| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2011, 20:24
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.11.02 21:45:43 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011.11.02 21:45:42 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2011.01.02 18:37:22 | 000,000,132 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.01 16:18:49 | 000,000,132 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.08.18 16:22:54 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Ytxyl
[2010.08.10 14:12:41 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Ywylag
[2010.10.31 19:02:16 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Adobe Mini Bridge CS5
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.11.2011, 20:34
| #17 |
 | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\IDB.zip moved successfully.
C:\Windows\UDB.zip moved successfully.
C:\Users\Benedikt\AppData\Roaming\Adobe PNG Format CS5 Prefs moved successfully.
C:\Users\Benedikt\AppData\Roaming\Adobe GIF Format CS5 Prefs moved successfully.
C:\Users\Benedikt\AppData\Roaming\Ytxyl folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\Ywylag folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\Adobe Mini Bridge CS5 folder moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Benedikt
->Temp folder emptied: 2846994 bytes
->Temporary Internet Files folder emptied: 14963290 bytes
->Java cache emptied: 12079853 bytes
->FireFox cache emptied: 24071688 bytes
->Flash cache emptied: 1966009 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246440 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 54,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11032011_202916
Files\Folders moved on Reboot...
C:\Users\Benedikt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLE1YZ2S\ac3[2].htm moved successfully.
C:\Users\Benedikt\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
Registry entries deleted on Reboot...
Starteinträge sind noch weg. Internetexplorer startet sich noch immer selbst. Diese  Fehler kommen auch noch. |
|
03.11.2011, 20:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
03.11.2011, 20:52
| #19 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Code:
ATTFilter 20:51:12.0653 3152 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
20:51:12.0832 3152 ============================================================
20:51:12.0833 3152 Current date / time: 2011/11/03 20:51:12.0832
20:51:12.0833 3152 SystemInfo:
20:51:12.0833 3152
20:51:12.0833 3152 OS Version: 6.0.6002 ServicePack: 2.0
20:51:12.0833 3152 Product type: Workstation
20:51:12.0833 3152 ComputerName: HERBERT
20:51:12.0833 3152 UserName: Benedikt
20:51:12.0833 3152 Windows directory: C:\Windows
20:51:12.0833 3152 System windows directory: C:\Windows
20:51:12.0833 3152 Processor architecture: Intel x86
20:51:12.0833 3152 Number of processors: 2
20:51:12.0833 3152 Page size: 0x1000
20:51:12.0834 3152 Boot type: Normal boot
20:51:12.0834 3152 ============================================================
20:51:13.0278 3152 Initialize success
20:51:30.0997 4968 ============================================================
20:51:30.0997 4968 Scan started
20:51:30.0997 4968 Mode: Manual; SigCheck; TDLFS;
20:51:30.0997 4968 ============================================================
20:51:31.0535 4968 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys
20:51:31.0674 4968 acedrv11 - ok
20:51:31.0750 4968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:51:31.0767 4968 ACPI - ok
20:51:31.0840 4968 adfs - ok
20:51:31.0918 4968 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:51:31.0941 4968 adp94xx - ok
20:51:32.0070 4968 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:51:32.0087 4968 adpahci - ok
20:51:32.0133 4968 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:51:32.0145 4968 adpu160m - ok
20:51:32.0183 4968 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:51:32.0196 4968 adpu320 - ok
20:51:32.0363 4968 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
20:51:32.0451 4968 AFD - ok
20:51:32.0559 4968 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:51:32.0570 4968 agp440 - ok
20:51:32.0601 4968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:51:32.0614 4968 aic78xx - ok
20:51:32.0642 4968 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:51:32.0653 4968 aliide - ok
20:51:32.0714 4968 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:51:32.0725 4968 amdagp - ok
20:51:32.0792 4968 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:51:32.0802 4968 amdide - ok
20:51:32.0840 4968 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:51:32.0982 4968 AmdK7 - ok
20:51:33.0096 4968 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:51:33.0159 4968 AmdK8 - ok
20:51:33.0353 4968 amdkmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
20:51:33.0521 4968 amdkmdag - ok
20:51:33.0607 4968 amdkmdap - ok
20:51:33.0677 4968 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:51:33.0701 4968 ApfiltrService - ok
20:51:33.0820 4968 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:51:33.0831 4968 arc - ok
20:51:33.0871 4968 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:51:33.0883 4968 arcsas - ok
20:51:34.0017 4968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:34.0063 4968 AsyncMac - ok
20:51:34.0149 4968 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:51:34.0160 4968 atapi - ok
20:51:34.0353 4968 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
20:51:34.0444 4968 atikmdag - ok
20:51:34.0577 4968 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:51:34.0593 4968 avgio - ok
20:51:34.0683 4968 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:51:34.0692 4968 avgntflt - ok
20:51:34.0748 4968 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:51:34.0759 4968 avipbb - ok
20:51:34.0816 4968 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
20:51:34.0825 4968 BCM42RLY - ok
20:51:34.0932 4968 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:51:34.0981 4968 BCM43XX - ok
20:51:35.0125 4968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:51:35.0189 4968 Beep - ok
20:51:35.0336 4968 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:51:35.0398 4968 blbdrive - ok
20:51:35.0518 4968 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
20:51:35.0563 4968 bowser - ok
20:51:35.0601 4968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:51:35.0635 4968 BrFiltLo - ok
20:51:35.0728 4968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:51:35.0763 4968 BrFiltUp - ok
20:51:35.0901 4968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:51:35.0970 4968 Brserid - ok
20:51:36.0004 4968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:51:36.0072 4968 BrSerWdm - ok
20:51:36.0181 4968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:51:36.0245 4968 BrUsbMdm - ok
20:51:36.0284 4968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:51:36.0356 4968 BrUsbSer - ok
20:51:36.0496 4968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:51:36.0562 4968 BTHMODEM - ok
20:51:36.0714 4968 catchme - ok
20:51:36.0841 4968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:36.0885 4968 cdfs - ok
20:51:37.0007 4968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:51:37.0054 4968 cdrom - ok
20:51:37.0136 4968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
20:51:37.0191 4968 circlass - ok
20:51:37.0318 4968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:51:37.0335 4968 CLFS - ok
20:51:37.0587 4968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:37.0645 4968 CmBatt - ok
20:51:37.0920 4968 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:51:37.0930 4968 cmdide - ok
20:51:38.0134 4968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:51:38.0144 4968 Compbatt - ok
20:51:38.0369 4968 cpuz130 - ok
20:51:38.0708 4968 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:51:38.0718 4968 crcdisk - ok
20:51:38.0984 4968 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:51:39.0053 4968 Crusoe - ok
20:51:39.0303 4968 DESVUSB (92ade7f1b2e1c69e85a3a9040eec37b4) C:\Windows\system32\DRIVERS\desrvusb.sys
20:51:39.0353 4968 DESVUSB - ok
20:51:39.0532 4968 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
20:51:39.0567 4968 DfsC - ok
20:51:39.0733 4968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:51:39.0746 4968 disk - ok
20:51:39.0813 4968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:51:39.0849 4968 drmkaud - ok
20:51:39.0969 4968 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
20:51:40.0053 4968 DXGKrnl - ok
20:51:40.0203 4968 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:51:40.0263 4968 e1express - ok
20:51:40.0312 4968 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:51:40.0352 4968 E1G60 - ok
20:51:40.0488 4968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:51:40.0502 4968 Ecache - ok
20:51:40.0575 4968 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:51:40.0625 4968 elxstor - ok
20:51:40.0783 4968 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
20:51:40.0793 4968 ENTECH - ok
20:51:40.0862 4968 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:51:40.0898 4968 ErrDev - ok
20:51:41.0039 4968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:51:41.0092 4968 exfat - ok
20:51:41.0154 4968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:51:41.0178 4968 fastfat - ok
20:51:41.0305 4968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:51:41.0341 4968 fdc - ok
20:51:41.0376 4968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:51:41.0387 4968 FileInfo - ok
20:51:41.0412 4968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:51:41.0451 4968 Filetrace - ok
20:51:41.0543 4968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:41.0619 4968 flpydisk - ok
20:51:41.0668 4968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:51:41.0682 4968 FltMgr - ok
20:51:41.0820 4968 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:51:41.0854 4968 Fs_Rec - ok
20:51:41.0890 4968 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:51:41.0902 4968 gagp30kx - ok
20:51:41.0958 4968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:51:41.0967 4968 GEARAspiWDM - ok
20:51:42.0187 4968 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
20:51:42.0196 4968 hamachi - ok
20:51:42.0287 4968 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:51:42.0337 4968 HdAudAddService - ok
20:51:42.0465 4968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:42.0553 4968 HDAudBus - ok
20:51:42.0683 4968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:51:42.0769 4968 HidBth - ok
20:51:42.0796 4968 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
20:51:42.0818 4968 HidIr - ok
20:51:42.0929 4968 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:51:42.0970 4968 HidUsb - ok
20:51:43.0018 4968 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:51:43.0030 4968 HpCISSs - ok
20:51:43.0155 4968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:51:43.0206 4968 HTTP - ok
20:51:43.0258 4968 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:51:43.0270 4968 i2omp - ok
20:51:43.0386 4968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:43.0422 4968 i8042prt - ok
20:51:43.0492 4968 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
20:51:43.0506 4968 iaStor - ok
20:51:43.0608 4968 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:51:43.0623 4968 iaStorV - ok
20:51:43.0767 4968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:51:43.0782 4968 iirsp - ok
20:51:43.0848 4968 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:51:43.0858 4968 intelide - ok
20:51:43.0961 4968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:51:44.0006 4968 intelppm - ok
20:51:44.0049 4968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:44.0111 4968 IpFilterDriver - ok
20:51:44.0186 4968 IpInIp - ok
20:51:44.0230 4968 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:51:44.0258 4968 IPMIDRV - ok
20:51:44.0291 4968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:51:44.0319 4968 IPNAT - ok
20:51:44.0353 4968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:51:44.0394 4968 IRENUM - ok
20:51:44.0493 4968 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:51:44.0504 4968 isapnp - ok
20:51:44.0554 4968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:44.0568 4968 iScsiPrt - ok
20:51:44.0593 4968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:51:44.0603 4968 iteatapi - ok
20:51:44.0701 4968 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
20:51:44.0725 4968 itecir - ok
20:51:44.0759 4968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:51:44.0769 4968 iteraid - ok
20:51:44.0814 4968 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
20:51:44.0857 4968 k57nd60x - ok
20:51:44.0946 4968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:44.0957 4968 kbdclass - ok
20:51:45.0015 4968 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:51:45.0055 4968 kbdhid - ok
20:51:45.0192 4968 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:51:45.0215 4968 KSecDD - ok
20:51:45.0286 4968 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:51:45.0295 4968 LHidFilt - ok
20:51:45.0401 4968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:51:45.0444 4968 lltdio - ok
20:51:45.0501 4968 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:51:45.0510 4968 LMouFilt - ok
20:51:45.0600 4968 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:51:45.0612 4968 LSI_FC - ok
20:51:45.0640 4968 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:51:45.0652 4968 LSI_SAS - ok
20:51:45.0707 4968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:51:45.0719 4968 LSI_SCSI - ok
20:51:45.0812 4968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:51:45.0853 4968 luafv - ok
20:51:45.0882 4968 ManyCam - ok
20:51:46.0009 4968 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
20:51:46.0022 4968 MBAMProtector - ok
20:51:46.0054 4968 MBAMSwissArmy - ok
20:51:46.0113 4968 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:51:46.0124 4968 megasas - ok
20:51:46.0219 4968 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:51:46.0239 4968 MegaSR - ok
20:51:46.0308 4968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:51:46.0351 4968 Modem - ok
20:51:46.0432 4968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:51:46.0467 4968 monitor - ok
20:51:46.0495 4968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:51:46.0507 4968 mouclass - ok
20:51:46.0526 4968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:51:46.0566 4968 mouhid - ok
20:51:46.0634 4968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:51:46.0645 4968 MountMgr - ok
20:51:46.0692 4968 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:51:46.0704 4968 mpio - ok
20:51:46.0737 4968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:51:46.0789 4968 mpsdrv - ok
20:51:46.0897 4968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:51:46.0907 4968 Mraid35x - ok
20:51:46.0959 4968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:51:47.0016 4968 MRxDAV - ok
20:51:47.0144 4968 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:47.0221 4968 mrxsmb - ok
20:51:47.0349 4968 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:47.0379 4968 mrxsmb10 - ok
20:51:47.0393 4968 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:47.0413 4968 mrxsmb20 - ok
20:51:47.0505 4968 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:51:47.0516 4968 msahci - ok
20:51:47.0540 4968 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:51:47.0552 4968 msdsm - ok
20:51:47.0594 4968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:51:47.0636 4968 Msfs - ok
20:51:47.0747 4968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:51:47.0758 4968 msisadrv - ok
20:51:47.0812 4968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:51:47.0840 4968 MSKSSRV - ok
20:51:47.0858 4968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:47.0886 4968 MSPCLOCK - ok
20:51:47.0977 4968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:51:48.0013 4968 MSPQM - ok
20:51:48.0076 4968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:51:48.0091 4968 MsRPC - ok
20:51:48.0127 4968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:48.0138 4968 mssmbios - ok
20:51:48.0228 4968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:51:48.0265 4968 MSTEE - ok
20:51:48.0323 4968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:51:48.0335 4968 Mup - ok
20:51:48.0390 4968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:51:48.0408 4968 NativeWifiP - ok
20:51:48.0506 4968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:51:48.0531 4968 NDIS - ok
20:51:48.0564 4968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:48.0596 4968 NdisTapi - ok
20:51:48.0672 4968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:48.0699 4968 Ndisuio - ok
20:51:48.0767 4968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:48.0805 4968 NdisWan - ok
20:51:48.0889 4968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:51:48.0912 4968 NDProxy - ok
20:51:48.0940 4968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:51:48.0986 4968 NetBIOS - ok
20:51:49.0041 4968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:51:49.0092 4968 netbt - ok
20:51:49.0226 4968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:51:49.0237 4968 nfrd960 - ok
20:51:49.0351 4968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:51:49.0391 4968 Npfs - ok
20:51:49.0419 4968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:51:49.0456 4968 nsiproxy - ok
20:51:49.0596 4968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:51:49.0640 4968 Ntfs - ok
20:51:49.0674 4968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:51:49.0732 4968 ntrigdigi - ok
20:51:49.0816 4968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:51:49.0843 4968 Null - ok
20:51:49.0873 4968 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:51:49.0885 4968 nvraid - ok
20:51:49.0912 4968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:51:49.0923 4968 nvstor - ok
20:51:49.0960 4968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:51:49.0972 4968 nv_agp - ok
20:51:50.0059 4968 NwlnkFlt - ok
20:51:50.0074 4968 NwlnkFwd - ok
20:51:50.0161 4968 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:51:50.0195 4968 ohci1394 - ok
20:51:50.0257 4968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:51:50.0380 4968 Parport - ok
20:51:50.0475 4968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:51:50.0488 4968 partmgr - ok
20:51:50.0515 4968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:51:50.0580 4968 Parvdm - ok
20:51:50.0616 4968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:51:50.0631 4968 pci - ok
20:51:50.0675 4968 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:51:50.0685 4968 pciide - ok
20:51:50.0789 4968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:51:50.0802 4968 pcmcia - ok
20:51:50.0853 4968 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
20:51:50.0863 4968 PCTBD - ok
20:51:50.0924 4968 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\Windows\system32\drivers\PCTCore.sys
20:51:50.0954 4968 PCTCore - ok
20:51:51.0072 4968 pctDS (af08ec0f2093867ab955e24121ee7002) C:\Windows\system32\drivers\pctDS.sys
20:51:51.0127 4968 pctDS - ok
20:51:51.0220 4968 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\Windows\system32\Drivers\PCTSD.sys
20:51:51.0233 4968 PCTSD - ok
20:51:51.0334 4968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:51:51.0409 4968 PEAUTH - ok
20:51:51.0523 4968 PLFF (a20ac92609f3b246be3b761bb72fc6a5) C:\Windows\system32\Drivers\PLFF.sys
20:51:51.0528 4968 PLFF ( UnsignedFile.Multi.Generic ) - warning
20:51:51.0528 4968 PLFF - detected UnsignedFile.Multi.Generic (1)
20:51:51.0618 4968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:51:51.0657 4968 PptpMiniport - ok
20:51:51.0686 4968 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:51:51.0735 4968 Processor - ok
20:51:51.0848 4968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:51:51.0886 4968 PSched - ok
20:51:51.0944 4968 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:51:51.0953 4968 PxHelp20 - ok
20:51:52.0115 4968 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:51:52.0164 4968 ql2300 - ok
20:51:52.0339 4968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:51:52.0351 4968 ql40xx - ok
20:51:52.0380 4968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:51:52.0422 4968 QWAVEdrv - ok
20:51:52.0612 4968 R300 (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
20:51:52.0703 4968 R300 - ok
20:51:52.0813 4968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:51:52.0847 4968 RasAcd - ok
20:51:52.0881 4968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:51:52.0917 4968 Rasl2tp - ok
20:51:52.0955 4968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:51:53.0000 4968 RasPppoe - ok
20:51:53.0078 4968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:51:53.0095 4968 RasSstp - ok
20:51:53.0135 4968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:51:53.0170 4968 rdbss - ok
20:51:53.0202 4968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:51:53.0247 4968 RDPCDD - ok
20:51:53.0405 4968 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:51:53.0436 4968 rdpdr - ok
20:51:53.0450 4968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:51:53.0498 4968 RDPENCDD - ok
20:51:53.0553 4968 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:51:53.0594 4968 RDPWD - ok
20:51:53.0686 4968 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:51:53.0726 4968 rimmptsk - ok
20:51:53.0831 4968 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:51:53.0869 4968 rimsptsk - ok
20:51:53.0883 4968 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:51:53.0947 4968 rismxdp - ok
20:51:54.0039 4968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:51:54.0069 4968 rspndr - ok
20:51:54.0164 4968 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:51:54.0173 4968 SASDIFSV - ok
20:51:54.0202 4968 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:51:54.0211 4968 SASKUTIL - ok
20:51:54.0327 4968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:51:54.0339 4968 sbp2port - ok
20:51:54.0430 4968 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:51:54.0471 4968 sdbus - ok
20:51:54.0575 4968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:51:54.0636 4968 secdrv - ok
20:51:54.0668 4968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:51:54.0717 4968 Serenum - ok
20:51:54.0745 4968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:51:54.0795 4968 Serial - ok
20:51:54.0897 4968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:51:54.0926 4968 sermouse - ok
20:51:54.0973 4968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:51:54.0998 4968 sffdisk - ok
20:51:55.0028 4968 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:51:55.0088 4968 sffp_mmc - ok
20:51:55.0198 4968 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:51:55.0221 4968 sffp_sd - ok
20:51:55.0259 4968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:51:55.0321 4968 sfloppy - ok
20:51:55.0365 4968 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:51:55.0376 4968 sisagp - ok
20:51:55.0472 4968 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:51:55.0483 4968 SiSRaid2 - ok
20:51:55.0532 4968 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:51:55.0544 4968 SiSRaid4 - ok
20:51:55.0600 4968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:51:55.0633 4968 Smb - ok
20:51:55.0750 4968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:51:55.0761 4968 spldr - ok
20:51:55.0854 4968 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
20:51:55.0854 4968 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:51:55.0864 4968 sptd ( LockedFile.Multi.Generic ) - warning
20:51:55.0864 4968 sptd - detected LockedFile.Multi.Generic (1)
20:51:55.0952 4968 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
20:51:55.0995 4968 srv - ok
20:51:56.0028 4968 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
20:51:56.0063 4968 srv2 - ok
20:51:56.0114 4968 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
20:51:56.0157 4968 srvnet - ok
20:51:56.0255 4968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:51:56.0268 4968 ssmdrv - ok
20:51:56.0395 4968 STHDA (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
20:51:56.0451 4968 STHDA - ok
20:51:56.0559 4968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:51:56.0570 4968 swenum - ok
20:51:56.0607 4968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:51:56.0617 4968 Symc8xx - ok
20:51:56.0638 4968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:51:56.0648 4968 Sym_hi - ok
20:51:56.0676 4968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:51:56.0686 4968 Sym_u3 - ok
20:51:56.0835 4968 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
20:51:56.0877 4968 Tcpip - ok
20:51:56.0907 4968 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
20:51:56.0943 4968 Tcpip6 - ok
20:51:56.0987 4968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:51:57.0022 4968 tcpipreg - ok
20:51:57.0122 4968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:51:57.0169 4968 TDPIPE - ok
20:51:57.0209 4968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:51:57.0237 4968 TDTCP - ok
20:51:57.0355 4968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:51:57.0378 4968 tdx - ok
20:51:57.0481 4968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:51:57.0495 4968 TermDD - ok
20:51:57.0557 4968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:51:57.0604 4968 tssecsrv - ok
20:51:57.0664 4968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:51:57.0705 4968 tunmp - ok
20:51:57.0785 4968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:51:57.0808 4968 tunnel - ok
20:51:57.0870 4968 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:51:57.0881 4968 uagp35 - ok
20:51:57.0937 4968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:51:57.0962 4968 udfs - ok
20:51:58.0037 4968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:51:58.0048 4968 uliagpkx - ok
20:51:58.0156 4968 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:51:58.0171 4968 uliahci - ok
20:51:58.0208 4968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:51:58.0219 4968 UlSata - ok
20:51:58.0352 4968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:51:58.0364 4968 ulsata2 - ok
20:51:58.0396 4968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:51:58.0446 4968 umbus - ok
20:51:58.0525 4968 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
20:51:58.0559 4968 UMPass - ok
20:51:58.0658 4968 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
20:51:58.0679 4968 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
20:51:58.0679 4968 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
20:51:58.0812 4968 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:51:58.0843 4968 USBAAPL - ok
20:51:58.0908 4968 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:51:58.0941 4968 usbaudio - ok
20:51:59.0036 4968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:51:59.0059 4968 usbccgp - ok
20:51:59.0096 4968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:51:59.0144 4968 usbcir - ok
20:51:59.0199 4968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:51:59.0240 4968 usbehci - ok
20:51:59.0413 4968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:51:59.0451 4968 usbhub - ok
20:51:59.0487 4968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:51:59.0534 4968 usbohci - ok
20:51:59.0588 4968 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:51:59.0616 4968 usbprint - ok
20:51:59.0709 4968 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:51:59.0754 4968 usbscan - ok
20:51:59.0800 4968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:51:59.0834 4968 USBSTOR - ok
20:51:59.0927 4968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:51:59.0967 4968 usbuhci - ok
20:52:00.0017 4968 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
20:52:00.0039 4968 usb_rndisx - ok
20:52:00.0158 4968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:00.0194 4968 vga - ok
20:52:00.0229 4968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:52:00.0267 4968 VgaSave - ok
20:52:00.0368 4968 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:52:00.0379 4968 viaagp - ok
20:52:00.0407 4968 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:52:00.0436 4968 ViaC7 - ok
20:52:00.0456 4968 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:52:00.0466 4968 viaide - ok
20:52:00.0500 4968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:52:00.0511 4968 volmgr - ok
20:52:00.0623 4968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:52:00.0641 4968 volmgrx - ok
20:52:00.0684 4968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:52:00.0700 4968 volsnap - ok
20:52:00.0750 4968 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:52:00.0763 4968 vsmraid - ok
20:52:00.0857 4968 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:52:00.0907 4968 VSTHWBS2 - ok
20:52:00.0996 4968 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:52:01.0063 4968 VST_DPV - ok
20:52:01.0156 4968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:52:01.0227 4968 WacomPen - ok
20:52:01.0283 4968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:01.0322 4968 Wanarp - ok
20:52:01.0338 4968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:01.0362 4968 Wanarpv6 - ok
20:52:01.0439 4968 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:52:01.0449 4968 Wd - ok
20:52:01.0507 4968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:52:01.0563 4968 Wdf01000 - ok
20:52:01.0647 4968 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:52:01.0722 4968 winachsf - ok
20:52:01.0830 4968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:01.0867 4968 WmiAcpi - ok
20:52:01.0986 4968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:52:02.0010 4968 WpdUsb - ok
20:52:02.0116 4968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:02.0144 4968 ws2ifsl - ok
20:52:02.0226 4968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:02.0265 4968 WUDFRd - ok
20:52:02.0330 4968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:52:02.0356 4968 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:52:02.0356 4968 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:52:03.0202 4968 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:52:03.0202 4968 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:52:03.0232 4968 Boot (0x1200) (c0d0f91d1a210114d0cc7e292f7d9040) \Device\Harddisk0\DR0\Partition0
20:52:03.0233 4968 \Device\Harddisk0\DR0\Partition0 - ok
20:52:03.0250 4968 Boot (0x1200) (8f50811674ff470fd2f737a7672f309e) \Device\Harddisk0\DR0\Partition1
20:52:03.0251 4968 \Device\Harddisk0\DR0\Partition1 - ok
20:52:03.0252 4968 ============================================================
20:52:03.0252 4968 Scan finished
20:52:03.0252 4968 ============================================================
20:52:03.0268 3080 Detected object count: 5
20:52:03.0268 3080 Actual detected object count: 5
20:52:13.0493 3080 PLFF ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:13.0494 3080 PLFF ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:13.0496 3080 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:52:13.0500 3080 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:52:13.0500 3080 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:13.0500 3080 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:13.0582 3080 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:52:13.0583 3080 \Device\Harddisk0\DR0 - ok
20:52:13.0583 3080 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:52:13.0583 3080 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:52:13.0583 3080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
03.11.2011, 20:58
| #20 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Er hat mich gerade direkt danach aufgefordert neuzustarten. Vorher hatte ich schon Unhide benutzt. Die beiden Fehlermeldungen sind verschwunden, mein Startmenü ist wieder komplett da und der Internetexplorer startet auch nicht mehr von alleine. Super!  Edit Zu früh gefreut, die Startmenüeinträge sind zwar wieder da, aber "Leer".  |
|
03.11.2011, 21:53
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Zitat:
Starte Windows danach neu und mach ein neues Log mit dem TDSS-Killer
__________________ --> Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" |
|
03.11.2011, 22:08
| #22 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Code:
ATTFilter 22:05:04.0197 5740 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
22:05:04.0353 5740 ============================================================
22:05:04.0353 5740 Current date / time: 2011/11/03 22:05:04.0353
22:05:04.0353 5740 SystemInfo:
22:05:04.0353 5740
22:05:04.0353 5740 OS Version: 6.0.6002 ServicePack: 2.0
22:05:04.0353 5740 Product type: Workstation
22:05:04.0353 5740 ComputerName: HERBERT
22:05:04.0354 5740 UserName: Benedikt
22:05:04.0354 5740 Windows directory: C:\Windows
22:05:04.0354 5740 System windows directory: C:\Windows
22:05:04.0354 5740 Processor architecture: Intel x86
22:05:04.0354 5740 Number of processors: 2
22:05:04.0354 5740 Page size: 0x1000
22:05:04.0354 5740 Boot type: Normal boot
22:05:04.0354 5740 ============================================================
22:05:04.0801 5740 Initialize success
22:05:12.0163 5252 ============================================================
22:05:12.0163 5252 Scan started
22:05:12.0163 5252 Mode: Manual; SigCheck; TDLFS;
22:05:12.0163 5252 ============================================================
22:05:12.0680 5252 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys
22:05:12.0878 5252 acedrv11 - ok
22:05:13.0050 5252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:05:13.0069 5252 ACPI - ok
22:05:13.0190 5252 adfs - ok
22:05:13.0420 5252 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:05:13.0446 5252 adp94xx - ok
22:05:14.0382 5252 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:05:14.0399 5252 adpahci - ok
22:05:15.0044 5252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:05:15.0059 5252 adpu160m - ok
22:05:15.0323 5252 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:05:15.0337 5252 adpu320 - ok
22:05:15.0937 5252 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
22:05:15.0970 5252 AFD - ok
22:05:16.0221 5252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:05:16.0233 5252 agp440 - ok
22:05:16.0897 5252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:05:16.0910 5252 aic78xx - ok
22:05:17.0227 5252 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:05:17.0239 5252 aliide - ok
22:05:17.0642 5252 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:05:17.0655 5252 amdagp - ok
22:05:17.0832 5252 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:05:17.0843 5252 amdide - ok
22:05:17.0947 5252 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:05:17.0980 5252 AmdK7 - ok
22:05:18.0314 5252 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:05:18.0343 5252 AmdK8 - ok
22:05:18.0929 5252 amdkmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
22:05:19.0026 5252 amdkmdag - ok
22:05:19.0504 5252 amdkmdap - ok
22:05:19.0784 5252 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:05:19.0799 5252 ApfiltrService - ok
22:05:20.0004 5252 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:05:20.0019 5252 arc - ok
22:05:20.0218 5252 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:05:20.0230 5252 arcsas - ok
22:05:20.0496 5252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:05:20.0525 5252 AsyncMac - ok
22:05:21.0239 5252 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:05:21.0256 5252 atapi - ok
22:05:22.0025 5252 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
22:05:22.0116 5252 atikmdag - ok
22:05:22.0434 5252 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:05:22.0444 5252 avgio - ok
22:05:22.0596 5252 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:05:22.0896 5252 avgntflt - ok
22:05:23.0094 5252 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:05:23.0114 5252 avipbb - ok
22:05:23.0264 5252 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
22:05:23.0768 5252 BCM42RLY - ok
22:05:23.0994 5252 BCM43XX (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:05:24.0147 5252 BCM43XX - ok
22:05:24.0343 5252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:05:24.0371 5252 Beep - ok
22:05:24.0498 5252 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:05:24.0527 5252 blbdrive - ok
22:05:24.0602 5252 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
22:05:24.0658 5252 bowser - ok
22:05:24.0819 5252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:05:24.0847 5252 BrFiltLo - ok
22:05:25.0113 5252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:05:25.0141 5252 BrFiltUp - ok
22:05:25.0382 5252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:05:25.0433 5252 Brserid - ok
22:05:25.0745 5252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:05:25.0797 5252 BrSerWdm - ok
22:05:25.0929 5252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:05:25.0979 5252 BrUsbMdm - ok
22:05:26.0032 5252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:05:26.0091 5252 BrUsbSer - ok
22:05:26.0232 5252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:05:26.0284 5252 BTHMODEM - ok
22:05:26.0579 5252 catchme - ok
22:05:26.0766 5252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:05:26.0796 5252 cdfs - ok
22:05:26.0921 5252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:05:26.0976 5252 cdrom - ok
22:05:27.0039 5252 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:05:27.0092 5252 circlass - ok
22:05:27.0220 5252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:05:27.0238 5252 CLFS - ok
22:05:27.0390 5252 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:27.0446 5252 CmBatt - ok
22:05:27.0501 5252 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:05:27.0512 5252 cmdide - ok
22:05:27.0603 5252 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:05:27.0615 5252 Compbatt - ok
22:05:27.0764 5252 cpuz130 - ok
22:05:27.0977 5252 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:05:27.0989 5252 crcdisk - ok
22:05:28.0165 5252 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:05:28.0195 5252 Crusoe - ok
22:05:28.0428 5252 DESVUSB (92ade7f1b2e1c69e85a3a9040eec37b4) C:\Windows\system32\DRIVERS\desrvusb.sys
22:05:28.0441 5252 DESVUSB - ok
22:05:28.0601 5252 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
22:05:28.0695 5252 DfsC - ok
22:05:28.0891 5252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:05:28.0905 5252 disk - ok
22:05:29.0060 5252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:05:29.0101 5252 drmkaud - ok
22:05:29.0166 5252 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:05:29.0198 5252 DXGKrnl - ok
22:05:29.0355 5252 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:05:29.0386 5252 e1express - ok
22:05:29.0442 5252 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:05:29.0473 5252 E1G60 - ok
22:05:29.0674 5252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:05:29.0689 5252 Ecache - ok
22:05:29.0828 5252 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:05:29.0847 5252 elxstor - ok
22:05:29.0947 5252 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
22:05:29.0957 5252 ENTECH - ok
22:05:30.0159 5252 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:05:30.0188 5252 ErrDev - ok
22:05:30.0430 5252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:05:30.0457 5252 exfat - ok
22:05:30.0568 5252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:05:30.0592 5252 fastfat - ok
22:05:30.0663 5252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:05:30.0692 5252 fdc - ok
22:05:30.0779 5252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:05:30.0791 5252 FileInfo - ok
22:05:30.0848 5252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:05:30.0878 5252 Filetrace - ok
22:05:30.0991 5252 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:05:31.0018 5252 flpydisk - ok
22:05:31.0104 5252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:05:31.0120 5252 FltMgr - ok
22:05:31.0301 5252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:05:31.0325 5252 Fs_Rec - ok
22:05:31.0504 5252 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:05:31.0516 5252 gagp30kx - ok
22:05:31.0650 5252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:05:31.0659 5252 GEARAspiWDM - ok
22:05:31.0923 5252 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
22:05:31.0962 5252 hamachi - ok
22:05:32.0112 5252 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:05:32.0151 5252 HdAudAddService - ok
22:05:32.0213 5252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:05:32.0324 5252 HDAudBus - ok
22:05:32.0430 5252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:05:32.0480 5252 HidBth - ok
22:05:32.0533 5252 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:05:32.0555 5252 HidIr - ok
22:05:33.0157 5252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:05:33.0181 5252 HidUsb - ok
22:05:33.0310 5252 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:05:33.0321 5252 HpCISSs - ok
22:05:33.0390 5252 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:05:33.0414 5252 HTTP - ok
22:05:33.0527 5252 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:05:33.0539 5252 i2omp - ok
22:05:33.0612 5252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:05:33.0634 5252 i8042prt - ok
22:05:33.0750 5252 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
22:05:33.0875 5252 iaStor - ok
22:05:34.0045 5252 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:05:34.0060 5252 iaStorV - ok
22:05:34.0303 5252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:05:34.0315 5252 iirsp - ok
22:05:34.0506 5252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:05:34.0517 5252 intelide - ok
22:05:34.0664 5252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:05:34.0693 5252 intelppm - ok
22:05:34.0885 5252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:34.0915 5252 IpFilterDriver - ok
22:05:35.0149 5252 IpInIp - ok
22:05:35.0211 5252 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:05:35.0240 5252 IPMIDRV - ok
22:05:35.0478 5252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:05:35.0513 5252 IPNAT - ok
22:05:35.0717 5252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:05:35.0746 5252 IRENUM - ok
22:05:35.0869 5252 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:05:35.0881 5252 isapnp - ok
22:05:35.0941 5252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:05:35.0956 5252 iScsiPrt - ok
22:05:36.0080 5252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:05:36.0091 5252 iteatapi - ok
22:05:36.0175 5252 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
22:05:36.0189 5252 itecir - ok
22:05:36.0334 5252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:05:36.0345 5252 iteraid - ok
22:05:36.0400 5252 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
22:05:36.0417 5252 k57nd60x - ok
22:05:36.0555 5252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:05:36.0566 5252 kbdclass - ok
22:05:36.0651 5252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:05:36.0713 5252 kbdhid - ok
22:05:36.0940 5252 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:05:36.0962 5252 KSecDD - ok
22:05:37.0311 5252 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:05:37.0321 5252 LHidFilt - ok
22:05:37.0549 5252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:05:37.0579 5252 lltdio - ok
22:05:37.0693 5252 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:05:38.0139 5252 LMouFilt - ok
22:05:38.0214 5252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:05:38.0227 5252 LSI_FC - ok
22:05:38.0310 5252 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:05:38.0322 5252 LSI_SAS - ok
22:05:38.0399 5252 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:05:38.0411 5252 LSI_SCSI - ok
22:05:38.0492 5252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:05:38.0522 5252 luafv - ok
22:05:38.0577 5252 ManyCam - ok
22:05:38.0701 5252 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:05:38.0719 5252 MBAMProtector - ok
22:05:38.0773 5252 MBAMSwissArmy - ok
22:05:39.0183 5252 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:05:39.0194 5252 megasas - ok
22:05:39.0289 5252 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:05:39.0309 5252 MegaSR - ok
22:05:39.0389 5252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:05:39.0417 5252 Modem - ok
22:05:39.0513 5252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:05:39.0542 5252 monitor - ok
22:05:39.0576 5252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:05:39.0587 5252 mouclass - ok
22:05:39.0629 5252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:05:39.0687 5252 mouhid - ok
22:05:39.0804 5252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:05:39.0816 5252 MountMgr - ok
22:05:39.0873 5252 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:05:39.0885 5252 mpio - ok
22:05:39.0929 5252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:05:40.0001 5252 mpsdrv - ok
22:05:40.0089 5252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:05:40.0100 5252 Mraid35x - ok
22:05:40.0162 5252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:05:40.0191 5252 MRxDAV - ok
22:05:40.0292 5252 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:40.0308 5252 mrxsmb - ok
22:05:40.0425 5252 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:40.0444 5252 mrxsmb10 - ok
22:05:40.0548 5252 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:40.0599 5252 mrxsmb20 - ok
22:05:40.0670 5252 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:05:40.0681 5252 msahci - ok
22:05:40.0716 5252 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:05:40.0729 5252 msdsm - ok
22:05:41.0281 5252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:05:41.0309 5252 Msfs - ok
22:05:41.0456 5252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:05:41.0468 5252 msisadrv - ok
22:05:41.0576 5252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:05:41.0605 5252 MSKSSRV - ok
22:05:41.0712 5252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:41.0741 5252 MSPCLOCK - ok
22:05:41.0786 5252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:05:41.0814 5252 MSPQM - ok
22:05:41.0878 5252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:05:41.0893 5252 MsRPC - ok
22:05:42.0025 5252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:05:42.0037 5252 mssmbios - ok
22:05:42.0070 5252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:05:42.0098 5252 MSTEE - ok
22:05:42.0254 5252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:05:42.0267 5252 Mup - ok
22:05:42.0344 5252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:05:42.0362 5252 NativeWifiP - ok
22:05:42.0537 5252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:05:42.0561 5252 NDIS - ok
22:05:42.0606 5252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:42.0629 5252 NdisTapi - ok
22:05:42.0736 5252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:42.0789 5252 Ndisuio - ok
22:05:42.0920 5252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:42.0944 5252 NdisWan - ok
22:05:42.0987 5252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:05:43.0010 5252 NDProxy - ok
22:05:43.0149 5252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:05:43.0177 5252 NetBIOS - ok
22:05:43.0288 5252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:05:43.0314 5252 netbt - ok
22:05:43.0480 5252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:05:43.0491 5252 nfrd960 - ok
22:05:43.0627 5252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:05:43.0650 5252 Npfs - ok
22:05:43.0795 5252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:05:43.0824 5252 nsiproxy - ok
22:05:44.0016 5252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:05:44.0075 5252 Ntfs - ok
22:05:44.0305 5252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:05:44.0366 5252 ntrigdigi - ok
22:05:44.0447 5252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:05:44.0481 5252 Null - ok
22:05:44.0538 5252 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:05:44.0550 5252 nvraid - ok
22:05:44.0699 5252 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:05:44.0720 5252 nvstor - ok
22:05:44.0781 5252 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:05:44.0793 5252 nv_agp - ok
22:05:44.0864 5252 NwlnkFlt - ok
22:05:44.0885 5252 NwlnkFwd - ok
22:05:44.0964 5252 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:05:44.0987 5252 ohci1394 - ok
22:05:45.0070 5252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:05:45.0121 5252 Parport - ok
22:05:45.0300 5252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:05:45.0314 5252 partmgr - ok
22:05:45.0441 5252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:05:45.0498 5252 Parvdm - ok
22:05:45.0776 5252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:05:45.0791 5252 pci - ok
22:05:46.0029 5252 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:05:46.0040 5252 pciide - ok
22:05:46.0221 5252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:05:46.0234 5252 pcmcia - ok
22:05:46.0318 5252 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
22:05:46.0389 5252 PCTBD - ok
22:05:46.0601 5252 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\Windows\system32\drivers\PCTCore.sys
22:05:46.0639 5252 PCTCore - ok
22:05:46.0759 5252 pctDS (af08ec0f2093867ab955e24121ee7002) C:\Windows\system32\drivers\pctDS.sys
22:05:46.0811 5252 pctDS - ok
22:05:46.0885 5252 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\Windows\system32\Drivers\PCTSD.sys
22:05:46.0919 5252 PCTSD - ok
22:05:47.0088 5252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:05:47.0194 5252 PEAUTH - ok
22:05:47.0561 5252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:05:47.0590 5252 PptpMiniport - ok
22:05:47.0696 5252 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:05:47.0758 5252 Processor - ok
22:05:47.0812 5252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:05:47.0875 5252 PSched - ok
22:05:47.0964 5252 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
22:05:47.0974 5252 PxHelp20 - ok
22:05:48.0090 5252 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:05:48.0284 5252 ql2300 - ok
22:05:48.0686 5252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:05:48.0699 5252 ql40xx - ok
22:05:48.0834 5252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:05:48.0881 5252 QWAVEdrv - ok
22:05:49.0066 5252 R300 (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
22:05:49.0219 5252 R300 - ok
22:05:49.0356 5252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:05:49.0385 5252 RasAcd - ok
22:05:49.0435 5252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:49.0465 5252 Rasl2tp - ok
22:05:49.0682 5252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:49.0716 5252 RasPppoe - ok
22:05:49.0917 5252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:05:49.0934 5252 RasSstp - ok
22:05:50.0034 5252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:05:50.0154 5252 rdbss - ok
22:05:50.0233 5252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:50.0305 5252 RDPCDD - ok
22:05:50.0347 5252 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:05:50.0424 5252 rdpdr - ok
22:05:50.0492 5252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:05:50.0520 5252 RDPENCDD - ok
22:05:50.0791 5252 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:05:50.0816 5252 RDPWD - ok
22:05:51.0068 5252 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:05:51.0081 5252 rimmptsk - ok
22:05:51.0247 5252 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:05:51.0260 5252 rimsptsk - ok
22:05:51.0447 5252 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:05:51.0465 5252 rismxdp - ok
22:05:51.0600 5252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:05:51.0639 5252 rspndr - ok
22:05:51.0780 5252 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:05:51.0788 5252 SASDIFSV - ok
22:05:51.0829 5252 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:05:51.0838 5252 SASKUTIL - ok
22:05:51.0976 5252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:05:51.0987 5252 sbp2port - ok
22:05:52.0213 5252 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:05:52.0243 5252 sdbus - ok
22:05:52.0413 5252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:05:52.0462 5252 secdrv - ok
22:05:52.0617 5252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:05:52.0723 5252 Serenum - ok
22:05:52.0761 5252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:05:52.0850 5252 Serial - ok
22:05:52.0901 5252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:05:52.0947 5252 sermouse - ok
22:05:52.0999 5252 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:05:53.0022 5252 sffdisk - ok
22:05:53.0244 5252 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:05:53.0273 5252 sffp_mmc - ok
22:05:53.0541 5252 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:05:53.0565 5252 sffp_sd - ok
22:05:53.0724 5252 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:05:53.0809 5252 sfloppy - ok
22:05:53.0974 5252 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:05:53.0986 5252 sisagp - ok
22:05:54.0048 5252 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:05:54.0060 5252 SiSRaid2 - ok
22:05:54.0120 5252 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:05:54.0132 5252 SiSRaid4 - ok
22:05:54.0401 5252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:05:54.0434 5252 Smb - ok
22:05:54.0593 5252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:05:54.0605 5252 spldr - ok
22:05:54.0778 5252 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
22:05:54.0889 5252 srv - ok
22:05:54.0911 5252 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
22:05:54.0956 5252 srv2 - ok
22:05:54.0984 5252 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
22:05:55.0019 5252 srvnet - ok
22:05:55.0230 5252 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:05:55.0240 5252 ssmdrv - ok
22:05:55.0448 5252 STHDA (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys
22:05:55.0469 5252 STHDA - ok
22:05:55.0624 5252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:05:55.0635 5252 swenum - ok
22:05:55.0756 5252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:05:55.0766 5252 Symc8xx - ok
22:05:55.0809 5252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:05:55.0820 5252 Sym_hi - ok
22:05:55.0903 5252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:05:55.0914 5252 Sym_u3 - ok
22:05:56.0032 5252 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
22:05:56.0071 5252 Tcpip - ok
22:05:56.0168 5252 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
22:05:56.0210 5252 Tcpip6 - ok
22:05:56.0280 5252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:05:56.0570 5252 tcpipreg - ok
22:05:56.0749 5252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:05:57.0016 5252 TDPIPE - ok
22:05:57.0136 5252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:05:57.0391 5252 TDTCP - ok
22:05:57.0615 5252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:05:57.0639 5252 tdx - ok
22:05:57.0764 5252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:05:57.0777 5252 TermDD - ok
22:05:57.0895 5252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:05:57.0946 5252 tssecsrv - ok
22:05:58.0147 5252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:05:58.0163 5252 tunmp - ok
22:05:58.0357 5252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:05:58.0372 5252 tunnel - ok
22:05:58.0463 5252 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:05:58.0475 5252 uagp35 - ok
22:05:58.0675 5252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:05:58.0713 5252 udfs - ok
22:05:58.0852 5252 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:05:58.0865 5252 uliagpkx - ok
22:05:58.0927 5252 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:05:58.0948 5252 uliahci - ok
22:05:59.0068 5252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:05:59.0081 5252 UlSata - ok
22:05:59.0157 5252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:05:59.0170 5252 ulsata2 - ok
22:05:59.0223 5252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:05:59.0256 5252 umbus - ok
22:05:59.0363 5252 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
22:05:59.0395 5252 UMPass - ok
22:05:59.0573 5252 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
22:05:59.0587 5252 USBAAPL - ok
22:05:59.0846 5252 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:05:59.0871 5252 usbaudio - ok
22:06:00.0040 5252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:06:00.0064 5252 usbccgp - ok
22:06:00.0201 5252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:06:00.0257 5252 usbcir - ok
22:06:00.0326 5252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:06:00.0349 5252 usbehci - ok
22:06:00.0518 5252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:06:00.0543 5252 usbhub - ok
22:06:00.0591 5252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:06:00.0641 5252 usbohci - ok
22:06:00.0899 5252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:06:01.0024 5252 usbprint - ok
22:06:01.0320 5252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:06:01.0343 5252 usbscan - ok
22:06:01.0545 5252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:06:01.0572 5252 USBSTOR - ok
22:06:01.0694 5252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:06:01.0803 5252 usbuhci - ok
22:06:01.0861 5252 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
22:06:01.0887 5252 usb_rndisx - ok
22:06:01.0957 5252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:06:01.0986 5252 vga - ok
22:06:02.0252 5252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:06:02.0282 5252 VgaSave - ok
22:06:02.0639 5252 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:06:02.0652 5252 viaagp - ok
22:06:02.0845 5252 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:06:02.0874 5252 ViaC7 - ok
22:06:03.0060 5252 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:06:03.0072 5252 viaide - ok
22:06:03.0161 5252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:06:03.0173 5252 volmgr - ok
22:06:03.0273 5252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:06:03.0291 5252 volmgrx - ok
22:06:03.0487 5252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:06:03.0503 5252 volsnap - ok
22:06:03.0655 5252 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:06:03.0668 5252 vsmraid - ok
22:06:03.0818 5252 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
22:06:03.0850 5252 VSTHWBS2 - ok
22:06:04.0057 5252 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:06:04.0106 5252 VST_DPV - ok
22:06:04.0305 5252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:06:04.0354 5252 WacomPen - ok
22:06:04.0532 5252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:06:04.0558 5252 Wanarp - ok
22:06:04.0579 5252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:06:04.0602 5252 Wanarpv6 - ok
22:06:04.0767 5252 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:06:04.0792 5252 Wd - ok
22:06:05.0025 5252 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:06:05.0049 5252 Wdf01000 - ok
22:06:05.0277 5252 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:06:05.0320 5252 winachsf - ok
22:06:05.0513 5252 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:06:05.0541 5252 WmiAcpi - ok
22:06:05.0713 5252 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:06:05.0728 5252 WpdUsb - ok
22:06:05.0849 5252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:06:05.0879 5252 ws2ifsl - ok
22:06:06.0015 5252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:06:06.0044 5252 WUDFRd - ok
22:06:06.0141 5252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:06:06.0767 5252 \Device\Harddisk0\DR0 - ok
22:06:06.0809 5252 Boot (0x1200) (c0d0f91d1a210114d0cc7e292f7d9040) \Device\Harddisk0\DR0\Partition0
22:06:06.0811 5252 \Device\Harddisk0\DR0\Partition0 - ok
22:06:06.0838 5252 Boot (0x1200) (8f50811674ff470fd2f737a7672f309e) \Device\Harddisk0\DR0\Partition1
22:06:06.0840 5252 \Device\Harddisk0\DR0\Partition1 - ok
22:06:06.0844 5252 ============================================================
22:06:06.0844 5252 Scan finished
22:06:06.0844 5252 ============================================================
22:06:06.0862 4740 Detected object count: 0
22:06:06.0863 4740 Actual detected object count: 0
 #Jeder Menüeintrag (bis auf die Standardeinträge von Windows) sind "leer". |
|
04.11.2011, 08:58
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 15:40
| #24 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Code:
ATTFilter ComboFix 11-11-04.02 - Benedikt 04.11.2011 15:22:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1765 [GMT 1:00]
ausgeführt von:: c:\users\Benedikt\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Benedikt\AppData\Roaming\mIRC\logs\status.log
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\ST6UNST.000
c:\windows\system32\HotFixQ0306270.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-04 bis 2011-11-04 ))))))))))))))))))))))))))))))
.
.
2011-11-04 14:34 . 2011-11-04 14:34 -------- d-----w- c:\users\Benedikt\AppData\Local\temp
2011-11-04 14:34 . 2011-11-04 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-04 14:34 . 2011-11-04 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 14:15 . 2011-11-04 14:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8105B8C1-E0BC-4885-8FC0-0D327902207D}\offreg.dll
2011-11-03 20:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8105B8C1-E0BC-4885-8FC0-0D327902207D}\mpengine.dll
2011-11-03 20:23 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-03 20:22 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-11-03 20:08 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 19:29 . 2011-11-03 19:29 -------- d-----w- C:\_OTL
2011-11-03 15:14 . 2011-11-03 15:14 -------- d-----w- c:\program files\ESET
2011-11-03 11:57 . 2011-11-03 11:57 -------- d-----w- c:\users\Benedikt\AppData\Roaming\SUPERAntiSpyware.com
2011-11-03 11:56 . 2011-11-03 11:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-03 11:56 . 2011-11-03 11:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-02 21:05 . 2011-11-02 21:05 -------- d-----w- c:\users\Benedikt\AppData\Local\Threat Expert
2011-11-02 20:55 . 2011-11-02 21:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-02 20:55 . 2011-11-02 21:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-02 20:45 . 2011-10-25 12:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-02 20:45 . 2011-10-25 12:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-02 20:41 . 2011-10-28 10:02 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-02 20:41 . 2011-11-02 20:44 -------- d-----w- c:\programdata\PC Tools
2011-10-31 12:00 . 2011-10-31 12:00 -------- d-----w- c:\users\Benedikt\AppData\Local\O&O
2011-10-30 11:24 . 2011-10-30 11:24 -------- d-----w- c:\users\Benedikt\AppData\Local\Downloaded Installations
2011-10-30 11:14 . 2011-10-30 11:14 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-10-04 08:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 16:00 . 2010-08-10 10:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 15:18 . 2011-03-21 09:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-22 08:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Benedikt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Benedikt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
2004-11-11 16:37 90112 ----a-r- c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 10:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 10:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-11-29 00:17 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-01-14 08:13 132392 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2008-03-05 09:21 516096 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2775041620-371297593-3811378524-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c989597b8740;Google Update Service (gupdate1c989597b8740);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-04 3548672]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 cpuz130;cpuz130;c:\users\Benedikt\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-05-11 17536]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2011-10-27 402336]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-10-22 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-07 341656]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-10-28 185560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-10-25 542672]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-14 12:06]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 19:19]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 19:19]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{50F6F6D8-62B8-44EE-8129-9F539D72EE3C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\9gbwpvs7.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-PLFFAP - c:\windows\system32\HotfixQ0306270.exe
SafeBoot-28621050.sys
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-MgKPyEORiQUvGj - c:\programdata\MgKPyEORiQUvGj.exe
MSConfigStartUp-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
MSConfigStartUp-PDVD9LanguageShortcut - c:\program files\CyberLink\PowerDVD9\Language\Language.exe
MSConfigStartUp-RemoteControl9 - c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-Worms Armageddon - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-04 15:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Benedikt\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-04 15:38:08
ComboFix-quarantined-files.txt 2011-11-04 14:38
ComboFix2.txt 2010-08-10 13:16
.
Vor Suchlauf: 22 Verzeichnis(se), 14.797.385.728 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 14.580.854.784 Bytes frei
.
- - End Of File - - 19DFC8DF7C5430FDECEC4A3C177A481F
|
|
04.11.2011, 15:43
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 17:03
| #26 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-04 16:50:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: 4w2e80sm.exe; Driver: C:\Users\Benedikt\AppData\Local\Temp\ufrdipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x82EF2C0C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x82EF2ED4]
SSDT 8D497426 ZwCreateSection
SSDT 8D49742B ZwSetContextThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x82EF280A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x82EF31D0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 209 828EE98C 3 Bytes [0C, 2C, EF] {OR AL, 0x2c; OUT DX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 20D 828EE990 3 Bytes [D4, 2E, EF] {AAM 0x2e; OUT DX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 215 828EE998 4 Bytes [26, 74, 49, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 828EECF0 4 Bytes [2B, 74, 49, 8D] {SUB ESI, [ECX+ECX*2-0x73]}
.text ntkrnlpa.exe!KeSetEvent + 621 828EEDA4 3 Bytes [0A, 28, EF] {OR CH, [EAX]; OUT DX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC0D000, 0x1FB0FA, 0xE8000020]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA0F22600, 0x25B0C, 0xE0000060]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Benedikt\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:47:32 on 04.11.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 7.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys (File not found) "amdkmdap" (amdkmdap) - ? - C:\Windows\System32\DRIVERS\atikmpag.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys "catchme" (catchme) - ? - C:\Users\Benedikt\AppData\Local\Temp\catchme.sys (File not found) "cpuz130" (cpuz130) - ? - C:\Users\Benedikt\AppData\Local\Temp\cpuz130\cpuz_x32.sys (File not found) "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ManyCam Virtual Webcam, WDM Video Capture Driver" (ManyCam) - ? - C:\Windows\System32\DRIVERS\ManyCam.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PC Tools Browser Defender Driver" (PCTBD) - "PC Tools" - C:\Windows\System32\Drivers\PCTBD.sys "PC Tools Data Store" (pctDS) - "PC Tools" - C:\Windows\System32\drivers\pctDS.sys "PC Tools Spyware Doctor Driver" (PCTSD) - "PC Tools" - C:\Windows\System32\Drivers\PCTSD.sys "PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {5A7B2149-7840-4531-B7B4-58F0F1CB0A6E} "IMAPIShlXt Class" - "Dell Inc" - C:\Windows\IMAPIShellExt.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\soa800.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "PartyPoker.net" - ? - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0FB6A909-6086-458F-BD92-1F8EE10042A0} "AC-Pro" - ? - C:\Program Files\AutocompletePro\AutocompletePro.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Defender BHO" - ? - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (File not found) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe "dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter "ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FPP3:" - "FinePrint Software, LLC" - C:\Windows\system32\fppmon3.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dock Login Service" (DockLoginService) - "Stardock Corporation" - C:\Program Files\Dell\DellDock\DockLogin.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c989597b8740)" (gupdate1c989597b8740) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe "PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\System32\IoctlSvc.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Windows sagt: Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 24
BCP1: 001904AA
BCP2: A9572A14
BCP3: A9572710
BCP4: 8AE1BF1E
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini110411-01.dmp
C:\Users\Benedikt\AppData\Local\temp\WER-56175-0.sysdata.xml
C:\Users\Benedikt\AppData\Local\temp\WER7915.tmp.version.txt
|
|
04.11.2011, 19:17
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Starte Windows neu und probier aswMBR bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 19:58
| #28 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Jetzt hat's geklappt Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-04 19:34:23
-----------------------------
19:34:23.551 OS Version: Windows 6.0.6002 Service Pack 2
19:34:23.551 Number of processors: 2 586 0xF0D
19:34:23.552 ComputerName: HERBERT UserName:
19:34:24.360 Initialize success
19:34:29.514 AVAST engine defs: 11110400
19:34:36.426 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:34:36.430 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
19:34:36.448 Disk 0 MBR read successfully
19:34:36.451 Disk 0 MBR scan
19:34:36.456 Disk 0 Windows VISTA default MBR code
19:34:36.461 Disk 0 scanning sectors +312578048
19:34:36.570 Disk 0 scanning C:\Windows\system32\drivers
19:34:51.309 Service scanning
19:34:53.663 Modules scanning
19:35:18.833 Disk 0 trace - called modules:
19:35:18.858 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iastor.sys hal.dll
19:35:18.863 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86df7820]
19:35:18.870 3 CLASSPNP.SYS[8afa08b3] -> nt!IofCallDriver -> [0x8681e760]
19:35:18.877 5 PCTCore.sys[82eec407] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d30030]
19:35:19.936 AVAST engine scan C:\Windows
19:35:27.238 AVAST engine scan C:\Windows\system32
19:38:53.365 AVAST engine scan C:\Windows\system32\drivers
19:39:28.359 AVAST engine scan C:\Users\Benedikt
19:52:04.732 AVAST engine scan C:\ProgramData
19:55:48.621 Scan finished successfully
19:57:34.145 Disk 0 MBR has been saved successfully to "C:\Users\Benedikt\Desktop\MBR.dat"
19:57:34.161 The log file has been saved successfully to "C:\Users\Benedikt\Desktop\aswMBR.txt"
|
|
04.11.2011, 20:27
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 20:34
| #30 |
| | Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Werde ich gleich machen, kannst du mir auch irgendwie bei dem Problem helfen, dass alle meine Startmenüeinträge "leer" sind? |
|
| Themen zu Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" |
| alternate, avira, bho, bonjour, booten, browser, defender, desktop, download, explorer, festplatte, firefox, format, google earth, home, icq, kaputt, logfile, microsoft, nodrives, pdf, plug-in, registry, safer networking, schwarzer desktop, security, software, tan, taskmanager, temp, version=1.0, vista |
Linear-Darstellung
