| |
| |||||||
Log-Analyse und Auswertung: Werbung läuft als Audio im Hintergrund, obwohl alles aus.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2012, 00:19
| #1 |
 |  Werbung läuft als Audio im Hintergrund, obwohl alles aus. Im Hintergrund läuft seit heute morgen Werbung im Hintergrund, obwohl mp3 Player, Explorer etc aus ist. Seltsamerweise habe ich (soweit ich mir erinnern kann auch die letzten Tage nichts neues installiert). DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by *** at 19:27:55 on 2012-02-13 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3893.1497 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Windows\TEMP\mrt5C04.tmp\stdrt.exe C:\Windows\system32\taskhost.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\SysWOW64\MAFWTray.exe C:\Program Files (x86)\Winamp\winampa.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\igfxext.exe C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.msn.com uDefault_Page_URL = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun: [<NO NAME>] mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll Trusted Zone: samsungsetup.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7732DFC3-FC1A-4A28-B9C6-155BD9763DEE} : DhcpNameServer = 8.8.8.8 212.9.160.1 TCP: Interfaces\{B56B285C-EB6D-41B7-A4F3-F4D7FB1BF12D} : DhcpNameServer = 192.168.1.1 LSA: Notification Packages = scecli ACGina {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} {9030D464-4C02-4ABF-8ECC-5164760863C6} {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} {DBC80044-A445-435b-BC74-9C25C1C588A9} {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} {21FA44EF-376D-4D53-9B0F-8A89D3229068} mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun-x64: [(Standard)] mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fo74b3va.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-6 86224] R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-6 110032] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-2-3 50536] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-3 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-2-3 74088] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-2-3 133992] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-2-3 145256] R2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-2-3 142696] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-3 2320920] R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys --> C:\Windows\system32\DRIVERS\mafw.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-2-9 689492] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-2-3 79208] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392] . =============== Created Last 30 ================ . 2012-02-13 11:50:05 -------- d-----w- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com 2012-02-13 11:49:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-02-13 11:49:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-02-13 09:52:37 2785792 ----a-w- C:\Windows\SysWow64\GuaD.dll 2012-02-13 09:52:36 2442752 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL 2012-02-13 09:04:08 -------- d-----w- C:\Program Files\CCleaner 2012-02-11 21:43:12 -------- dc-h--w- C:\ProgramData\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6} 2012-02-11 21:42:24 -------- dc-h--w- C:\ProgramData\{A397AF63-B3A1-40DF-AA85-5C5368304B60} 2012-02-11 21:42:15 -------- d-----w- C:\Program Files\Native Instruments 2012-02-11 21:42:15 -------- d-----w- C:\Program Files\Common Files\Native Instruments 2012-02-10 14:17:38 -------- d-----w- C:\ProgramData\Samsung 2012-02-10 14:17:30 36864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst3cpc.dll 2012-02-10 13:28:53 71168 ----a-w- C:\Windows\SysWow64\drivers\ni_usb.sys 2012-02-10 13:28:53 23168 ----a-w- C:\Windows\SysWow64\drivers\NiBoot.sys 2012-02-10 13:28:53 22016 ----a-w- C:\Windows\SysWow64\drivers\ni_avs.sys 2012-02-10 12:09:47 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2C187A8-F0F0-42FC-A7FB-49EFCF9F31FD}\mpengine.dll 2012-02-10 01:22:55 -------- d-----w- C:\ProgramData\Cakewalk 2012-02-09 23:41:55 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2012-02-09 18:06:34 384 ----a-w- C:\Windows\SysWow64\checkOS.bat 2012-02-09 14:29:05 -------- d-----w- C:\Program Files (x86)\Image-Line 2012-02-09 14:28:16 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe 2012-02-08 16:59:33 -------- d-----w- C:\Users\***\AppData\Roaming\Image-Line 2012-02-08 13:36:35 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll 2012-02-08 13:36:35 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll 2012-02-07 23:09:17 -------- d-----w- C:\Program Files (x86)\NI 2012-02-07 22:50:05 -------- d-----w- C:\Temp 2012-02-07 22:48:20 -------- d-----w- C:\Program Files (x86)\coolpro2 2012-02-07 20:32:59 -------- d-----w- C:\Users\***\AppData\Local\Adobe 2012-02-07 15:42:08 -------- d-----w- C:\Program Files (x86)\MP3Gain 2012-02-07 15:06:43 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-02-07 13:58:04 163840 ----a-w- C:\Windows\SysWow64\ArtFfct.dll 2012-02-07 13:54:06 -------- d--h--w- C:\ProgramData\~1 2012-02-07 13:53:45 -------- d--h--w- C:\ProgramData\~0 2012-02-07 13:51:06 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments 2012-02-07 13:51:05 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign 2012-02-07 13:50:30 -------- d-----w- C:\Program Files (x86)\Native Instruments 2012-02-07 13:47:29 -------- d-----w- C:\Users\***\AppData\Local\Native Instruments 2012-02-07 13:46:58 -------- d-----w- C:\Program Files (x86)\Sugar Bytes 2012-02-07 13:44:43 -------- d-----w- C:\Program Files (x86)\Steinberg 2012-02-07 13:22:24 225280 ----a-w- C:\Windows\SysWow64\rewire.dll 2012-02-07 13:22:24 -------- d-----w- C:\Program Files (x86)\VstPlugins 2012-02-07 13:22:15 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm 2012-02-07 13:22:09 -------- d-----w- C:\Program Files (x86)\Outsim 2012-02-07 11:21:42 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-02-06 20:06:03 -------- d-----w- C:\Program Files\M-Audio 2012-02-06 20:03:53 -------- d-----w- C:\Users\***\AppData\Local\Apple Computer 2012-02-06 20:03:48 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-02-06 20:03:48 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-02-06 20:03:48 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-02-06 20:03:17 -------- d-----w- C:\Program Files\iPod 2012-02-06 20:03:16 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-02-06 20:03:16 -------- d-----w- C:\Program Files\iTunes 2012-02-06 20:03:16 -------- d-----w- C:\Program Files (x86)\iTunes 2012-02-06 19:57:22 -------- d-----w- C:\Users\***\AppData\Local\Apple 2012-02-06 19:56:48 -------- d-----w- C:\Program Files\Bonjour 2012-02-06 19:56:48 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-02-06 19:54:31 -------- d-----w- C:\Program Files (x86)\Winamp Detect 2012-02-06 19:44:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-06 19:42:52 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-02-06 19:42:50 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2012-02-06 19:36:46 -------- d-----w- C:\Users\***\AppData\Roaming\Malwarebytes 2012-02-06 19:36:31 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-06 19:36:29 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-06 19:36:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-06 19:33:45 61440 ----a-r- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe 2012-02-06 19:33:45 61440 ----a-r- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe 2012-02-06 19:33:40 -------- d-----w- C:\Program Files (x86)\Serato 2012-02-06 19:16:21 -------- d-----w- C:\Users\***\AppData\Roaming\Avira 2012-02-06 19:10:50 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2012-02-06 19:10:50 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2012-02-06 19:10:49 -------- d-----w- C:\ProgramData\Avira 2012-02-06 19:10:49 -------- d-----w- C:\Program Files (x86)\Avira 2012-02-06 18:08:16 -------- d-----w- C:\Users\***\AppData\Roaming\PwrMgr 2012-02-06 18:05:57 -------- d-sh--r- C:\RRbackups 2012-02-06 18:05:29 -------- d-----w- C:\Users\***\AppData\Roaming\Lenovo 2012-02-06 18:04:08 -------- d-----w- C:\Users\***\AppData\Local\VirtualStore 2012-02-03 18:35:09 1864192 ----a-w- C:\Windows\System32\ExplorerFrame.dll 2012-02-03 18:35:09 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll 2012-02-03 18:33:06 -------- d-----w- C:\Windows\SysWow64\XPSViewer 2012-02-03 18:33:06 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\de-DE 2012-02-03 18:33:06 -------- d-----w- C:\Windows\SysWow64\drivers\de-DE 2012-02-03 18:33:06 -------- d-----w- C:\Windows\SysWow64\de 2012-02-03 18:33:06 -------- d-----w- C:\Windows\SysWow64\0407 2012-02-03 18:33:06 -------- d-----w- C:\Windows\de-DE 2012-02-03 18:33:05 -------- d-----w- C:\Windows\SysWow64\wbem\de-DE 2012-02-03 18:33:05 -------- d-----w- C:\Windows\System32\0407 2012-02-03 18:33:04 -------- d-----w- C:\Windows\System32\wbem\de-DE 2012-02-03 18:33:04 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE 2012-02-03 18:33:04 -------- d-----w- C:\Windows\System32\drivers\de-DE 2012-02-03 18:33:04 -------- d-----w- C:\Windows\System32\de 2012-02-03 18:31:59 9216 ----a-w- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui 2012-02-03 18:27:28 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll 2012-02-03 18:27:28 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll 2012-02-03 18:27:28 198896 ----a-w- C:\Windows\System32\SRSHP64.dll 2012-02-03 18:27:28 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll 2012-02-03 18:27:26 2197264 ----a-w- C:\Windows\System32\MaxxAudioEQ.dll 2012-02-03 18:27:25 108960 ----a-w- C:\Windows\System32\AERTAR64.dll 2012-02-03 18:27:06 1444 ----a-w- C:\Windows\MFGCLEAN.CMD 2012-02-03 18:02:16 -------- d-----w- C:\ProgramData\Lenovo 2012-02-03 13:41:26 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2012-02-03 13:41:26 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2012-02-03 13:32:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll 2012-02-03 13:32:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2012-02-03 13:22:52 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2012-02-03 13:22:52 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2012-02-03 13:22:52 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2012-02-03 13:22:52 444752 ----a-w- C:\Windows\System32\mscoree.dll 2012-02-03 13:22:52 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2012-02-03 13:22:52 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2012-02-03 13:22:52 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2012-02-03 13:22:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2012-02-03 13:22:52 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2012-02-03 13:22:52 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2012-02-03 13:22:30 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-02-03 13:11:59 84992 ----a-w- C:\Windows\System32\asycfilt.dll 2012-02-03 13:10:39 3141632 ----a-w- C:\Windows\System32\win32k.sys 2012-02-03 13:10:39 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2012-02-03 13:10:39 31232 ----a-w- C:\Windows\System32\prevhost.exe 2012-02-03 13:10:36 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2012-02-03 13:10:36 112000 ----a-w- C:\Windows\System32\consent.exe 2012-02-03 13:08:04 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-02-03 13:08:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-02-03 13:08:03 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2012-02-03 13:08:02 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-02-03 13:08:02 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-02-03 13:08:02 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-03 13:07:05 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-02-03 13:07:05 720896 ----a-w- C:\Windows\System32\odbc32.dll 2012-02-03 13:07:05 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2012-02-03 13:07:05 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-02-03 13:07:05 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-02-03 13:07:05 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-02-03 13:07:05 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-02-03 13:07:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-02-03 13:07:05 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-02-03 13:07:05 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-02-03 13:07:01 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-02-03 13:07:01 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-02-03 13:06:55 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2012-02-03 13:06:55 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2012-02-03 13:06:43 77312 ----a-w- C:\Windows\System32\packager.dll 2012-02-03 13:06:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-02-03 13:06:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-02-03 13:06:27 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-02-03 13:06:27 139264 ----a-w- C:\Windows\System32\cabview.dll 2012-02-03 13:06:27 132608 ----a-w- C:\Windows\SysWow64\cabview.dll 2012-02-03 12:38:34 30088 ----a-w- C:\Windows\System32\drivers\msahci.sys 2012-02-03 12:38:34 155528 ----a-w- C:\Windows\System32\drivers\ataport.sys 2012-02-03 12:12:43 163840 ----a-w- C:\Windows\System32\umpo.dll 2012-02-03 12:09:58 15472 ----a-w- C:\Windows\System32\drivers\smiifx64.sys 2012-02-03 12:09:45 45928 ----a-w- C:\Windows\System32\ibmpmsvc.exe 2012-02-03 12:09:45 39024 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys 2012-02-03 12:09:45 38760 ----a-w- C:\Windows\System32\tpinspm.dll 2012-02-03 12:09:40 -------- d-----w- C:\Program Files (x86)\Integrated Camera Driver 2012-02-03 12:08:57 167040 ----a-w- C:\Windows\System32\drivers\5U877.sys 2012-02-03 12:08:57 123392 ----a-w- C:\Windows\System32\5U877.dll 2012-02-03 12:08:57 121856 ----a-w- C:\Windows\System32\5U877.ax 2012-02-03 12:08:57 106496 ----a-w- C:\Windows\SysWow64\5U877.ax 2012-02-03 12:08:26 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2012-02-03 12:06:21 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2125.dll 2012-02-03 12:05:51 40248 ----a-w- C:\Windows\System32\drivers\psadd.sys 2012-02-03 12:05:24 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll 2012-02-03 12:05:23 393264 ----a-w- C:\Windows\System32\drivers\SynTP.sys 2012-02-03 12:05:23 276776 ----a-w- C:\Windows\System32\SynCtrl.dll 2012-02-03 12:05:23 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll 2012-02-03 12:05:23 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll 2012-02-03 12:05:23 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll 2012-02-03 12:05:23 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll 2012-02-03 12:05:23 1048576 ----a-w- C:\Windows\System32\syndata.bin 2012-02-03 12:05:15 1525248 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe 2012-02-03 11:57:09 91136 ----a-w- C:\Windows\SysWow64\dot3api.dll 2012-02-03 11:57:09 56832 ----a-w- C:\Windows\System32\drivers\ndisuio.sys 2012-02-03 11:57:09 47104 ----a-w- C:\Windows\SysWow64\dot3dlg.dll 2012-02-03 11:57:09 115200 ----a-w- C:\Windows\SysWow64\dot3msm.dll 2012-02-03 11:57:08 84992 ----a-w- C:\Windows\System32\dot3api.dll 2012-02-03 11:57:08 57856 ----a-w- C:\Windows\System32\dot3dlg.dll 2012-02-03 11:57:08 252416 ----a-w- C:\Windows\System32\dot3svc.dll 2012-02-03 11:57:08 103936 ----a-w- C:\Windows\System32\dot3msm.dll 2012-02-03 11:52:50 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2012-02-03 11:48:58 222720 ----a-w- C:\Windows\System32\wwanconn.dll 2012-02-03 11:01:34 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-03 10:11:05 -------- d-----w- C:\Program Files\Synaptics 2012-02-03 10:10:55 415528 ----a-w- C:\Windows\System32\SynCOM.dll 2012-02-03 10:10:55 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2012-02-03 10:10:55 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll 2012-02-03 10:10:55 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll 2012-02-03 10:10:38 -------- d-----w- C:\Windows\delnis 2012-02-03 10:10:00 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-02-03 10:09:15 -------- d-----w- C:\Windows\PCHEALTH 2012-02-03 10:09:03 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\db60c03e1cce25b\DSETUP.dll 2012-02-03 10:09:03 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\db60c03e1cce25b\DXSETUP.exe 2012-02-03 10:09:03 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\db60c03e1cce25b\dsetup32.dll 2012-02-03 10:08:49 145952072 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc45D5.tmp 2012-02-03 10:08:14 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive 2012-02-03 10:07:29 145952072 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcD1A.tmp 2012-02-03 10:07:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-02-03 10:06:50 -------- d-----w- C:\Program Files\Common Files\Lenovo 2012-02-03 10:03:02 129784 ------w- C:\Windows\SysWow64\pxafs.dll 2012-02-03 10:03:02 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe 2012-02-03 10:03:02 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe 2012-02-03 10:02:26 -------- d-----w- C:\Windows\Downloaded Installations 2012-02-03 10:02:09 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2012-02-03 10:02:08 -------- d-----w- C:\ProgramData\PCDr 2012-02-03 10:01:51 -------- d-----w- C:\Program Files\PC-Doctor 2012-02-03 10:00:57 -------- d-----w- C:\Program Files (x86)\Verizon Wireless 2012-02-03 10:00:55 -------- d-----w- C:\ProgramData\AT&T 2012-02-03 10:00:55 -------- d-----w- C:\Program Files (x86)\AT&T 2012-02-03 09:57:51 -------- d-----w- C:\ProgramData\InterVideo 2012-02-03 09:57:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2012-02-03 09:56:16 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems 2012-02-03 09:55:32 -------- d-----w- C:\Program Files (x86)\Corel 2012-02-03 09:53:32 -------- d-----w- C:\Program Files (x86)\InterVideo 2012-02-03 09:52:37 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-02-03 09:52:31 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo 2012-02-03 09:50:52 -------- d-----w- C:\swshare 2012-02-03 09:49:59 513384 ------w- C:\Windows\PWMBTHLV.EXE 2012-02-03 09:49:56 14960 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS 2012-02-03 09:49:56 1007976 ----a-w- C:\Windows\System32\PWMCP64V.cpl 2012-02-03 09:49:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-02-03 09:49:53 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-02-03 09:49:53 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-02-03 09:49:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-02-03 09:49:52 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-02-03 09:48:00 -------- d-----w- C:\Program Files\Common Files\Intel 2012-02-03 09:48:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2012-02-03 09:46:55 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2012-02-03 09:45:57 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys 2012-02-03 09:45:57 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys 2012-02-03 09:45:56 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys 2012-02-03 09:45:56 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys 2012-02-03 09:45:47 -------- d-----w- C:\Program Files\ThinkPad 2012-02-03 09:44:45 -------- d-sh--w- C:\Windows\Installer 2012-02-03 09:44:36 -------- d-----w- C:\Program Files (x86)\Lenovo 2012-02-03 09:43:38 -------- d-----w- C:\Program Files\Lenovo 2012-02-03 09:43:26 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2012-02-03 09:43:23 -------- d-----w- C:\Intel 2012-02-03 09:43:21 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2012-02-03 09:41:50 -------- d-----w- C:\Windows\SysWow64\RTCOM 2012-02-03 09:41:50 -------- d-----w- C:\Program Files\Realtek . ==================== Find3M ==================== . 2012-02-03 18:32:17 2560 ----a-w- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui 2012-02-03 18:31:59 5632 ----a-w- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui 2012-02-03 18:31:59 2560 ----a-w- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui 2012-02-03 18:31:55 51712 ----a-w- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui 2012-02-03 18:31:50 29696 ----a-w- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui 2012-02-03 18:31:50 16896 ----a-w- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui 2012-02-03 09:58:25 55072 ----a-w- C:\Windows\SysWow64\jureg.exe 2012-02-03 09:58:25 411368 ----a-w- C:\Windows\SysWow64\deploytk.dll 2012-02-03 09:58:25 386872 ----a-w- C:\Windows\SysWow64\jucheck.exe 2012-02-03 09:58:25 149280 ----a-w- C:\Windows\SysWow64\jusched.exe 2012-02-03 09:58:16 455680 ----a-w- C:\Windows\System32\deploytk.dll 2012-02-03 09:58:16 432128 ----a-w- C:\Windows\System32\jucheck.exe 2012-02-03 09:58:16 41984 ----a-w- C:\Windows\System32\jureg.exe 2012-02-03 09:58:16 172032 ----a-w- C:\Windows\System32\jusched.exe 2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 19:29:01,51 =============== |
|
14.02.2012, 00:26
| #2 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. Sorry, beim ersten Versuch, die Logfiles hochzuladen, ist wol was schief gegangen.
__________________ |
|
14.02.2012, 10:56
| #3 |
| /// Malware-holic   | Werbung läuft als Audio im Hintergrund, obwohl alles aus. hi,
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
14.02.2012, 20:27
| #4 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. 20:16:28.0641 7144 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52 20:16:28.0985 7144 ============================================================ 20:16:28.0985 7144 Current date / time: 2012/02/14 20:16:28.0985 20:16:28.0985 7144 SystemInfo: 20:16:28.0985 7144 20:16:28.0985 7144 OS Version: 6.1.7600 ServicePack: 0.0 20:16:28.0985 7144 Product type: Workstation 20:16:28.0985 7144 ComputerName: ***-THINK 20:16:28.0986 7144 UserName: *** 20:16:28.0986 7144 Windows directory: C:\Windows 20:16:28.0986 7144 System windows directory: C:\Windows 20:16:28.0986 7144 Running under WOW64 20:16:28.0986 7144 Processor architecture: Intel x64 20:16:28.0986 7144 Number of processors: 4 20:16:28.0986 7144 Page size: 0x1000 20:16:28.0986 7144 Boot type: Normal boot 20:16:28.0986 7144 ============================================================ 20:16:29.0797 7144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:16:29.0810 7144 \Device\Harddisk0\DR0: 20:16:29.0811 7144 MBR used 20:16:29.0811 7144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 20:16:29.0811 7144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38CAB000 20:16:29.0811 7144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F03800, BlocksNum 0x1482030 20:16:29.0902 7144 Initialize success 20:16:29.0902 7144 ============================================================ 20:17:42.0949 6656 ============================================================ 20:17:42.0949 6656 Scan started 20:17:42.0949 6656 Mode: Manual; SigCheck; TDLFS; 20:17:42.0949 6656 ============================================================ 20:17:44.0414 6656 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 20:17:44.0577 6656 1394ohci - ok 20:17:44.0702 6656 5U877 (3938f20c6741424bf202cc1f85f25767) C:\Windows\system32\DRIVERS\5U877.sys 20:17:44.0771 6656 5U877 - ok 20:17:44.0914 6656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 20:17:44.0954 6656 ACPI - ok 20:17:45.0009 6656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 20:17:45.0110 6656 AcpiPmi - ok 20:17:45.0256 6656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:17:45.0303 6656 adp94xx - ok 20:17:45.0394 6656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:17:45.0447 6656 adpahci - ok 20:17:45.0515 6656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:17:45.0547 6656 adpu320 - ok 20:17:45.0642 6656 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 20:17:45.0723 6656 AFD - ok 20:17:45.0808 6656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 20:17:45.0833 6656 agp440 - ok 20:17:45.0950 6656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 20:17:45.0973 6656 aliide - ok 20:17:46.0011 6656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 20:17:46.0033 6656 amdide - ok 20:17:46.0085 6656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:17:46.0134 6656 AmdK8 - ok 20:17:46.0207 6656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:17:46.0263 6656 AmdPPM - ok 20:17:46.0359 6656 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 20:17:46.0386 6656 amdsata - ok 20:17:46.0447 6656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:17:46.0479 6656 amdsbs - ok 20:17:46.0518 6656 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 20:17:46.0541 6656 amdxata - ok 20:17:46.0613 6656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 20:17:46.0776 6656 AppID - ok 20:17:46.0891 6656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:17:46.0917 6656 arc - ok 20:17:46.0981 6656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:17:47.0008 6656 arcsas - ok 20:17:47.0072 6656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:17:47.0273 6656 AsyncMac - ok 20:17:47.0362 6656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 20:17:47.0385 6656 atapi - ok 20:17:47.0445 6656 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 20:17:47.0515 6656 avgntflt - ok 20:17:47.0595 6656 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys 20:17:47.0617 6656 avipbb - ok 20:17:47.0654 6656 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 20:17:47.0672 6656 avkmgr - ok 20:17:47.0747 6656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:17:47.0830 6656 b06bdrv - ok 20:17:47.0919 6656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:17:47.0976 6656 b57nd60a - ok 20:17:48.0115 6656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:17:48.0228 6656 Beep - ok 20:17:48.0338 6656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:17:48.0381 6656 blbdrive - ok 20:17:48.0478 6656 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 20:17:48.0537 6656 bowser - ok 20:17:48.0593 6656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:17:48.0655 6656 BrFiltLo - ok 20:17:48.0668 6656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:17:48.0704 6656 BrFiltUp - ok 20:17:48.0757 6656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:17:48.0899 6656 Brserid - ok 20:17:49.0020 6656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:17:49.0078 6656 BrSerWdm - ok 20:17:49.0129 6656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:17:49.0190 6656 BrUsbMdm - ok 20:17:49.0318 6656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:17:49.0358 6656 BrUsbSer - ok 20:17:49.0467 6656 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 20:17:49.0554 6656 BthEnum - ok 20:17:49.0641 6656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:17:49.0692 6656 BTHMODEM - ok 20:17:49.0754 6656 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 20:17:49.0812 6656 BthPan - ok 20:17:49.0932 6656 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 20:17:50.0010 6656 BTHPORT - ok 20:17:50.0115 6656 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 20:17:50.0144 6656 BTHUSB - ok 20:17:50.0188 6656 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 20:17:50.0207 6656 btwaudio - ok 20:17:50.0239 6656 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys 20:17:50.0260 6656 btwavdt - ok 20:17:50.0346 6656 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 20:17:50.0361 6656 btwl2cap - ok 20:17:50.0404 6656 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 20:17:50.0418 6656 btwrchid - ok 20:17:50.0471 6656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:17:50.0584 6656 cdfs - ok 20:17:50.0639 6656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 20:17:50.0683 6656 cdrom - ok 20:17:50.0789 6656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:17:50.0844 6656 circlass - ok 20:17:50.0897 6656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:17:50.0936 6656 CLFS - ok 20:17:51.0039 6656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:17:51.0088 6656 CmBatt - ok 20:17:51.0130 6656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 20:17:51.0152 6656 cmdide - ok 20:17:51.0209 6656 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 20:17:51.0294 6656 CNG - ok 20:17:51.0392 6656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:17:51.0415 6656 Compbatt - ok 20:17:51.0476 6656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:17:51.0526 6656 CompositeBus - ok 20:17:51.0619 6656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:17:51.0642 6656 crcdisk - ok 20:17:51.0726 6656 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 20:17:51.0783 6656 DfsC - ok 20:17:51.0882 6656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:17:51.0997 6656 discache - ok 20:17:52.0046 6656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:17:52.0071 6656 Disk - ok 20:17:52.0145 6656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:17:52.0196 6656 drmkaud - ok 20:17:52.0257 6656 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 20:17:52.0341 6656 DXGKrnl - ok 20:17:52.0477 6656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:17:52.0663 6656 ebdrv - ok 20:17:52.0789 6656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:17:52.0851 6656 elxstor - ok 20:17:52.0937 6656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 20:17:52.0990 6656 ErrDev - ok 20:17:53.0118 6656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:17:53.0239 6656 exfat - ok 20:17:53.0277 6656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:17:53.0399 6656 fastfat - ok 20:17:53.0458 6656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:17:53.0501 6656 fdc - ok 20:17:53.0616 6656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:17:53.0642 6656 FileInfo - ok 20:17:53.0663 6656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:17:53.0784 6656 Filetrace - ok 20:17:53.0799 6656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:17:53.0827 6656 flpydisk - ok 20:17:53.0864 6656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 20:17:53.0900 6656 FltMgr - ok 20:17:54.0003 6656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:17:54.0028 6656 FsDepends - ok 20:17:54.0064 6656 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 20:17:54.0089 6656 Fs_Rec - ok 20:17:54.0180 6656 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:17:54.0217 6656 fvevol - ok 20:17:54.0257 6656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:17:54.0282 6656 gagp30kx - ok 20:17:54.0326 6656 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:17:54.0342 6656 GEARAspiWDM - ok 20:17:54.0384 6656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:17:54.0460 6656 hcw85cir - ok 20:17:54.0562 6656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 20:17:54.0627 6656 HdAudAddService - ok 20:17:54.0736 6656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:17:54.0791 6656 HDAudBus - ok 20:17:54.0855 6656 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 20:17:54.0876 6656 HECIx64 - ok 20:17:54.0935 6656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:17:54.0975 6656 HidBatt - ok 20:17:55.0036 6656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:17:55.0104 6656 HidBth - ok 20:17:55.0237 6656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:17:55.0289 6656 HidIr - ok 20:17:55.0414 6656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 20:17:55.0454 6656 HidUsb - ok 20:17:55.0570 6656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:17:55.0595 6656 HpSAMD - ok 20:17:55.0720 6656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 20:17:55.0853 6656 HTTP - ok 20:17:55.0919 6656 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 20:17:55.0941 6656 hwpolicy - ok 20:17:56.0023 6656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 20:17:56.0054 6656 i8042prt - ok 20:17:56.0112 6656 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys 20:17:56.0148 6656 iaStor - ok 20:17:56.0200 6656 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 20:17:56.0243 6656 iaStorV - ok 20:17:56.0279 6656 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 20:17:56.0295 6656 IBMPMDRV - ok 20:17:56.0612 6656 igfx (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:17:57.0108 6656 igfx - ok 20:17:57.0201 6656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:17:57.0224 6656 iirsp - ok 20:17:57.0265 6656 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 20:17:57.0321 6656 Impcd - ok 20:17:57.0491 6656 IntcAzAudAddService (1c11e5d258bc374e7fbd598d75e49b75) C:\Windows\system32\drivers\RTKVHD64.sys 20:17:57.0645 6656 IntcAzAudAddService - ok 20:17:57.0703 6656 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys 20:17:57.0765 6656 IntcDAud - ok 20:17:57.0857 6656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 20:17:57.0880 6656 intelide - ok 20:17:57.0927 6656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:17:57.0970 6656 intelppm - ok 20:17:58.0085 6656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:17:58.0191 6656 IpFilterDriver - ok 20:17:58.0296 6656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:17:58.0325 6656 IPMIDRV - ok 20:17:58.0349 6656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:17:58.0476 6656 IPNAT - ok 20:17:58.0575 6656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:17:58.0664 6656 IRENUM - ok 20:17:58.0690 6656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 20:17:58.0712 6656 isapnp - ok 20:17:58.0754 6656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 20:17:58.0787 6656 iScsiPrt - ok 20:17:58.0855 6656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:17:58.0879 6656 kbdclass - ok 20:17:58.0929 6656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 20:17:58.0975 6656 kbdhid - ok 20:17:59.0069 6656 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 20:17:59.0095 6656 KSecDD - ok 20:17:59.0120 6656 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 20:17:59.0150 6656 KSecPkg - ok 20:17:59.0180 6656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:17:59.0290 6656 ksthunk - ok 20:17:59.0351 6656 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys 20:17:59.0366 6656 lenovo.smi - ok 20:17:59.0457 6656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:17:59.0570 6656 lltdio - ok 20:17:59.0628 6656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:17:59.0656 6656 LSI_FC - ok 20:17:59.0671 6656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:17:59.0698 6656 LSI_SAS - ok 20:17:59.0719 6656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:17:59.0744 6656 LSI_SAS2 - ok 20:17:59.0767 6656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:17:59.0794 6656 LSI_SCSI - ok 20:17:59.0823 6656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:17:59.0942 6656 luafv - ok 20:18:00.0039 6656 MAFW (3404abc72d1075b171231d4169207312) C:\Windows\system32\DRIVERS\mafw.sys 20:18:00.0067 6656 MAFW - ok 20:18:00.0144 6656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:18:00.0168 6656 megasas - ok 20:18:00.0207 6656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:18:00.0242 6656 MegaSR - ok 20:18:00.0261 6656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:18:00.0367 6656 Modem - ok 20:18:00.0450 6656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:18:00.0498 6656 monitor - ok 20:18:00.0594 6656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:18:00.0618 6656 mouclass - ok 20:18:00.0650 6656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:18:00.0679 6656 mouhid - ok 20:18:00.0716 6656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 20:18:00.0742 6656 mountmgr - ok 20:18:00.0767 6656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 20:18:00.0796 6656 mpio - ok 20:18:00.0819 6656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:18:00.0939 6656 mpsdrv - ok 20:18:00.0981 6656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 20:18:01.0036 6656 MRxDAV - ok 20:18:01.0087 6656 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:18:01.0134 6656 mrxsmb - ok 20:18:01.0161 6656 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:18:01.0205 6656 mrxsmb10 - ok 20:18:01.0239 6656 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:18:01.0288 6656 mrxsmb20 - ok 20:18:01.0326 6656 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys 20:18:01.0350 6656 msahci - ok 20:18:01.0389 6656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 20:18:01.0417 6656 msdsm - ok 20:18:01.0454 6656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:18:01.0551 6656 Msfs - ok 20:18:01.0568 6656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:18:01.0675 6656 mshidkmdf - ok 20:18:01.0702 6656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 20:18:01.0726 6656 msisadrv - ok 20:18:01.0823 6656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:18:01.0932 6656 MSKSSRV - ok 20:18:01.0965 6656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:18:02.0078 6656 MSPCLOCK - ok 20:18:02.0169 6656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:18:02.0278 6656 MSPQM - ok 20:18:02.0319 6656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 20:18:02.0359 6656 MsRPC - ok 20:18:02.0383 6656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 20:18:02.0405 6656 mssmbios - ok 20:18:02.0439 6656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:18:02.0549 6656 MSTEE - ok 20:18:02.0564 6656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:18:02.0603 6656 MTConfig - ok 20:18:02.0636 6656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:18:02.0661 6656 Mup - ok 20:18:02.0753 6656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:18:02.0826 6656 NativeWifiP - ok 20:18:02.0943 6656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 20:18:03.0023 6656 NDIS - ok 20:18:03.0047 6656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:18:03.0157 6656 NdisCap - ok 20:18:03.0238 6656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:18:03.0349 6656 NdisTapi - ok 20:18:03.0400 6656 Ndisuio (b8d7f5a7e5970635888f451058f152ac) C:\Windows\system32\DRIVERS\ndisuio.sys 20:18:03.0452 6656 Ndisuio - ok 20:18:03.0488 6656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:18:03.0612 6656 NdisWan - ok 20:18:03.0673 6656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 20:18:03.0770 6656 NDProxy - ok 20:18:03.0816 6656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:18:03.0926 6656 NetBIOS - ok 20:18:03.0966 6656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 20:18:04.0090 6656 NetBT - ok 20:18:04.0333 6656 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 20:18:04.0605 6656 netw5v64 - ok 20:18:04.0625 6656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:18:04.0649 6656 nfrd960 - ok 20:18:04.0713 6656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:18:04.0826 6656 Npfs - ok 20:18:04.0874 6656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:18:04.0986 6656 nsiproxy - ok 20:18:05.0071 6656 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 20:18:05.0187 6656 Ntfs - ok 20:18:05.0245 6656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:18:05.0360 6656 Null - ok 20:18:05.0415 6656 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 20:18:05.0444 6656 nvraid - ok 20:18:05.0485 6656 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 20:18:05.0514 6656 nvstor - ok 20:18:05.0563 6656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 20:18:05.0596 6656 nv_agp - ok 20:18:05.0624 6656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 20:18:05.0667 6656 ohci1394 - ok 20:18:05.0706 6656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:18:05.0737 6656 Parport - ok 20:18:05.0781 6656 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 20:18:05.0808 6656 partmgr - ok 20:18:05.0839 6656 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 20:18:05.0876 6656 pci - ok 20:18:05.0915 6656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 20:18:05.0939 6656 pciide - ok 20:18:05.0984 6656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:18:06.0016 6656 pcmcia - ok 20:18:06.0037 6656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:18:06.0062 6656 pcw - ok 20:18:06.0093 6656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:18:06.0239 6656 PEAUTH - ok 20:18:06.0413 6656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 20:18:06.0533 6656 PptpMiniport - ok 20:18:06.0572 6656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:18:06.0622 6656 Processor - ok 20:18:06.0718 6656 psadd (b8035af9cc0ccba9a09ac0a0d9801797) C:\Windows\system32\DRIVERS\psadd.sys 20:18:06.0735 6656 psadd - ok 20:18:06.0782 6656 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 20:18:06.0892 6656 Psched - ok 20:18:06.0975 6656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:18:07.0099 6656 ql2300 - ok 20:18:07.0173 6656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:18:07.0201 6656 ql40xx - ok 20:18:07.0219 6656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:18:07.0277 6656 QWAVEdrv - ok 20:18:07.0310 6656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:18:07.0427 6656 RasAcd - ok 20:18:07.0538 6656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:18:07.0654 6656 RasAgileVpn - ok 20:18:07.0731 6656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:18:07.0829 6656 Rasl2tp - ok 20:18:07.0886 6656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:18:08.0000 6656 RasPppoe - ok 20:18:08.0064 6656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:18:08.0182 6656 RasSstp - ok 20:18:08.0213 6656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 20:18:08.0325 6656 rdbss - ok 20:18:08.0367 6656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:18:08.0415 6656 rdpbus - ok 20:18:08.0482 6656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:18:08.0589 6656 RDPCDD - ok 20:18:08.0622 6656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:18:08.0733 6656 RDPENCDD - ok 20:18:08.0820 6656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:18:08.0919 6656 RDPREFMP - ok 20:18:08.0944 6656 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 20:18:09.0066 6656 RDPWD - ok 20:18:09.0138 6656 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 20:18:09.0170 6656 rdyboost - ok 20:18:09.0258 6656 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 20:18:09.0311 6656 RFCOMM - ok 20:18:09.0413 6656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:18:09.0532 6656 rspndr - ok 20:18:09.0581 6656 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys 20:18:09.0611 6656 RSUSBSTOR - ok 20:18:09.0706 6656 RTL8167 (5b04929ef24f87e239b880faae410e3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:18:09.0780 6656 RTL8167 - ok 20:18:09.0902 6656 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys 20:18:09.0984 6656 RTL8192Ce - ok 20:18:10.0070 6656 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 20:18:10.0085 6656 SASDIFSV - ok 20:18:10.0116 6656 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 20:18:10.0131 6656 SASKUTIL - ok 20:18:10.0212 6656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 20:18:10.0238 6656 sbp2port - ok 20:18:10.0257 6656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 20:18:10.0372 6656 scfilter - ok 20:18:10.0417 6656 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 20:18:10.0467 6656 sdbus - ok 20:18:10.0552 6656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:18:10.0671 6656 secdrv - ok 20:18:10.0715 6656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:18:10.0746 6656 Serenum - ok 20:18:10.0773 6656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:18:10.0824 6656 Serial - ok 20:18:10.0889 6656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:18:10.0938 6656 sermouse - ok 20:18:11.0005 6656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 20:18:11.0056 6656 sffdisk - ok 20:18:11.0070 6656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 20:18:11.0119 6656 sffp_mmc - ok 20:18:11.0133 6656 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:18:11.0178 6656 sffp_sd - ok 20:18:11.0204 6656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:18:11.0252 6656 sfloppy - ok 20:18:11.0347 6656 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys 20:18:11.0369 6656 Shockprf - ok 20:18:11.0403 6656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:18:11.0428 6656 SiSRaid2 - ok 20:18:11.0450 6656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:18:11.0476 6656 SiSRaid4 - ok 20:18:11.0507 6656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:18:11.0622 6656 Smb - ok 20:18:11.0728 6656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:18:11.0750 6656 spldr - ok 20:18:11.0807 6656 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 20:18:11.0864 6656 srv - ok 20:18:11.0899 6656 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 20:18:11.0957 6656 srv2 - ok 20:18:12.0061 6656 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 20:18:12.0099 6656 SrvHsfHDA - ok 20:18:12.0160 6656 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 20:18:12.0257 6656 SrvHsfV92 - ok 20:18:12.0293 6656 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 20:18:12.0371 6656 SrvHsfWinac - ok 20:18:12.0469 6656 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 20:18:12.0522 6656 srvnet - ok 20:18:12.0630 6656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:18:12.0654 6656 stexstor - ok 20:18:12.0708 6656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 20:18:12.0730 6656 swenum - ok 20:18:12.0827 6656 SynTP (772493a8945495f1a287bf6c4ca25b48) C:\Windows\system32\DRIVERS\SynTP.sys 20:18:12.0862 6656 SynTP - ok 20:18:13.0034 6656 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 20:18:13.0169 6656 Tcpip - ok 20:18:13.0254 6656 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 20:18:13.0354 6656 TCPIP6 - ok 20:18:13.0393 6656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 20:18:13.0501 6656 tcpipreg - ok 20:18:13.0540 6656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:18:13.0658 6656 TDPIPE - ok 20:18:13.0672 6656 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 20:18:13.0769 6656 TDTCP - ok 20:18:13.0801 6656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 20:18:13.0900 6656 tdx - ok 20:18:13.0960 6656 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 20:18:13.0985 6656 TermDD - ok 20:18:14.0063 6656 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys 20:18:14.0079 6656 TPDIGIMN - ok 20:18:14.0173 6656 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys 20:18:14.0202 6656 TPM - ok 20:18:14.0261 6656 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys 20:18:14.0279 6656 TPPWRIF - ok 20:18:14.0308 6656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:18:14.0406 6656 tssecsrv - ok 20:18:14.0453 6656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 20:18:14.0566 6656 tunnel - ok 20:18:14.0635 6656 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys 20:18:14.0653 6656 TurboB - ok 20:18:14.0695 6656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:18:14.0720 6656 uagp35 - ok 20:18:14.0749 6656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 20:18:14.0870 6656 udfs - ok 20:18:14.0900 6656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:18:14.0925 6656 uliagpkx - ok 20:18:14.0970 6656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 20:18:15.0029 6656 umbus - ok 20:18:15.0123 6656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:18:15.0152 6656 UmPass - ok 20:18:15.0198 6656 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 20:18:15.0257 6656 usbccgp - ok 20:18:15.0349 6656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 20:18:15.0407 6656 usbcir - ok 20:18:15.0461 6656 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 20:18:15.0488 6656 usbehci - ok 20:18:15.0555 6656 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 20:18:15.0607 6656 usbhub - ok 20:18:15.0653 6656 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 20:18:15.0679 6656 usbohci - ok 20:18:15.0742 6656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:18:15.0797 6656 usbprint - ok 20:18:15.0838 6656 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:18:15.0913 6656 USBSTOR - ok 20:18:15.0997 6656 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 20:18:16.0034 6656 usbuhci - ok 20:18:16.0145 6656 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 20:18:16.0225 6656 usbvideo - ok 20:18:16.0321 6656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:18:16.0345 6656 vdrvroot - ok 20:18:16.0369 6656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:18:16.0406 6656 vga - ok 20:18:16.0428 6656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:18:16.0536 6656 VgaSave - ok 20:18:16.0573 6656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 20:18:16.0606 6656 vhdmp - ok 20:18:16.0639 6656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 20:18:16.0662 6656 viaide - ok 20:18:16.0702 6656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 20:18:16.0727 6656 volmgr - ok 20:18:16.0753 6656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 20:18:16.0806 6656 volmgrx - ok 20:18:16.0851 6656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 20:18:16.0887 6656 volsnap - ok 20:18:16.0917 6656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:18:16.0947 6656 vsmraid - ok 20:18:16.0981 6656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:18:17.0030 6656 vwifibus - ok 20:18:17.0058 6656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:18:17.0117 6656 vwififlt - ok 20:18:17.0211 6656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:18:17.0252 6656 WacomPen - ok 20:18:17.0291 6656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:18:17.0401 6656 WANARP - ok 20:18:17.0423 6656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:18:17.0522 6656 Wanarpv6 - ok 20:18:17.0601 6656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:18:17.0625 6656 Wd - ok 20:18:17.0668 6656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:18:17.0730 6656 Wdf01000 - ok 20:18:17.0796 6656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:18:17.0896 6656 WfpLwf - ok 20:18:17.0929 6656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:18:17.0960 6656 WIMMount - ok 20:18:18.0087 6656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:18:18.0130 6656 WmiAcpi - ok 20:18:18.0250 6656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:18:18.0365 6656 ws2ifsl - ok 20:18:18.0413 6656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 20:18:18.0533 6656 WudfPf - ok 20:18:18.0617 6656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:18:18.0738 6656 WUDFRd - ok 20:18:18.0781 6656 MBR (0x1B8) (303b1eb094a6b732b37f438a04a34d8f) \Device\Harddisk0\DR0 20:18:18.0953 6656 \Device\Harddisk0\DR0 - ok 20:18:18.0991 6656 Boot (0x1200) (f343bba8f5ee0d6c78346abed936cbcc) \Device\Harddisk0\DR0\Partition0 20:18:18.0993 6656 \Device\Harddisk0\DR0\Partition0 - ok 20:18:19.0002 6656 Boot (0x1200) (e816c845a1960264d40320e46c7fc2a3) \Device\Harddisk0\DR0\Partition1 20:18:19.0005 6656 \Device\Harddisk0\DR0\Partition1 - ok 20:18:19.0035 6656 Boot (0x1200) (c319caf493f28d7d7c92e639f8aae27a) \Device\Harddisk0\DR0\Partition2 20:18:19.0038 6656 \Device\Harddisk0\DR0\Partition2 - ok 20:18:19.0038 6656 ============================================================ 20:18:19.0038 6656 Scan finished 20:18:19.0038 6656 ============================================================ 20:18:19.0057 5332 Detected object count: 0 20:18:19.0057 5332 Actual detected object count: 0 |
|
14.02.2012, 20:29
| #5 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. ok, Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.02.2012, 00:18
| #6 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. Combofix Logfile: Code:
ATTFilter ComboFix 12-02-13.01 - *** 14.02.2012 21:46:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3893.1112 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Samples\50.wav
c:\users\Samples\I Surrender, DearLong .wav
c:\users\Samples\I Surrender, DearLongPart1 .wav
c:\users\Samples\I Surrender, DearLongPart2 .wav
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\lsprst7.dll
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-14 bis 2012-02-14 ))))))))))))))))))))))))))))))
.
.
2012-02-14 20:52 . 2012-02-14 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 06:34 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A91B0A4C-E3CB-4DA9-868A-E9B9440BFFED}\mpengine.dll
2012-02-14 06:30 . 2012-02-14 06:30 -------- d-----w- c:\windows\Sun
2012-02-13 23:56 . 2012-02-13 23:57 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-13 23:56 . 2012-02-13 23:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-13 23:55 . 2012-02-13 23:55 -------- d-----w- c:\program files (x86)\Java
2012-02-13 23:13 . 2012-02-13 23:13 -------- d-----w- c:\program files (x86)\7-Zip
2012-02-13 11:49 . 2012-02-13 11:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-13 11:49 . 2012-02-13 11:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-13 09:52 . 2010-06-06 22:37 2785792 ----a-w- c:\windows\SysWow64\GuaD.dll
2012-02-13 09:52 . 2010-04-08 20:47 2442752 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2012-02-13 09:04 . 2012-02-13 09:04 -------- d-----w- c:\program files\CCleaner
2012-02-11 21:43 . 2012-02-11 21:43 -------- dc-h--w- c:\programdata\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
2012-02-11 21:42 . 2012-02-11 21:42 -------- dc-h--w- c:\programdata\{A397AF63-B3A1-40DF-AA85-5C5368304B60}
2012-02-11 21:42 . 2012-02-11 21:42 -------- d-----w- c:\program files\Native Instruments
2012-02-11 21:42 . 2012-02-11 21:42 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-02-10 14:17 . 2012-02-10 14:17 -------- d-----w- c:\programdata\Samsung
2012-02-10 14:17 . 2011-06-21 01:24 36864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sst3cpc.dll
2012-02-10 13:28 . 2005-10-18 16:20 71168 ----a-w- c:\windows\SysWow64\drivers\ni_usb.sys
2012-02-10 13:28 . 2005-10-18 16:20 23168 ----a-w- c:\windows\SysWow64\drivers\NiBoot.sys
2012-02-10 13:28 . 2005-10-18 16:20 22016 ----a-w- c:\windows\SysWow64\drivers\ni_avs.sys
2012-02-10 01:22 . 2012-02-10 01:22 -------- d-----w- c:\programdata\Cakewalk
2012-02-09 23:41 . 2012-02-09 23:41 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-02-09 18:06 . 2012-02-09 18:06 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-02-09 14:29 . 2012-02-09 23:41 -------- d-----w- c:\program files (x86)\Image-Line
2012-02-09 14:28 . 2012-02-09 14:28 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-02-08 13:36 . 2012-02-08 13:36 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-02-07 23:09 . 2012-02-07 23:25 -------- d-----w- c:\program files (x86)\NI
2012-02-07 22:50 . 2012-02-13 10:39 -------- d-----w- C:\Temp
2012-02-07 22:48 . 2012-02-11 22:05 -------- d-----w- c:\program files (x86)\coolpro2
2012-02-07 20:08 . 2012-02-07 20:08 -------- d-----w- c:\program files (x86)\Smart Projects
2012-02-07 15:42 . 2012-02-09 18:41 -------- d-----w- c:\program files (x86)\MP3Gain
2012-02-07 13:58 . 2004-03-17 18:54 163840 ----a-w- c:\windows\SysWow64\ArtFfct.dll
2012-02-07 13:54 . 2012-02-09 12:05 -------- d--h--w- c:\programdata\~1
2012-02-07 13:53 . 2012-02-09 12:05 -------- d--h--w- c:\programdata\~0
2012-02-07 13:51 . 2012-02-07 13:53 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-02-07 13:51 . 2012-02-07 13:51 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-02-07 13:50 . 2012-02-11 21:29 -------- d-----w- c:\program files (x86)\Native Instruments
2012-02-07 13:46 . 2012-02-09 11:56 -------- d-----w- c:\program files (x86)\Sugar Bytes
2012-02-07 13:44 . 2012-02-09 11:56 -------- d-----w- c:\program files (x86)\Steinberg
2012-02-07 13:41 . 2012-02-14 20:51 -------- d-----w- c:\users\Samples
2012-02-07 13:40 . 2012-02-07 13:43 -------- d-----w- c:\users\Track
2012-02-07 13:22 . 2012-02-13 09:53 -------- d-----w- c:\program files (x86)\VstPlugins
2012-02-07 13:22 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-02-07 13:22 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-02-07 13:22 . 2012-02-07 13:22 -------- d-----w- c:\program files (x86)\Outsim
2012-02-07 11:21 . 2012-02-07 11:21 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-06 20:06 . 2012-02-06 20:06 -------- d-----w- c:\program files\M-Audio
2012-02-06 20:03 . 2012-02-06 20:03 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-06 19:56 . 2012-02-06 19:57 -------- d-----w- c:\programdata\Apple
2012-02-06 19:54 . 2012-02-06 19:54 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-02-06 19:54 . 2012-02-06 19:54 -------- d-----w- c:\program files (x86)\Winamp
2012-02-06 19:44 . 2012-02-09 18:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-06 19:42 . 2012-02-09 12:05 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-06 19:42 . 2012-02-06 19:42 -------- d-----w- c:\programdata\McAfee
2012-02-06 19:42 . 2012-02-10 12:45 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-02-06 19:42 . 2012-02-06 19:42 -------- d-----w- c:\windows\system32\Macromed
2012-02-06 19:36 . 2012-02-06 19:36 -------- d-----w- c:\programdata\Malwarebytes
2012-02-06 19:36 . 2012-02-06 19:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-06 19:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 19:33 . 2012-02-06 19:33 -------- d-----w- c:\program files (x86)\Serato
2012-02-06 19:10 . 2011-12-15 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-06 19:10 . 2011-12-15 13:59 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-06 19:10 . 2011-12-15 13:59 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-06 19:10 . 2012-02-06 19:10 -------- d-----w- c:\programdata\Avira
2012-02-06 19:10 . 2012-02-06 19:10 -------- d-----w- c:\program files (x86)\Avira
2012-02-06 18:05 . 2012-02-06 18:05 -------- d-sh--r- C:\RRbackups
2012-02-03 18:35 . 2012-02-03 18:35 1864192 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-03 18:35 . 2012-02-03 18:35 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\drivers\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\de
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\0407
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\system32\0407
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\system32\drivers\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-02-03 18:33 . 2012-02-03 18:33 -------- d-----w- c:\windows\system32\de
2012-02-03 18:32 . 2012-02-03 18:32 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2012-02-03 18:27 . 2009-11-24 00:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2012-02-03 18:27 . 2009-11-24 00:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2012-02-03 18:27 . 2009-11-24 00:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2012-02-03 18:27 . 2009-11-24 00:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2012-02-03 18:27 . 2009-11-18 09:42 2197264 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2012-02-03 18:27 . 2009-11-17 09:12 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2012-02-03 18:27 . 2012-02-03 18:27 1444 ----a-w- c:\windows\MFGCLEAN.CMD
2012-02-03 18:02 . 2012-02-09 12:05 -------- d-----w- c:\programdata\Lenovo
2012-02-03 13:41 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-03 13:41 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-03 13:32 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-03 13:32 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-03 13:22 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-03 13:22 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-03 13:22 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-03 13:22 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-03 13:22 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-03 13:22 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-03 13:22 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-03 13:22 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-03 13:22 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-03 13:22 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-03 13:22 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-02-03 13:11 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-02-03 13:10 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 13:10 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-03 13:10 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-03 13:10 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-03 13:10 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-02-03 13:08 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-03 13:08 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-03 13:08 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-03 13:08 . 2011-06-23 05:31 5474688 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 13:08 . 2011-06-23 04:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-03 13:08 . 2011-06-23 04:32 3911552 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-03 13:07 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-02-03 13:07 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-02-03 13:07 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-02-03 13:07 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-02-03 13:07 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-02-03 13:07 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-02-03 13:07 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-02-03 13:07 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 18:32 . 2012-02-03 18:32 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-02-03 18:31 . 2012-02-03 18:31 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-02-03 18:31 . 2012-02-03 18:31 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-02-03 18:31 . 2012-02-03 18:31 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-02-03 18:31 . 2012-02-03 18:31 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-02-03 18:31 . 2012-02-03 18:31 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-24 1544040]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-02-09 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
.
2012-02-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 07:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-30 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-30 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-30 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"combofix"="c:\combofix\CF1752.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\w*w
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fo74b3va.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\windows\TEMP\mrt55CC.tmp\stdrt.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\SysWOW64\MAFWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-14 21:59:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-14 20:59
.
Vor Suchlauf: 10 Verzeichnis(se), 373.120.614.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 374.192.664.576 Bytes frei
.
- - End Of File - - 84A2BCA1A4ADCA914ADE77AFAEDBBFA4
|
|
16.02.2012, 10:58
| #7 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. sieht auch ok aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.02.2012, 22:30
| #8 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. Malwarebytes Anti-Malware 1.60.1.1000 w*w.malwarebytes.org Datenbank Version: v2012.02.16.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 *** :: ***-THINK [Administrator] 16.02.2012 19:38:34 mbam-log-2012-02-16 (21-19-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345850 Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mssend (Trojan.Ransom) -> Daten: "C:\Windows\system32\config\systemprofile\AppData\Roaming\xrlmmptiwlme1sjvamhf3xc1qxsvyupx2\svcnost.exe" -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\System32\config\systemprofile\AppData\Roaming\xrlmmptiwlme1sjvamhf3xc1qxsvyupx2\svcnost.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Windows\System32\config\systemprofile\AppData\Roaming\xryuhxurcxnwua3nrbe1oywxfkpnw1ja2\svcnost.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\xrlmmptiwlme1sjvamhf3xc1qxsvyupx2\svcnost.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\xryuhxurcxnwua3nrbe1oywxfkpnw1ja2\svcnost.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. (Ende) |
|
17.02.2012, 11:10
| #9 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. hast du die funde entfernen lassen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 11:59
| #10 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. Ja. Habe nochmal Malwarebytes drüber laufen lassen. Keine Meldung, Werbung ist jedoch weiterhin zu hören. |
|
17.02.2012, 12:02
| #11 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. mbrcheck: http://ad13.geekstogo.com/MBRCheck.exe doppelklicken, laufen lassen, log sollte als mbrcheck-datum.txt auf dem desktop liegen, inhalt posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 12:09
| #12 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 03192CG Logical Drives Mask: 0x0001002c Kernel Drivers (total 201): 0x02E05000 \SystemRoot\system32\ntoskrnl.exe 0x033D9000 \SystemRoot\system32\hal.dll 0x00BAE000 \SystemRoot\system32\kdcom.dll 0x00CAA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CEE000 \SystemRoot\system32\PSHED.dll 0x00D02000 \SystemRoot\system32\CLFS.SYS 0x00E03000 \SystemRoot\system32\CI.dll 0x00EC3000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F67000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F76000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FCD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FD6000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00D60000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FE0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00D93000 \SystemRoot\System32\drivers\partmgr.sys 0x00FED000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00DA8000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00DB4000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys 0x01059000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x01261000 \SystemRoot\system32\DRIVERS\atapi.sys 0x0126A000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01294000 \SystemRoot\system32\DRIVERS\msahci.sys 0x0129F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x012AF000 \SystemRoot\system32\drivers\amdxata.sys 0x012BA000 \SystemRoot\system32\drivers\fltmgr.sys 0x01306000 \SystemRoot\system32\drivers\fileinfo.sys 0x0143D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0131A000 \SystemRoot\System32\Drivers\msrpc.sys 0x015DF000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01378000 \SystemRoot\System32\Drivers\cng.sys 0x01400000 \SystemRoot\System32\drivers\pcw.sys 0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016A7000 \SystemRoot\system32\drivers\ndis.sys 0x01799000 \SystemRoot\system32\drivers\NETIO.SYS 0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01675000 \SystemRoot\System32\DRIVERS\ApsHM64.sys 0x0167F000 \SystemRoot\System32\Drivers\spldr.sys 0x01AFD000 \SystemRoot\System32\drivers\rdyboost.sys 0x01B37000 \SystemRoot\System32\DRIVERS\Apsx64.sys 0x01B5D000 \SystemRoot\System32\Drivers\mup.sys 0x01B6F000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01B78000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01BB2000 \SystemRoot\system32\DRIVERS\disk.sys 0x01BC8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0423F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x04269000 \SystemRoot\System32\Drivers\Null.SYS 0x04272000 \SystemRoot\System32\Drivers\Beep.SYS 0x04279000 \SystemRoot\System32\drivers\vga.sys 0x04287000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x042AC000 \SystemRoot\System32\drivers\watchdog.sys 0x042BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x042C5000 \SystemRoot\system32\drivers\rdpencdd.sys 0x042CE000 \SystemRoot\system32\drivers\rdprefmp.sys 0x042D7000 \SystemRoot\System32\Drivers\Msfs.SYS 0x042E2000 \SystemRoot\System32\Drivers\Npfs.SYS 0x042F3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x04311000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0431E000 \SystemRoot\system32\drivers\afd.sys 0x043A7000 \SystemRoot\System32\DRIVERS\netbt.sys 0x043EC000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x043F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x01A0E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04000000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x01A34000 \SystemRoot\system32\DRIVERS\netbios.sys 0x01A43000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04016000 \SystemRoot\System32\drivers\Tppwr64v.sys 0x01A5E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x01A72000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x01A7C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x01A86000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x01AD7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x01AE3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x0401D000 \SystemRoot\system32\DRIVERS\smiifx64.sys 0x01AEE000 \SystemRoot\System32\drivers\discache.sys 0x01687000 \SystemRoot\System32\Drivers\dfsc.sys 0x0141B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x0142C000 \SystemRoot\system32\DRIVERS\avkmgr.sys 0x00C76000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x00DC9000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04A19000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x02ECB000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02E00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x02E46000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x02E57000 \SystemRoot\system32\drivers\usbehci.sys 0x02E68000 \SystemRoot\system32\drivers\USBPORT.SYS 0x02FBF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x0446F000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys 0x045E3000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04400000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x05424000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x05467000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x05485000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x05494000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x054FA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x054FC000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0550B000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x05518000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x05525000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x0554C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x05562000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x05567000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x05570000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x05580000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x05596000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x055BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x055C6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x05400000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0443E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x02FE3000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0445F000 \SystemRoot\system32\DRIVERS\psadd.sys 0x0541B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x058BA000 \SystemRoot\system32\DRIVERS\ks.sys 0x058FD000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0590F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x05969000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x060F2000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x0633F000 \SystemRoot\system32\drivers\portcls.sys 0x0637C000 \SystemRoot\system32\drivers\drmk.sys 0x0639E000 \SystemRoot\system32\drivers\ksthunk.sys 0x063A4000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x000C0000 \SystemRoot\System32\win32k.sys 0x0603B000 \SystemRoot\System32\drivers\Dxapi.sys 0x06085000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005A0000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x06093000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x060B0000 \SystemRoot\system32\DRIVERS\5U877.sys 0x060D9000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x06047000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x0597E000 \SystemRoot\system32\drivers\luafv.sys 0x06064000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x059A1000 \SystemRoot\system32\drivers\WudfPf.sys 0x063EB000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04024000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x059C2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06000000 \SystemRoot\system32\DRIVERS\mafw.sys 0x059D5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x05800000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05853000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x05866000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x060EA000 \SystemRoot\system32\DRIVERS\TurboB.sys 0x02A2C000 \SystemRoot\system32\drivers\HTTP.sys 0x02AF4000 \SystemRoot\system32\DRIVERS\bowser.sys 0x02B12000 \SystemRoot\System32\drivers\mpsdrv.sys 0x02B2A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x02B57000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x02BA5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x08CD3000 \SystemRoot\system32\drivers\peauth.sys 0x08D79000 \SystemRoot\System32\Drivers\secdrv.SYS 0x08D84000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x08DB1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08C00000 \SystemRoot\System32\DRIVERS\srv2.sys 0x092DB000 \SystemRoot\System32\DRIVERS\srv.sys 0x093E5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x09200000 \SystemRoot\System32\Drivers\fastfat.SYS 0x09236000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x77590000 \Windows\System32\ntdll.dll 0x475E0000 \Windows\System32\smss.exe 0xFF8B0000 \Windows\System32\apisetschema.dll 0xFFE10000 \Windows\System32\autochk.exe 0xFF830000 \Windows\System32\gdi32.dll 0xFF790000 \Windows\System32\clbcatq.dll 0xFF770000 \Windows\System32\imagehlp.dll 0xFF690000 \Windows\System32\advapi32.dll 0xFF480000 \Windows\System32\ole32.dll 0xFF3B0000 \Windows\System32\usp10.dll 0xFF360000 \Windows\System32\Wldap32.dll 0x77760000 \Windows\System32\psapi.dll 0xFF350000 \Windows\System32\nsi.dll 0x77750000 \Windows\System32\normaliz.dll 0xFF2D0000 \Windows\System32\shlwapi.dll 0xFE540000 \Windows\System32\shell32.dll 0xFE4C0000 \Windows\System32\difxapi.dll 0x77490000 \Windows\System32\user32.dll 0xFE490000 \Windows\System32\imm32.dll 0xFE2B0000 \Windows\System32\setupapi.dll 0x77370000 \Windows\System32\kernel32.dll 0xFE1A0000 \Windows\System32\msctf.dll 0xFDF40000 \Windows\System32\iertutil.dll 0xFDF20000 \Windows\System32\sechost.dll 0xFDDF0000 \Windows\System32\wininet.dll 0xFDD50000 \Windows\System32\comdlg32.dll 0xFDBD0000 \Windows\System32\urlmon.dll 0xFDB80000 \Windows\System32\ws2_32.dll 0xFDB70000 \Windows\System32\lpk.dll 0xFDAD0000 \Windows\System32\msvcrt.dll 0xFD9F0000 \Windows\System32\oleaut32.dll 0xFD8C0000 \Windows\System32\rpcrt4.dll 0xFD880000 \Windows\System32\cfgmgr32.dll 0xFD840000 \Windows\System32\wintrust.dll 0xFD7D0000 \Windows\System32\KernelBase.dll 0xFD7B0000 \Windows\System32\devobj.dll 0xFD710000 \Windows\System32\comctl32.dll 0xFD5A0000 \Windows\System32\crypt32.dll 0xFD590000 \Windows\System32\msasn1.dll 0x76040000 \Windows\SysWOW64\normaliz.dll Processes (total 92): 0 System Idle Process 4 System 352 C:\Windows\System32\smss.exe 504 csrss.exe 576 C:\Windows\System32\wininit.exe 604 csrss.exe 636 C:\Windows\System32\services.exe 668 C:\Windows\System32\lsass.exe 676 C:\Windows\System32\lsm.exe 776 C:\Windows\System32\svchost.exe 844 C:\Windows\System32\winlogon.exe 888 C:\Windows\System32\ibmpmsvc.exe 944 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 368 C:\Windows\System32\svchost.exe 548 C:\Windows\System32\svchost.exe 724 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\spoolsv.exe 1284 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1460 C:\Windows\System32\svchost.exe 1580 C:\Program Files\Lenovo\HOTKEY\tphkload.exe 1604 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 1636 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1656 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 1752 C:\Windows\Temp\mrt52E0.tmp\stdrt.exe 1936 C:\Windows\System32\taskhost.exe 1952 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe 1964 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe 1060 C:\Windows\System32\dwm.exe 1400 C:\Windows\explorer.exe 1392 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe 2108 C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe 2156 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2176 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2208 C:\Program Files\Bonjour\mDNSResponder.exe 2260 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 2328 C:\Program Files\Lenovo\Communications Utility\CamMute.exe 2352 C:\Program Files\Lenovo\HOTKEY\micmute.exe 2372 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 2408 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe 2428 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 2548 C:\Windows\System32\svchost.exe 2560 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe 2628 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 3044 C:\Windows\System32\TpShocks.exe 2076 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe 1908 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1896 C:\Windows\System32\hkcmd.exe 1632 C:\Windows\System32\igfxpers.exe 288 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2500 C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe 2592 C:\Windows\System32\igfxsrvc.exe 3088 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 3108 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe 3144 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe 3332 C:\Windows\SysWOW64\rundll32.exe 3352 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 3420 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 3464 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe 3480 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3516 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3528 C:\Windows\SysWOW64\MAFWTray.exe 3540 C:\Windows\System32\rundll32.exe 3608 C:\Program Files (x86)\Winamp\winampa.exe 3700 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 3892 C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.EXE 3908 C:\Windows\System32\igfxext.exe 3616 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 3624 C:\Windows\System32\conhost.exe 1352 C:\Program Files\iPod\bin\iPodService.exe 3560 C:\Windows\System32\SearchIndexer.exe 4272 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4588 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe 4956 C:\Windows\System32\svchost.exe 972 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 1884 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 4292 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 4184 C:\Program Files (x86)\Lenovo\System Update\SUService.exe 184 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe 3692 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 5032 WUDFHost.exe 5832 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 900 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 3016 C:\Windows\System32\audiodg.exe 4460 C:\Windows\System32\SearchProtocolHost.exe 1804 C:\Windows\System32\SearchFilterHost.exe 1616 C:\Windows\System32\svchost.exe 5996 dllhost.exe 5588 dllhost.exe 3184 C:\Users\***\Desktop\MBRCheck.exe 5516 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`e0700000 (NTFS) PhysicalDrive0 Model Number: ST9500325AS, Rev: 0020LVM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 1F0C3D1BE66EF666E417FB313F57CAF18DF4BA3D Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
17.02.2012, 12:45
| #13 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. ok, drücke jetzt y for more options, enter 1 um den mbr dump zu erstellen. 0 für die festplatte. jetzt vergib einen dateinamen und drücke enter. die datei sollte im selben verzeichniss erstellt werden, in der sich mbrcheck befindet. lade sie hier hoch: Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 14:22
| #14 |
| | Werbung läuft als Audio im Hintergrund, obwohl alles aus. So, habe es eben hochgeladen. Wusste nicht welche Dateiendungen, die Datei haben sollte. Editor hat nur kryptische Zeichen angezeigt. |
|
17.02.2012, 16:21
| #15 |
| /// Malware-holic | Werbung läuft als Audio im Hintergrund, obwohl alles aus. ok, starte mbrcheck und drücke dann wieder y wähle dann 2 dann die nummer der festplatte, meist 0 dann 0 Default (Windows 7) bzw [ 5] Windows 7 Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: drücke also y und drücke enter dann neustarten, mbrcheck noch mal laufen lassen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Werbung läuft als Audio im Hintergrund, obwohl alles aus. |
| adobe, antivir, askbar, avira, bildschirm, bonjour, defender, desktop, firefox, home, lenovo, monitor, mozilla, mp3, notification, plug-in, pwmtr64v.dll, realtek, rundll, scan, security, security scan, software, superantispyware, svchost.exe, system, updates, usb, vista, werbung, windows, windows 7 home, windows 7 home premium |
Linear-Darstellung
