:06.0126 2388        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:15:06.0160 2388        sffdisk - ok
14:15:06.0248 2388        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:06.0285 2388        sffp_mmc - ok
14:15:06.0373 2388        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:15:06.0409 2388        sffp_sd - ok
14:15:06.0491 2388        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:06.0502 2388        sfloppy - ok
14:15:06.0597 2388        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:06.0605 2388        SiSRaid2 - ok
14:15:06.0685 2388        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:06.0694 2388        SiSRaid4 - ok
14:15:06.0789 2388        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:15:06.0837 2388        Smb - ok
14:15:06.0948 2388        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:15:06.0955 2388        spldr - ok
14:15:07.0035 2388        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:15:07.0109 2388        srv - ok
14:15:07.0199 2388        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:07.0237 2388        srv2 - ok
14:15:07.0333 2388        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:07.0370 2388        srvnet - ok
14:15:07.0468 2388        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:15:07.0476 2388        stexstor - ok
14:15:07.0598 2388        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:15:07.0606 2388        swenum - ok
14:15:07.0879 2388        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:15:07.0918 2388        Tcpip - ok
14:15:08.0037 2388        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:08.0067 2388        TCPIP6 - ok
14:15:08.0148 2388        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:15:08.0195 2388        tcpipreg - ok
14:15:08.0295 2388        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:15:08.0347 2388        TDPIPE - ok
14:15:08.0432 2388        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:15:08.0478 2388        TDTCP - ok
14:15:08.0580 2388        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:15:08.0633 2388        tdx - ok
14:15:08.0764 2388        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:15:08.0772 2388        TermDD - ok
14:15:08.0861 2388        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:08.0915 2388        tssecsrv - ok
14:15:09.0044 2388        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:15:09.0090 2388        TsUsbFlt - ok
14:15:09.0208 2388        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:09.0254 2388        tunnel - ok
14:15:09.0334 2388        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:15:09.0342 2388        uagp35 - ok
14:15:09.0431 2388        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:15:09.0497 2388        udfs - ok
14:15:09.0627 2388        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:15:09.0635 2388        uliagpkx - ok
14:15:09.0735 2388        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:15:09.0762 2388        umbus - ok
14:15:09.0856 2388        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:15:09.0886 2388        UmPass - ok
14:15:10.0009 2388        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:15:10.0022 2388        usbaudio - ok
14:15:10.0110 2388        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:10.0126 2388        usbccgp - ok
14:15:10.0230 2388        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:15:10.0269 2388        usbcir - ok
14:15:10.0368 2388        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:15:10.0398 2388        usbehci - ok
14:15:10.0525 2388        usbfilter      (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
14:15:10.0533 2388        usbfilter - ok
14:15:10.0677 2388        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:10.0717 2388        usbhub - ok
14:15:10.0809 2388        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:15:10.0835 2388        usbohci - ok
14:15:10.0929 2388        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:15:10.0964 2388        usbprint - ok
14:15:11.0054 2388        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:11.0108 2388        USBSTOR - ok
14:15:11.0183 2388        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:15:11.0217 2388        usbuhci - ok
14:15:11.0327 2388        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:15:11.0335 2388        vdrvroot - ok
14:15:11.0439 2388        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:11.0451 2388        vga - ok
14:15:11.0530 2388        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:15:11.0583 2388        VgaSave - ok
14:15:11.0681 2388        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:15:11.0692 2388        vhdmp - ok
14:15:11.0779 2388        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:15:11.0787 2388        viaide - ok
14:15:11.0868 2388        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:15:11.0877 2388        volmgr - ok
14:15:11.0961 2388        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:15:11.0975 2388        volmgrx - ok
14:15:12.0063 2388        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:15:12.0075 2388        volsnap - ok
14:15:12.0180 2388        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:12.0190 2388        vsmraid - ok
14:15:12.0265 2388        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:12.0296 2388        vwifibus - ok
14:15:12.0397 2388        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:12.0437 2388        vwififlt - ok
14:15:12.0527 2388        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:15:12.0559 2388        WacomPen - ok
14:15:12.0668 2388        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:12.0694 2388        WANARP - ok
14:15:12.0731 2388        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:12.0758 2388        Wanarpv6 - ok
14:15:12.0861 2388        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:15:12.0869 2388        Wd - ok
14:15:12.0952 2388        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:15:12.0970 2388        Wdf01000 - ok
14:15:13.0085 2388        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:13.0111 2388        WfpLwf - ok
14:15:13.0193 2388        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:15:13.0201 2388        WIMMount - ok
14:15:13.0335 2388        WmBEnum        (7a58ba979f7acb3fc5310c771a1cf155) C:\Windows\system32\drivers\WmBEnum.sys
14:15:13.0341 2388        WmBEnum - ok
14:15:13.0456 2388        WmFilter        (8693a75c3ffd4a0c9e32be621fda71fb) C:\Windows\system32\drivers\WmFilter.sys
14:15:13.0462 2388        WmFilter - ok
14:15:13.0587 2388        WmHidLo        (e53e1727dadc3192ac63506c3b25f5b0) C:\Windows\system32\drivers\WmHidLo.sys
14:15:13.0593 2388        WmHidLo - ok
14:15:13.0680 2388        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:15:13.0709 2388        WmiAcpi - ok
14:15:13.0818 2388        WmVirHid        (3d9266ccd0f1edb020c7aa24d527942b) C:\Windows\system32\drivers\WmVirHid.sys
14:15:13.0824 2388        WmVirHid - ok
14:15:13.0913 2388        WmXlCore        (3cffdf56a00408913b1e51c67f999e2e) C:\Windows\system32\drivers\WmXlCore.sys
14:15:13.0920 2388        WmXlCore - ok
14:15:14.0019 2388        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:14.0047 2388        ws2ifsl - ok
14:15:14.0130 2388        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:15:14.0175 2388        WudfPf - ok
14:15:14.0295 2388        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:14.0343 2388        WUDFRd - ok
14:15:14.0404 2388        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:15:14.0587 2388        \Device\Harddisk0\DR0 - ok
14:15:14.0592 2388        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:15:14.0728 2388        \Device\Harddisk1\DR1 - ok
14:15:14.0759 2388        Boot (0x1200)  (e99e4a9ae3a854f2edf1978b2c70421f) \Device\Harddisk0\DR0\Partition0
14:15:14.0760 2388        \Device\Harddisk0\DR0\Partition0 - ok
14:15:14.0770 2388        Boot (0x1200)  (92b8f436008084aff0267b51ed6184a5) \Device\Harddisk0\DR0\Partition1
14:15:14.0771 2388        \Device\Harddisk0\DR0\Partition1 - ok
14:15:14.0810 2388        Boot (0x1200)  (a549e879ecbf85aa75f70ed669e492c8) \Device\Harddisk0\DR0\Partition2
14:15:14.0810 2388        \Device\Harddisk0\DR0\Partition2 - ok
14:15:14.0815 2388        Boot (0x1200)  (ddd33bf2ffc07699d33c8ca78584eb58) \Device\Harddisk1\DR1\Partition0
14:15:14.0817 2388        \Device\Harddisk1\DR1\Partition0 - ok
14:15:14.0817 2388        ============================================================
14:15:14.0817 2388        Scan finished
14:15:14.0817 2388        ============================================================
14:15:14.0830 1944        Detected object count: 0
14:15:14.0830 1944        Actual detected object count: 0

cosinus 23.01.2012 11:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

88Tobi88 24.01.2012 16:05
[code]
Combofix Logfile:
Code:
ComboFix 12-01-23.02 - Tobi 24.01.2012  15:43:48.1.3 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2868 [GMT 1:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-24 bis 2012-01-24  ))))))))))))))))))))))))))))))
.
.
2012-01-24 14:48 . 2012-01-24 14:48        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-01-24 14:48 . 2012-01-24 14:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-23 18:10 . 2012-01-23 18:10        --------        d-----w-        C:\found.000
2012-01-20 20:08 . 2012-01-20 20:08        --------        d-----w-        c:\program files\NTCore
2012-01-18 18:45 . 2012-01-18 18:45        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-01-18 18:44 . 2012-01-18 18:44        476904        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-01-18 18:44 . 2012-01-18 18:44        --------        d-----w-        c:\program files (x86)\Java
2012-01-14 21:59 . 2012-01-14 21:59        --------        d-----w-        c:\program files (x86)\VirtualDJ
2012-01-12 14:14 . 2012-01-12 14:14        --------        d-----w-        C:\_OTL
2012-01-11 16:22 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 16:22 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 16:22 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 16:22 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 16:22 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 16:22 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-11 16:22 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 16:22 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-01-04 15:00 . 2012-01-04 15:00        --------        d-----w-        c:\users\Tobi\.thumbnails
2012-01-03 19:38 . 2012-01-03 19:38        --------        d-----w-        c:\program files (x86)\ESET
2011-12-28 17:59 . 2011-12-28 17:59        --------        d-----w-        c:\users\Gast\AppData\Roaming\Malwarebytes
2011-12-28 16:55 . 2011-12-28 16:55        --------        d-----w-        c:\users\Tobi\AppData\Roaming\Malwarebytes
2011-12-28 16:54 . 2011-12-28 16:54        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-28 16:54 . 2011-07-06 18:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-28 16:54 . 2011-12-28 16:56        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-28 16:54 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-27 12:34 . 2011-12-27 12:34        --------        d-----w-        c:\users\Gast\AppData\Roaming\Notepad++
2011-12-26 17:25 . 2011-12-26 17:51        --------        d-----w-        c:\program files (x86)\Skiregion Simulator 2012
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 11:15 . 2011-09-11 18:04        3537752        ----a-w-        c:\windows\RXSUnins.exe
2012-01-19 11:15 . 2011-09-11 18:04        3537752        ----a-w-        c:\windows\RXCUnins.exe
2012-01-18 18:44 . 2011-08-26 20:02        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-01-09 18:38 . 2011-11-01 14:38        234536        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-01-09 18:38 . 2011-11-01 14:38        234536        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2011-12-12 13:40 . 2009-08-18 11:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-12 13:40 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-08 13:12 . 2011-11-10 15:49        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-15 12:30        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-20 14:32        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DA1C7F2-012B-4175-9386-21910A604283}\mpengine.dll
2011-11-05 05:32 . 2011-12-15 12:30        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 12:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 14:47        2309120        ----a-w-        c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 14:47        1390080        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 14:47        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 14:47        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 14:47        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 14:47        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 14:47        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 14:47        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-11-02 19:29 . 2011-08-24 13:20        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 14:37 . 2011-11-01 14:37        75064        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Start WingMan Profiler"="c:\program files (x86)\Logitech\Profiler\lwemon.exe" [2003-08-07 77824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Radio.fx.LNK - c:\program files (x86)\Tobit Radio.fx\Client\rfx-client.exe [2011-9-11 6890840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2012-01-19 3665752]
S2 TeamViewer7;TeamViewer 7;c:\users\Tobi\temp\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-14 10918504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube Download - c:\users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5l36xpih.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2175561867-3494938085-942050202-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,b1,f6,57,3e,98,ed,ba,59,73,d4,f8,84,4f,c0,5d,9e,51,35,7a,b5,
  21,b4,ff,a4,06,ae,52,f1,ec,a7,f2,14,c0,c3,0e,e5,8a,2a,26,67,75,d4,4f,40,a3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-24  15:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-24 14:55
.
Vor Suchlauf: 12 Verzeichnis(se), 858.266.591.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 863.849.537.536 Bytes frei
.
- - End Of File - - 1A4B30DA45CF15D647F962A08D19680A
--- --- ---

cosinus 24.01.2012 16:17
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

88Tobi88 24.01.2012 17:55
so ich als leihe erkenne dort schon mind. eine infektion

cosinus 24.01.2012 20:32
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
:Files
C:\Windows\system32\consrv.dll
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

88Tobi88 07.02.2012 20:56
entschuldige bitte das es etwas länger gedauert hatte hatte wenig zeit

Code:
All processes killed
========== FILES ==========
File\Folder C:\Windows\system32\consrv.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tobi
->Temp folder emptied: 1005019150 bytes
->Temporary Internet Files folder emptied: 10880687 bytes
->Java cache emptied: 5827 bytes
->FireFox cache emptied: 1104740597 bytes
->Flash cache emptied: 6874 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 746171 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 14544345292 bytes
 
Total Files Cleaned = 15.894,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02072012_204457

Files\Folders moved on Reboot...
C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 07.02.2012 22:11
Mach bitte ein neues Log mit aswMBR

88Tobi88 08.02.2012 16:40
Code:
aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 16:13:56
-----------------------------
16:13:56.656    OS Version: Windows x64 6.1.7601 Service Pack 1
16:13:56.656    Number of processors: 3 586 0x503
16:13:56.657    ComputerName: TOBI-PC  UserName: Tobi
16:14:00.074    Initialize success
16:14:00.132    AVAST engine defs: 12020800
16:19:15.237    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:19:15.239    Disk 0 Vendor: Hitachi_HCS5C1010CLA382 JC4OA3EA Size: 953869MB BusType: 11
16:19:15.281    Disk 0 MBR read successfully
16:19:15.283    Disk 0 MBR scan
16:19:15.287    Disk 0 Windows 7 default MBR code
16:19:15.290    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:19:15.300    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      922023 MB offset 206848
16:19:15.339    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 1888509952
16:19:15.358    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 1951424512
16:19:15.368    Service scanning
16:19:20.410    Modules scanning
16:19:20.415    Disk 0 trace - called modules:
16:19:20.449    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:19:20.785    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004981790]
16:19:20.798    3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80047db680]
16:19:23.764    AVAST engine scan C:\Windows
16:19:33.268    AVAST engine scan C:\Windows\system32
16:19:47.480    File: C:\Windows\system32\consrv.dll  **INFECTED** Win32:Sirefef-JQ [Trj]
16:21:29.126    AVAST engine scan C:\Windows\system32\drivers
16:21:42.084    AVAST engine scan C:\Users\Tobi
16:32:31.674    AVAST engine scan C:\ProgramData
16:33:00.580    Scan finished successfully
16:36:31.322    Disk 0 MBR has been saved successfully to "C:\Users\Tobi\Desktop\MBR.dat"
16:36:31.335    The log file has been saved successfully to "C:\Users\Tobi\Desktop\aswMBR.txt"
so bitteschön

cosinus 09.02.2012 09:38
Zitat:
C:\Windows\system32\consrv.dll
Kannst du diese Datei manuell löschen?

88Tobi88 09.02.2012 20:04
ich konnte es manuel löschen
aber als ich es im papierkorb hatte meldete sich mein virus programm

cosinus 09.02.2012 22:31
Ja das musst du ignorieren damit es gelöscht werden kann! Sonst bleibt diese Datei immer bestehen!

88Tobi88 10.02.2012 13:47
ich habe meinen viren programm gesagt das es die datei löschen soll


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:27 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19