| |
| |||||||
Log-Analyse und Auswertung: Musik startet bei Windows Start im HintergrundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.06.2011, 14:36
| #1 |
 |  Musik startet bei Windows Start im Hintergrund Hallo Board, ich hatte mir gestern leider einen Fakehack unter die Nase reiben lassen (Hack in einem Spiel) und ihn ausgeführt. Dann startete eine komische Musik (Hört sich an wie bei Core Keygens oder auch ein wenig was von Tetris). Habe den PC ausgemacht und wieder an, darauf hin hat das Booten länger gedauert, vorallem bei Willkommen gab es bei Windows 7 eine längere Wartezeit. Dann fängt wieder die Musik an, welche in einer Endlosschleife ist. Habe dann in den Audioeinstellungen das hier gefunden:  Wenn ich bei "Name nicht verfügbar" den Ton runter machen möchte geht er auf die Lautstärke von "Lautsprecher" = Max. und lautlos geht es erst recht nicht. Habe mit CCleaner schon in den Autostart geschaut  Avira AntiVir Personal hat gestern sich auch zu Wort gemeldet:  Geholfen hat das in Quarantäne verschieben aber nicht. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2011 15:23:20 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,00% Memory free 7,99 Gb Paging File | 5,84 Gb Available in Paging File | 73,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 98,36 Gb Free Space | 34,36% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.08 15:07:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2011.06.07 21:44:21 | 000,826,368 | ---- | M] () -- C:\Windows\winaudio\winaudio.exe PRC - [2011.05.11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2011.05.10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2011.05.10 22:27:38 | 005,607,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2011.05.10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe PRC - [2011.05.10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe PRC - [2011.05.10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011.05.01 10:57:51 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.27 11:32:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.18 17:27:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.04 13:24:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.07 14:03:07 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010.10.07 14:03:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010.02.22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe ========== Modules (SafeList) ========== MOD - [2011.06.08 15:07:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.06.07 21:44:21 | 000,826,368 | ---- | M] () [Auto | Running] -- C:\Windows\winaudio\winaudio.exe -- (winaudio) SRV - [2011.05.18 15:06:58 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll -- (Akamai) SRV - [2011.05.11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService) SRV - [2011.05.10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService) SRV - [2011.05.10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe -- (SDMonitorService) SRV - [2011.05.10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe -- (SDFirewallService) SRV - [2011.05.10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService) SRV - [2011.04.27 11:32:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.18 17:27:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.29 22:42:40 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.10.07 14:03:07 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010.10.07 14:03:00 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.08.01 14:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.12.17 06:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 06:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 17:40:42 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.17 19:15:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.01.01 19:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.08 04:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.08 04:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.21 21:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.02 19:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:31:08 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.11 23:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.01.09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008.05.20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.09.02 19:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.10 19:33:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.10 19:33:45 | 000,000,000 | ---D | M] [2010.10.13 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.13 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.06.08 15:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions [2010.11.15 22:34:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.08.26 19:15:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.11 21:04:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.17 19:00:15 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\autofillForms@blueimp.net [2010.07.17 19:56:56 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\battlefieldheroespatcher@ea.com [2011.06.04 21:21:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin-1.xml [2010.07.31 21:14:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin-2.xml [2010.07.24 18:10:33 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin.xml [2011.02.28 20:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.23 22:27:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.23 22:27:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.26 23:59:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.26 23:59:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.26 23:59:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.26 23:59:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.26 23:59:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.03 03:08:57 | 000,001,262 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\IconPackager\iprepair.dll (Stardock.net, Inc) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell - "" = AutoRun O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.07 22:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2011.06.07 22:05:50 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2011.06.07 22:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2011.06.07 21:44:21 | 000,000,000 | ---D | C] -- C:\Windows\winaudio [2011.05.28 01:04:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\FidoCFNA [2011.05.23 15:27:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.05.23 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.10 19:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.05.10 19:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.05.10 19:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.10.06 22:10:57 | 004,322,304 | ---- | C] (HUGO @ Underground-Economy.biz) -- C:\Users\***\AppData\Local\27940.exe [2009.10.29 06:22:35 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.06.08 15:21:57 | 000,221,816 | ---- | M] () -- C:\Users\***\Desktop\cc.jpg [2011.06.08 15:18:11 | 000,079,534 | ---- | M] () -- C:\Users\***\Desktop\mixxer.jpg [2011.06.08 15:07:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.08 14:59:01 | 000,009,810 | ---- | M] () -- C:\Users\***\Desktop\Scan Results.2011-06-08 14-58-33 [2011.06.08 14:34:01 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48628965-1448607946-2689766442-1001UA.job [2011.06.08 14:20:10 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.08 14:20:10 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.08 14:12:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.08 14:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.08 14:12:05 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys [2011.06.07 22:24:50 | 465,025,793 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.07 22:05:51 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011.06.07 18:33:18 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.07 18:33:18 | 000,654,334 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.07 18:33:18 | 000,615,958 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.07 18:33:18 | 000,131,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.07 18:33:18 | 000,107,594 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.07 17:34:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48628965-1448607946-2689766442-1001Core.job ========== Files Created - No Company Name ========== [2011.06.08 15:21:56 | 000,221,816 | ---- | C] () -- C:\Users\***\Desktop\cc.jpg [2011.06.08 15:18:09 | 000,079,534 | ---- | C] () -- C:\Users\***\Desktop\mixxer.jpg [2011.06.08 14:59:01 | 000,009,810 | ---- | C] () -- C:\Users\***\Desktop\Scan Results.2011-06-08 14-58-33 [2011.06.07 22:09:19 | 465,025,793 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.06.07 22:05:51 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2011.06.07 22:05:51 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2011.05.10 19:33:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2010.10.13 17:52:40 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin [2010.09.20 19:08:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.08.08 11:44:16 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.08.08 00:27:45 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.08 00:24:38 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.07.18 12:06:08 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.07.17 20:25:15 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.17 20:25:11 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe [2010.07.17 20:25:11 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.17 01:43:59 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.07.09 17:04:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.07.08 18:15:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.06 18:18:37 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.06 14:08:43 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2010.07.06 14:08:43 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2010.07.06 14:08:43 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2010.07.06 14:08:43 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2010.07.06 14:08:43 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2010.07.06 14:08:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2010.07.06 14:08:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2010.07.06 14:08:43 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2010.07.06 14:08:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2010.07.06 14:08:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2010.07.06 14:08:43 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2010.07.06 14:08:43 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2010.07.06 14:08:43 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010.07.06 14:08:43 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.07.06 14:08:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2010.07.06 14:08:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2010.07.06 14:08:42 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2010.07.06 14:08:42 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2010.07.06 14:08:42 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2010.07.03 10:25:51 | 000,003,810 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.07.03 03:34:08 | 000,000,067 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.03 01:40:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.07.03 01:39:42 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.23 03:41:39 | 000,001,745 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010.03.22 19:30:57 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2010.03.22 19:11:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.03.22 19:11:30 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.03.22 19:11:30 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.03.22 19:11:30 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.10.28 20:51:17 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.10.28 20:51:17 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.10.28 20:51:17 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.10.28 20:02:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2010.10.14 13:25:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.12.12 01:48:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2010.10.13 17:44:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop [2010.07.26 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.08.05 23:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.11.25 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2010.09.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.04.09 21:00:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.07.23 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2010.07.31 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.10.15 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.12.03 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2010.08.23 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2010.10.13 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2010.07.04 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.22 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia [2011.06.07 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sysutils_Update [2010.07.24 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.09.29 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox [2010.07.03 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.09.30 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ViquaSoft [2011.04.07 11:28:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > Geändert von Baracho (08.06.2011 um 14:51 Uhr) |
|
08.06.2011, 14:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Musik startet bei Windows Start im Hintergrund Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
08.06.2011, 17:10
| #3 |
| | Musik startet bei Windows Start im Hintergrund Neue LOG-Datei von Malwarebytes:
__________________Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6809 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.06.2011 18:06:41 LogDatei Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 483625 Laufzeit: 1 Stunde(n), 54 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
08.06.2011, 21:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2010.10.06 22:10:57 | 004,322,304 | ---- | C] (HUGO @ Underground-Economy.biz) -- C:\Users\***\AppData\Local\27940.exe
[2009.10.29 06:22:35 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell - "" = AutoRun
O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell\AutoRun\command - "" = H:\autorun.exe
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2011, 14:04
| #5 |
| | Musik startet bei Windows Start im HintergrundCode:
ATTFilter ========== OTL ==========
C:\Users\***\AppData\Local\27940.exe moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.
File H:\autorun.exe not found.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 06092011_145825
Die Musik ist immer noch da - Jingle Bells  |
|
09.06.2011, 14:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Musik startet bei Windows Start im Hintergrund |
|
09.06.2011, 14:44
| #7 |
| | Musik startet bei Windows Start im HintergrundCode:
ATTFilter
2011/06/09 15:41:50.0461 0792 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 15:41:50.0970 0792 ================================================================================
2011/06/09 15:41:50.0971 0792 SystemInfo:
2011/06/09 15:41:50.0971 0792
2011/06/09 15:41:50.0971 0792 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/09 15:41:50.0971 0792 Product type: Workstation
2011/06/09 15:41:50.0972 0792 ComputerName: ***-PC
2011/06/09 15:41:50.0972 0792 UserName: ***
2011/06/09 15:41:50.0972 0792 Windows directory: C:\Windows
2011/06/09 15:41:50.0972 0792 System windows directory: C:\Windows
2011/06/09 15:41:50.0972 0792 Running under WOW64
2011/06/09 15:41:50.0972 0792 Processor architecture: Intel x64
2011/06/09 15:41:50.0972 0792 Number of processors: 2
2011/06/09 15:41:50.0972 0792 Page size: 0x1000
2011/06/09 15:41:50.0972 0792 Boot type: Normal boot
2011/06/09 15:41:50.0972 0792 ================================================================================
2011/06/09 15:41:52.0543 0792 Initialize success
2011/06/09 15:42:04.0006 1504 ================================================================================
2011/06/09 15:42:04.0006 1504 Scan started
2011/06/09 15:42:04.0006 1504 Mode: Manual;
2011/06/09 15:42:04.0006 1504 ================================================================================
2011/06/09 15:42:04.0780 1504 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/09 15:42:04.0921 1504 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/09 15:42:04.0964 1504 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/09 15:42:05.0077 1504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/09 15:42:05.0232 1504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/09 15:42:05.0390 1504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/09 15:42:05.0646 1504 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/09 15:42:05.0814 1504 AgereSoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/09 15:42:05.0925 1504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/09 15:42:06.0081 1504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/09 15:42:06.0105 1504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/09 15:42:06.0140 1504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/09 15:42:06.0453 1504 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/09 15:42:06.0807 1504 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/09 15:42:06.0865 1504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/09 15:42:07.0053 1504 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/09 15:42:07.0173 1504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/09 15:42:07.0290 1504 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/09 15:42:07.0413 1504 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/09 15:42:07.0458 1504 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/09 15:42:07.0565 1504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/09 15:42:07.0610 1504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/09 15:42:07.0729 1504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 15:42:07.0787 1504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/09 15:42:07.0913 1504 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/09 15:42:08.0050 1504 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/09 15:42:08.0332 1504 atikmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/09 15:42:08.0464 1504 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/09 15:42:08.0576 1504 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/09 15:42:08.0684 1504 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/09 15:42:08.0755 1504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/09 15:42:08.0869 1504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/09 15:42:08.0948 1504 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/09 15:42:09.0090 1504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/09 15:42:09.0223 1504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/09 15:42:09.0392 1504 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 15:42:09.0443 1504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/09 15:42:09.0459 1504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/09 15:42:09.0487 1504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/09 15:42:09.0572 1504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/09 15:42:09.0608 1504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/09 15:42:09.0626 1504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/09 15:42:09.0645 1504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/09 15:42:09.0776 1504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 15:42:09.0904 1504 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 15:42:09.0964 1504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/09 15:42:10.0085 1504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/09 15:42:10.0213 1504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/09 15:42:10.0244 1504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/09 15:42:10.0377 1504 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/09 15:42:10.0485 1504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/09 15:42:10.0563 1504 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/09 15:42:10.0659 1504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/09 15:42:10.0815 1504 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 15:42:10.0870 1504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/09 15:42:10.0960 1504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/09 15:42:11.0112 1504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 15:42:11.0177 1504 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 15:42:11.0373 1504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/09 15:42:11.0661 1504 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/09 15:42:11.0730 1504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/09 15:42:11.0899 1504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/09 15:42:11.0962 1504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/09 15:42:12.0109 1504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 15:42:12.0268 1504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 15:42:12.0486 1504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 15:42:12.0514 1504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 15:42:12.0632 1504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 15:42:12.0683 1504 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 15:42:12.0800 1504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/09 15:42:12.0917 1504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 15:42:12.0974 1504 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/09 15:42:13.0074 1504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/09 15:42:13.0158 1504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 15:42:13.0343 1504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/09 15:42:13.0410 1504 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 15:42:13.0513 1504 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 15:42:13.0577 1504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/09 15:42:13.0644 1504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/09 15:42:13.0677 1504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/09 15:42:13.0736 1504 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 15:42:13.0840 1504 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/09 15:42:13.0996 1504 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 15:42:14.0133 1504 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/09 15:42:14.0178 1504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 15:42:14.0289 1504 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/09 15:42:14.0488 1504 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/09 15:42:14.0773 1504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/09 15:42:14.0946 1504 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/09 15:42:15.0073 1504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/09 15:42:15.0103 1504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 15:42:15.0149 1504 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 15:42:15.0254 1504 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/09 15:42:15.0295 1504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/09 15:42:15.0406 1504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 15:42:15.0448 1504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/09 15:42:15.0529 1504 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 15:42:15.0595 1504 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/06/09 15:42:15.0693 1504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 15:42:15.0816 1504 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 15:42:15.0875 1504 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 15:42:16.0015 1504 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/09 15:42:16.0094 1504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/09 15:42:16.0185 1504 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/06/09 15:42:16.0263 1504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 15:42:16.0389 1504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/09 15:42:16.0424 1504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/09 15:42:16.0509 1504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/09 15:42:16.0546 1504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/09 15:42:16.0593 1504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/09 15:42:16.0747 1504 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/09 15:42:16.0821 1504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/09 15:42:16.0852 1504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/09 15:42:16.0953 1504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/09 15:42:17.0067 1504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 15:42:17.0113 1504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 15:42:17.0218 1504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 15:42:17.0257 1504 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 15:42:17.0305 1504 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/09 15:42:17.0472 1504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 15:42:17.0544 1504 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 15:42:17.0686 1504 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 15:42:17.0738 1504 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 15:42:17.0776 1504 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 15:42:17.0862 1504 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/09 15:42:17.0894 1504 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/09 15:42:17.0943 1504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 15:42:18.0032 1504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/09 15:42:18.0056 1504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/09 15:42:18.0094 1504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 15:42:18.0168 1504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 15:42:18.0195 1504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 15:42:18.0228 1504 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 15:42:18.0336 1504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 15:42:18.0362 1504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 15:42:18.0393 1504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/09 15:42:18.0481 1504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/09 15:42:18.0509 1504 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/06/09 15:42:18.0532 1504 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/06/09 15:42:18.0628 1504 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/06/09 15:42:18.0689 1504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 15:42:18.0796 1504 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/09 15:42:18.0918 1504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/09 15:42:18.0954 1504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 15:42:18.0978 1504 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 15:42:19.0077 1504 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 15:42:19.0113 1504 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 15:42:19.0216 1504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 15:42:19.0288 1504 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 15:42:19.0397 1504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/09 15:42:19.0460 1504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 15:42:19.0553 1504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 15:42:19.0626 1504 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 15:42:19.0770 1504 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/06/09 15:42:19.0824 1504 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/09 15:42:19.0917 1504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/09 15:42:19.0963 1504 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/09 15:42:19.0986 1504 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/09 15:42:20.0008 1504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/09 15:42:20.0099 1504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 15:42:20.0158 1504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/09 15:42:20.0202 1504 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 15:42:20.0304 1504 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/09 15:42:20.0353 1504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/09 15:42:20.0382 1504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/09 15:42:20.0495 1504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/09 15:42:20.0554 1504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/09 15:42:20.0804 1504 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 15:42:20.0854 1504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/09 15:42:20.0969 1504 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 15:42:21.0032 1504 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/09 15:42:21.0160 1504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/09 15:42:21.0282 1504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/09 15:42:21.0395 1504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 15:42:21.0426 1504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 15:42:21.0455 1504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/09 15:42:21.0565 1504 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 15:42:21.0624 1504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 15:42:21.0726 1504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 15:42:21.0790 1504 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 15:42:21.0887 1504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/09 15:42:21.0931 1504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 15:42:21.0955 1504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 15:42:22.0038 1504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/09 15:42:22.0080 1504 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 15:42:22.0116 1504 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/09 15:42:22.0272 1504 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/06/09 15:42:22.0354 1504 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/06/09 15:42:22.0453 1504 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/09 15:42:22.0508 1504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 15:42:22.0619 1504 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/09 15:42:22.0678 1504 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/09 15:42:22.0772 1504 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/09 15:42:22.0952 1504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 15:42:23.0016 1504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/09 15:42:23.0033 1504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/09 15:42:23.0053 1504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/09 15:42:23.0091 1504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/09 15:42:23.0166 1504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/09 15:42:23.0191 1504 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/09 15:42:23.0208 1504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/09 15:42:23.0237 1504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/09 15:42:23.0257 1504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/09 15:42:23.0282 1504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 15:42:23.0393 1504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/09 15:42:23.0496 1504 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/06/09 15:42:23.0496 1504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/06/09 15:42:23.0502 1504 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 15:42:23.0613 1504 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 15:42:23.0717 1504 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 15:42:23.0778 1504 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/09 15:42:23.0906 1504 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/09 15:42:24.0039 1504 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/09 15:42:24.0158 1504 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 15:42:24.0295 1504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/09 15:42:24.0339 1504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 15:42:24.0539 1504 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 15:42:24.0725 1504 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 15:42:24.0833 1504 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 15:42:24.0878 1504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 15:42:24.0904 1504 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 15:42:24.0995 1504 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 15:42:25.0048 1504 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 15:42:25.0180 1504 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 15:42:25.0289 1504 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 15:42:25.0323 1504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/09 15:42:25.0366 1504 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/06/09 15:42:25.0477 1504 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 15:42:25.0532 1504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/09 15:42:25.0633 1504 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 15:42:25.0674 1504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/09 15:42:25.0765 1504 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/09 15:42:25.0863 1504 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 15:42:25.0907 1504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/09 15:42:25.0941 1504 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 15:42:26.0039 1504 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/09 15:42:26.0102 1504 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 15:42:26.0175 1504 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/09 15:42:26.0218 1504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 15:42:26.0299 1504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/09 15:42:26.0377 1504 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 15:42:26.0431 1504 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 15:42:26.0534 1504 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/09 15:42:26.0615 1504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/09 15:42:26.0704 1504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 15:42:26.0746 1504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/09 15:42:26.0825 1504 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/09 15:42:26.0877 1504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/09 15:42:26.0931 1504 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/09 15:42:27.0026 1504 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 15:42:27.0082 1504 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/09 15:42:27.0127 1504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/09 15:42:27.0208 1504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/09 15:42:27.0329 1504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/09 15:42:27.0383 1504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/09 15:42:27.0418 1504 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 15:42:27.0444 1504 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 15:42:27.0552 1504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/09 15:42:27.0614 1504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 15:42:27.0739 1504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/09 15:42:27.0775 1504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/09 15:42:27.0962 1504 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/09 15:42:28.0031 1504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/09 15:42:28.0133 1504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 15:42:28.0193 1504 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/06/09 15:42:28.0281 1504 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/06/09 15:42:28.0364 1504 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/09 15:42:28.0502 1504 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 15:42:28.0733 1504 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/09 15:42:28.0754 1504 ================================================================================
2011/06/09 15:42:28.0754 1504 Scan finished
2011/06/09 15:42:28.0754 1504 ================================================================================
2011/06/09 15:42:28.0768 2812 Detected object count: 1
2011/06/09 15:42:28.0768 2812 Actual detected object count: 1
2011/06/09 15:42:40.0605 2812 LockedFile.Multi.Generic(sptd) - User select action: Skip
hxxp://i52.tinypic.com/16aqn3p.png Ok, dass ist von Deamon Tools für meine Sicherheitskopien von alten Urlaubsfilmen. Geändert von Baracho (09.06.2011 um 15:04 Uhr) |
|
09.06.2011, 15:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2011, 19:46
| #9 |
| | Musik startet bei Windows Start im Hintergrund Habe alles genau so ausgeführt aber ich bekomme Bluescreen: "A problem has been detected and windows has been shut down to prevent damage to your computer ... Thechnical information: *** STOP: 0x000000F4 ..." Habe es schon im abgesicherten Modus und immer als Admin versucht. |
|
09.06.2011, 19:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2011, 20:07
| #11 |
| | Musik startet bei Windows Start im Hintergrund Noch 3x probiert - immer Bluescreen.Ich denke wenn ich Windows neu aufsetze sollte ja alles wieder gehen ? Aber kann ich das so einfach machen, da er vll auf einen USB-Stick übertragen wird wenn ich Daten retten möchte ? Ist ein KeyLogger drin oder kann man all diese Fragen noch nicht beantworten. Mich würde es natürlch am besten gefallen, wenn ich mein jetziges System behalten könnte |
|
09.06.2011, 20:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund CF läuft nicht immer. Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2011, 21:11
| #13 |
| | Musik startet bei Windows Start im HintergrundCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7540
Logical Drives Mask: 0x0000005c
Kernel Drivers (total 174):
0x0385F000 \SystemRoot\system32\ntoskrnl.exe
0x03816000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C9D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CAA000 \SystemRoot\system32\PSHED.dll
0x00CBE000 \SystemRoot\system32\CLFS.SYS
0x00D1C000 \SystemRoot\system32\CI.dll
0x00E44000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01065000 \SystemRoot\System32\Drivers\spyc.sys
0x0118B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01194000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011C3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EF7000 \SystemRoot\system32\DRIVERS\pci.sys
0x011D0000 \SystemRoot\System32\drivers\partmgr.sys
0x011E5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011EE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F9B000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FBE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E10000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x00C00000 \SystemRoot\system32\DRIVERS\storport.sys
0x00E24000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01296000 \SystemRoot\system32\drivers\fltmgr.sys
0x012E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x012F6000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0141C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01302000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01360000 \SystemRoot\System32\Drivers\cng.sys
0x015D9000 \SystemRoot\System32\drivers\pcw.sys
0x015EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0160A000 \SystemRoot\system32\drivers\ndis.sys
0x016FC000 \SystemRoot\system32\drivers\NETIO.SYS
0x0175C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01787000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017D3000 \SystemRoot\System32\Drivers\spldr.sys
0x01200000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DB000 \SystemRoot\System32\Drivers\mup.sys
0x017ED000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0123A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C62000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017F6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x02AA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02AD1000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02ADA000 \SystemRoot\System32\Drivers\Null.SYS
0x02AE3000 \SystemRoot\System32\Drivers\Beep.SYS
0x02AEA000 \SystemRoot\System32\drivers\vga.sys
0x02AF8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B1D000 \SystemRoot\System32\drivers\watchdog.sys
0x02B2D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B36000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B3F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02B48000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B53000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03803000 \SystemRoot\System32\drivers\tcpip.sys
0x02B64000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02BAE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BCC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x03A0A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A4F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A58000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A7E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A94000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03AA3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ABE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03AD2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03B23000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B2F000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x03B42000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x03B4A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03B55000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03B60000 \SystemRoot\System32\drivers\discache.sys
0x03B6F000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B8D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B9E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03BE6000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03A00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03CD2000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04602000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03EDB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04045000 \SystemRoot\system32\DRIVERS\athrx.sys
0x041C1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x041CE000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x041D7000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x041DF000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x041E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x041F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03D1D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04000000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x0400D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0400F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04020000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04025000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03EBB000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x03EC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03D73000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x03FCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03DB4000 \SystemRoot\System32\Drivers\arp8x3pe.SYS
0x03FDE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03FEE000 \SystemRoot\System32\Drivers\RootMdm.sys
0x03C00000 \SystemRoot\system32\drivers\modem.sys
0x03C0F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C25000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03C49000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C84000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C9F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02A8A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF6000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x04043000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04245000 \SystemRoot\system32\DRIVERS\ks.sys
0x04288000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0429A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042F4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04309000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x0432A000 \SystemRoot\system32\drivers\portcls.sys
0x04367000 \SystemRoot\system32\drivers\drmk.sys
0x04389000 \SystemRoot\system32\drivers\ksthunk.sys
0x05803000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A4F000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05B80000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05B8E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BA7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05BB0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05BB9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05BC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A2E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05A3C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05BE3000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x059E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x0438F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0439B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x043A9000 \SystemRoot\system32\drivers\luafv.sys
0x043CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x04200000 \SystemRoot\system32\drivers\WudfPf.sys
0x00920000 \SystemRoot\System32\ATMFD.DLL
0x04221000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0363D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03690000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x036A3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x036BB000 \SystemRoot\system32\drivers\HTTP.sys
0x03783000 \SystemRoot\system32\DRIVERS\bowser.sys
0x037A1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x037B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05E2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E79000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E9C000 \SystemRoot\system32\drivers\peauth.sys
0x05F42000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05F4D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05F7A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05F8C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x088FB000 \SystemRoot\System32\DRIVERS\srv.sys
0x08990000 \??\C:\Windows\system32\drivers\mbam.sys
0x08871000 \??\C:\Users\GOLDHA~1\AppData\Local\Temp\00557A1.tmp
0x77180000 \Windows\System32\ntdll.dll
0x47840000 \Windows\System32\smss.exe
0xFF4A0000 \Windows\System32\apisetschema.dll
Processes (total 61):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
452 csrss.exe
516 C:\Windows\System32\wininit.exe
552 csrss.exe
580 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
772 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\audiodg.exe
788 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\spoolsv.exe
1292 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1312 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\dwm.exe
1544 C:\Windows\explorer.exe
1616 C:\Windows\SysWOW64\svchost.exe
1660 C:\Windows\System32\taskhost.exe
1712 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1884 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1912 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1964 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1996 C:\Windows\System32\svchost.exe
2032 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1360 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1800 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1820 C:\Windows\System32\conhost.exe
2244 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2368 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2400 C:\Windows\SysWOW64\PnkBstrA.exe
2428 C:\Windows\SysWOW64\PnkBstrB.exe
2464 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
2564 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
2640 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2724 C:\Windows\winaudio\winaudio.exe
2764 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\FXSSVC.exe
2208 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
2340 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2256 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
3232 C:\Windows\System32\SearchIndexer.exe
3520 C:\Windows\System32\svchost.exe
3844 C:\Program Files\Windows Media Player\wmpnetwk.exe
3256 C:\Windows\System32\svchost.exe
4988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4532 C:\Windows\System32\wuauclt.exe
4392 C:\Windows\System32\taskeng.exe
3468 C:\Windows\System32\SearchProtocolHost.exe
1928 C:\Windows\System32\SearchFilterHost.exe
4380 C:\Windows\explorer.exe
2892 C:\Users\***\Desktop\MBRCheck.exe
4172 C:\Windows\System32\conhost.exe
4432 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
09.06.2011, 21:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik startet bei Windows Start im Hintergrund Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2011, 13:59
| #15 |
| | Musik startet bei Windows Start im HintergrundCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=29bf526f143bd5469067e8ac87097a40
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-09 11:15:53
# local_time=2011-06-10 01:15:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 484159 44188270 18029 0
# compatibility_mode=5893 16776573 100 94 208757 59281264 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=349952
# found=0
# cleaned=0
# scan_time=9940
Mich würde einfach nur interessieren ob es einfach, einfacher ist das System neu aufzusetzen und ich ungestört meine Daten auf eine externe retten könnte ? |
|
| Themen zu Musik startet bei Windows Start im Hintergrund |
| adblock, adobe, akamai, alternate, antivir, bho, bonjour, booten, desktop, error, explorer, firefox, format, home, icq, locker, logfile, microsoft, mozilla, musik, mywinlocker, oldtimer, plug-in, programme, realtek, registry, safer networking, scan, searchplugins, software, sptd.sys, start, start menu, syswow64, tetris, updates, webcheck, windows, winlogon |
Linear-Darstellung
