| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC stürzt nach erfolgreichem Virenscan ständig abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2012, 09:26
| #1 |
 |  PC stürzt nach erfolgreichem Virenscan ständig ab Hallo zusammen ich bin neu auf dem Board,  also ich hab mir nen wunderbaren Trojaner eingefangen mit Namen "TR/ATRAPS.Gen". Mein Desktop war komplett schwarz, auch dass Startmenü war komplett weg und nicht reaktivierbar (konnte aber mir Windowstatse + E auf alle Daten zugreifen, auch ins Netz gehen etc). Und der PC stürzte beim Virenscan ab, also hab ich offline im abgesicherten Modus mit Spybot und Antivir überprüft und folgenden Fund gehabt : Fund + Objekt: TR/ATRAPS.Gen (TMKEmu.dll) TR/ATRAPS.Gen (sparrow.dll) TR/ATRAPS.Gen2 (consrv.dll) TR/ATRAPS.Gen (autostore.dll) TR/ATRAPS.Gen2 (80000064@) TR/ATRAPS.Gen2 (80000032@) Ich hab oben genannte Dateien restlos gelöscht, und jetzt das aktuelle Problem. Ich hab meinen Rechner neugestartet und kurz nach dem Windowsbildschirm stürzt er ab und alles geht von vorne los. Auch im abgesicherten Modus stürzt er ab und startet sofort wieder neu. Kann mir jemand helfen ? |
|
19.04.2012, 09:56
| #2 |
| /// Malwareteam    |  PC stürzt nach erfolgreichem Virenscan ständig ab Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Um welches Betriebssystem handelt es sich? auch angeben, ob 32- oder 64bit!
__________________ |
|
19.04.2012, 10:01
| #3 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab Hallo Marius, danke für Deinen schnellen Einsatz !
__________________Ich nutze Windows 7 in der 64bit Version. |
|
19.04.2012, 10:03
| #4 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab FRST64 Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.04.2012, 11:21
| #5 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab Brauche ich definitiv die Windows CD/DVD dafür oder reicht es "nur" das Tool über den Boot Manager laufen zu lassen ? Ich frag lieber, bevor ich hier was blind mache.  |
|
19.04.2012, 12:21
| #6 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Es reicht, wenn du den Bootmanager nimmst . Das mit der Boot-CD/-DVD ist nur eine Alternative, falls ersteres nicht funzt! 
__________________ --> PC stürzt nach erfolgreichem Virenscan ständig ab |
|
19.04.2012, 18:55
| #7 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab So ich habs alles so wie beschrieben gemacht, vielen Dank es ging supi. Einen schönen Abend Marius ! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 18-04-2012 01
Ran by SYSTEM at 19-04-2012 16:02:39
Running from G:\
Windows 7 Professional (X64) OS Language: German Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKU\Ullby\...\Policies\system: [DisableRegedit] 1
HKU\Ullby\...\Winlogon: [Shell] C:\Users\Ullby\AppData\Roaming\gema\gema.exe,Explorer.exe,
HKLM-x32\...\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKLM\...\Winlogon: [Shell] C:\Windows\Temp\qavmpw\setup.exe [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CEF2B0CE-5603-4E6D-BB42-C7CAF0FB67C4}: [NameServer]192.168.1.1
SubSystems: [Windows] ==> ZeroAccess
==================== Services (Whitelisted) ======
4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
4 AMD FUEL Service; C:\Users\Ullby\Desktop\ATI.ACE\Fuel\Fuel.Service.exe /launchService [361984 2012-02-14] (Advanced Micro Devices, Inc.)
4 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-05-01] (Avira GmbH)
4 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-06-30] (Avira GmbH)
4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
4 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] ()
2 pctoolsfirewallplus; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 pctoolsfirewallplus; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-09] ()
2 deltafw; C:\Windows\System32\sparrow.dll [x]
========================== Drivers (Whitelisted) =============
2 AODDriver4.1; \??\C:\Users\Ullby\Desktop\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-06-30] (Avira GmbH)
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-11] (Duplex Secure Ltd.)
3 AODDriver4.0; \??\c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
2 AODDriver4.01; \??\c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: deltafw
NETSVC: igfx
============ One Month Created Files and Folders ==============
2012-04-19 16:02 - 2012-03-19 22:34 - 0000000 ____D C:\FRST
2012-04-17 19:12 - 2009-07-14 02:39 - 6402668 ____A C:\Windows\ntbtlog.txt
2012-04-17 19:01 - 2009-07-14 05:45 - 0000392 ____A C:\Windows\setupact.log
2012-04-15 13:43 - 2011-04-22 11:33 - 9984087 ____A C:\Users\Ullby\Desktop\Zelda Medley.mp3
2012-04-15 13:40 - 2011-05-27 14:52 - 9419872 ____A C:\Users\Ullby\Desktop\Shadows- Lindsey Stirling.mp3
2012-04-15 13:37 - 2010-12-11 10:14 - 6385148 ____A C:\Users\Ullby\Desktop\Epic Violin Girl - Lindsey Stirling.mp3
2012-04-14 01:19 - 2009-07-14 02:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-14 01:18 - 2012-04-18 21:23 - 0000000 ____D C:\Windows\system64
2012-04-09 21:00 - 2012-04-10 15:30 - 2709215 ____A C:\Users\Ullby\Desktop\Dale Schacker - Colt (Saber Rider and the Star Sheriffs OST).mp3
2012-04-09 19:17 - 2011-11-04 15:25 - 3870984 ____A C:\Users\Ullby\Downloads\battlelog-web-plugins-1.118.0-retail-prod.exe
2012-04-09 19:14 - 2011-10-27 15:25 - 0000000 ____D C:\Users\All Users\EA Logs
2012-04-09 19:14 - 2011-10-27 15:25 - 0000000 ____D C:\ProgramData\EA Logs
2012-04-04 15:20 - 2012-04-13 23:27 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-04 15:15 - 2011-07-22 20:02 - 0000000 ____D C:\Users\Ullby\Desktop\Neuer Ordner
2012-04-04 06:45 - 2009-07-14 02:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-04 06:45 - - 0000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-24 18:59 - 2009-07-14 06:08 - 0000000 ____D C:\Users\All Users\ATI
2012-03-24 18:59 - 2009-07-14 06:08 - 0000000 ____D C:\ProgramData\ATI
============ 3 Months Modified Files and Folders =============
2012-04-18 21:35 - 2010-12-11 10:06 - 3220578304 __ASH C:\hiberfil.sys
2012-04-18 21:28 - 2012-04-17 19:12 - 6402668 ____A C:\Windows\ntbtlog.txt
2012-04-18 15:26 - 2012-04-14 01:19 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-18 15:26 - 2010-12-11 10:14 - 0000000 ____D C:\users\Ullby
2012-04-18 15:23 - 2012-04-17 19:01 - 0000392 ____A C:\Windows\setupact.log
2012-04-18 15:23 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-18 15:22 - 2010-12-16 12:24 - 0028374 ____A C:\Windows\PFRO.log
2012-04-18 15:21 - 2010-12-11 10:09 - 1569981 ____A C:\Windows\WindowsUpdate.log
2012-04-18 15:15 - 2009-07-14 05:45 - 0014080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-18 15:15 - 2009-07-14 05:45 - 0014080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-17 21:27 - 2012-04-04 06:45 - 0000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-17 19:29 - 2011-07-26 14:45 - 0000000 ____D C:\Users\Ullby\AppData\Roaming\QuickScan
2012-04-17 18:00 - 2010-12-22 18:42 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-04-17 18:00 - 2010-12-22 15:45 - 0283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-04-17 18:00 - 2010-12-22 15:45 - 0280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-04-15 13:43 - 2012-04-15 13:43 - 9984087 ____A C:\Users\Ullby\Desktop\Zelda Medley.mp3
2012-04-15 13:40 - 2012-04-15 13:40 - 9419872 ____A C:\Users\Ullby\Desktop\Shadows- Lindsey Stirling.mp3
2012-04-15 13:37 - 2012-04-15 13:37 - 6385148 ____A C:\Users\Ullby\Desktop\Epic Violin Girl - Lindsey Stirling.mp3
2012-04-14 01:18 - 2012-04-14 01:18 - 0000000 ____D C:\Windows\system64
2012-04-13 23:27 - 2012-04-04 15:20 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 23:27 - 2012-04-04 06:45 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 23:27 - 2011-05-18 15:34 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 14:44 - 2009-07-14 06:08 - 0032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-10 21:36 - 2011-10-27 17:02 - 0000000 ____D C:\Program Files\FireFox
2012-04-10 15:31 - 2010-12-26 22:03 - 0001437 ____A C:\Users\Ullby\Desktop\Neues Textdokument.txt
2012-04-10 15:30 - 2011-05-27 15:19 - 0000000 ____D C:\Users\Ullby\Desktop\BL Hochzeit
2012-04-09 21:09 - 2012-04-09 19:14 - 0000000 ____D C:\Users\All Users\EA Logs
2012-04-09 21:09 - 2012-04-09 19:14 - 0000000 ____D C:\ProgramData\EA Logs
2012-04-09 21:00 - 2012-04-09 21:00 - 2709215 ____A C:\Users\Ullby\Desktop\Dale Schacker - Colt (Saber Rider and the Star Sheriffs OST).mp3
2012-04-09 19:24 - 2010-12-22 15:45 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-09 19:18 - 2011-10-27 15:28 - 0000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-04-09 19:17 - 2012-04-09 19:17 - 3870984 ____A C:\Users\Ullby\Downloads\battlelog-web-plugins-1.118.0-retail-prod.exe
2012-04-04 15:19 - 2009-07-14 18:58 - 0643628 ____A C:\Windows\System32\perfh007.dat
2012-04-04 15:19 - 2009-07-14 18:58 - 0126188 ____A C:\Windows\System32\perfc007.dat
2012-04-04 15:19 - 2009-07-14 06:13 - 1472002 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-04 15:18 - 2012-04-04 15:15 - 0000000 ____D C:\Users\Ullby\Desktop\Neuer Ordner
2012-04-04 15:17 - 2010-12-11 11:39 - 0000000 ____D C:\Users\Ullby\AppData\Roaming\ICQ
2012-04-04 06:46 - 2011-05-25 16:51 - 0000000 ____D C:\Users\Ullby\AppData\Roaming\Apple Computer
2012-03-27 20:02 - 2010-12-11 10:35 - 0000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-03-24 18:59 - 2012-03-24 18:59 - 0000000 ____D C:\Users\All Users\ATI
2012-03-24 18:59 - 2012-03-24 18:59 - 0000000 ____D C:\ProgramData\ATI
2012-03-24 18:59 - 2012-03-10 12:10 - 0000000 ____D C:\Users\Ullby\Desktop\ATI.ACE
2012-03-24 18:59 - 2011-12-17 12:06 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-03-19 22:34 - 2012-03-19 22:34 - 0000000 __SHD C:\found.001
2012-03-19 22:20 - 2009-07-14 03:34 - 0000460 ____A C:\Windows\win.ini
2012-03-10 12:12 - 2012-03-10 12:12 - 0000000 ____D C:\Program Files\AMD
2012-03-10 12:12 - 2012-03-10 12:12 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-10 12:12 - 2012-03-10 12:12 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-10 12:12 - 2011-03-27 19:12 - 0000000 ____D C:\Users\All Users\AMD
2012-03-10 12:12 - 2011-03-27 19:12 - 0000000 ____D C:\ProgramData\AMD
2012-03-10 12:11 - 2011-12-17 12:06 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-09 22:51 - 2011-07-22 17:44 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2012-03-09 22:50 - 2012-03-09 22:50 - 0001570 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-09 22:50 - 2012-03-09 22:50 - 0000000 ____D C:\Program Files\iTunes
2012-03-09 22:50 - 2012-03-09 22:50 - 0000000 ____D C:\Program Files\iPod
2012-03-08 15:47 - 2011-10-26 15:14 - 0002146 ____A C:\Windows\KB893803v2.log
2012-03-02 22:29 - 2011-09-11 18:32 - 0001742 ____A C:\Users\Ullby\Desktop\REGELN - MY way of life.txt
2012-03-02 17:23 - 2011-10-07 22:41 - 0000000 ____D C:\Users\Ullby\Documents\Vindictus EU
2012-02-28 22:29 - 2012-02-06 20:02 - 0000643 ____A C:\Users\Ullby\Desktop\Melina.txt
2012-02-15 11:01 - 2012-02-15 11:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 11:01 - 2012-02-15 11:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-14 22:05 - 2012-02-14 22:05 - 16507904 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-02-14 22:05 - 2012-02-14 22:05 - 0069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-02-14 22:05 - 2012-02-14 22:05 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-02-14 22:05 - 2012-02-14 22:05 - 0059904 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-02-14 22:05 - 2012-02-14 22:05 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-02-14 22:04 - 2012-02-14 22:04 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-02-14 22:03 - 2012-02-14 22:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 22:03 - 2012-02-14 22:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-10 22:10 - 2012-02-10 22:10 - 0092701 ____A C:\Users\Ullby\Desktop\430413_241429582606816_100002193282335_532887_624589241_n.jpg
2012-02-10 15:36 - 2012-02-10 15:36 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-02-10 15:34 - 2011-05-25 16:49 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-02-09 22:51 - 2012-02-04 00:42 - 0000180 ____A C:\Users\Ullby\Desktop\Neues Textdokument (2).txt
2012-02-04 18:41 - 2012-02-04 18:41 - 0000000 ____D C:\Program Files\Bonjour
2012-02-04 18:41 - 2012-02-04 18:41 - 0000000 ____D C:\Program Files (x86)\Bonjour
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2009-07-14 00:41] - [2009-07-14 02:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4095.18 MB
Available physical RAM: 3501.7 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3488.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:186.21 GB) (Free:0.93 GB) NTFS
4 Drive f: (Volume) (Fixed) (Total:298.09 GB) (Free:14.27 GB) NTFS
5 Drive g: () (Removable) (Total:0.93 GB) (Free:0.08 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 186 GB 0 B
Datentr„ger 1 Online 298 GB 1024 KB
Datentr„ger 2 Online 957 MB 0 B
Partitions of Disk 0:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 100 MB 1024 KB
Partition 2 Prim„r 186 GB 101 MB
======================================================================================================
Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System-rese NTFS Partition 100 MB Fehlerfre
======================================================================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 186 GB Fehlerfre
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 298 GB 31 KB
======================================================================================================
Disk: 1
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Volume NTFS Partition 298 GB Fehlerfre
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 957 MB 80 KB
======================================================================================================
Disk: 2
Partition 1
Typ : 0E
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Wechselmed 957 MB Fehlerfre
======================================================================================================
==========================================================
Last Boot: 2012-04-09 17:19
======================= End Of Log ==========================
|
|
20.04.2012, 07:28
| #8 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Du hast das ZeroAccess-Rootkit auf dem Rechner - dessen Entfernung könnte ein wenig holprig werden! Werden nur seine Dateien entfernt, stürzt Windows beim Start unweigerlich ab, wie dir ja aufgefallen ist. Schritt 1: Fix mit FRST64 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Ullby\...\Policies\system: [DisableRegedit] 1
HKU\Ullby\...\Winlogon: [Shell] C:\Users\Ullby\AppData\Roaming\gema\gema.exe,Explorer.exe,
HKLM\...\Winlogon: [Shell] C:\Windows\Temp\qavmpw\setup.exe [x ] ()
SubSystems: [Windows] ==> ZeroAccess
C:\Users\Ullby\AppData\Roaming\gema\gema.exe
C:\Windows\Temp\qavmpw\setup.exe
Der Rechner sollte nun wieder normal starten. Schritt 2: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 4: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 5: DDS Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
20.04.2012, 12:45
| #9 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab Wo genau soll ich Windows Taste + R drücken ? Hätte gedacht nach der "Computer reparieren" wahl. So hier die Daten aus dem Fixlog und ein schönes Wochenende !  Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-04-2012
Ran by SYSTEM at 2012-04-20 15:21:24 R:1
Running from G:\
==============================================
HKEY_USERS\Ullby\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegedit Value deleted successfully.
HKEY_USERS\Ullby\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\Ullby\AppData\Roaming\gema\gema.exe not found.
C:\Windows\Temp\qavmpw\setup.exe not found.
==== End of Fixlog ====
Die rechte Maustaste wird nicht erkannt, weder auf dem Desktop noch in einem der Ordner außer in Textdokumenten. Sie funktioniert aber auf jeder I-Net Seite. Kann ich defogger etc dann einfach normal starten ? |
|
21.04.2012, 11:10
| #10 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Führe die anderen Schritte noch aus - dein Rechner ist noch lange nicht clean!! Der defogger kann und wird das Problem nicht lösen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.04.2012, 13:36
| #11 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab So Marius hier die Daten aus allen Programmen :Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:51 on 21/04/2012 (Ullby)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter 13:56:20.0515 0872 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
13:56:31.0455 0872 Perform update action was selected
13:56:31.0457 2260 Deinitialize success
Code:
ATTFilter 13:56:39.0022 0632 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
13:56:40.0436 0632 ============================================================
13:56:40.0436 0632 Current date / time: 2012/04/21 13:56:40.0436
13:56:40.0436 0632 SystemInfo:
13:56:40.0436 0632
13:56:40.0436 0632 OS Version: 6.1.7600 ServicePack: 0.0
13:56:40.0436 0632 Product type: Workstation
13:56:40.0436 0632 ComputerName: ULLBY-PC
13:56:40.0436 0632 UserName: Ullby
13:56:40.0436 0632 Windows directory: C:\Windows
13:56:40.0436 0632 System windows directory: C:\Windows
13:56:40.0436 0632 Running under WOW64
13:56:40.0436 0632 Processor architecture: Intel x64
13:56:40.0436 0632 Number of processors: 4
13:56:40.0436 0632 Page size: 0x1000
13:56:40.0436 0632 Boot type: Normal boot
13:56:40.0436 0632 ============================================================
13:56:42.0299 0632 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:56:42.0306 0632 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:56:42.0670 0632 \Device\Harddisk0\DR0:
13:56:42.0670 0632 MBR partitions:
13:56:42.0670 0632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:56:42.0671 0632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
13:56:42.0671 0632 \Device\Harddisk1\DR1:
13:56:42.0672 0632 MBR partitions:
13:56:42.0672 0632 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
13:56:42.0705 0632 C: <-> \Device\Harddisk0\DR0\Partition1
13:56:42.0775 0632 E: <-> \Device\Harddisk1\DR1\Partition0
13:56:42.0775 0632 Initialize success
13:56:42.0775 0632 ============================================================
13:56:58.0425 2396 ============================================================
13:56:58.0425 2396 Scan started
13:56:58.0425 2396 Mode: Manual;
13:56:58.0425 2396 ============================================================
13:57:20.0833 2396 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:57:20.0852 2396 1394ohci - ok
13:57:20.0973 2396 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:57:20.0979 2396 ACPI - ok
13:57:21.0013 2396 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:57:21.0014 2396 AcpiPmi - ok
13:57:21.0174 2396 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:57:21.0179 2396 AdobeFlashPlayerUpdateSvc - ok
13:57:21.0241 2396 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:21.0250 2396 adp94xx - ok
13:57:21.0294 2396 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:57:21.0300 2396 adpahci - ok
13:57:21.0331 2396 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:57:21.0334 2396 adpu320 - ok
13:57:21.0397 2396 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:57:21.0399 2396 AeLookupSvc - ok
13:57:21.0447 2396 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:57:21.0456 2396 AFD - ok
13:57:21.0488 2396 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:57:21.0490 2396 agp440 - ok
13:57:21.0523 2396 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:57:21.0526 2396 ALG - ok
13:57:21.0625 2396 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:57:21.0638 2396 aliide - ok
13:57:21.0709 2396 AMD External Events Utility (0bde3222789749571c3d706f0181203d) C:\Windows\system32\atiesrxx.exe
13:57:21.0713 2396 AMD External Events Utility - ok
13:57:21.0812 2396 AMD FUEL Service - ok
13:57:21.0835 2396 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:57:21.0837 2396 amdide - ok
13:57:21.0895 2396 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:57:21.0895 2396 amdiox64 - ok
13:57:21.0935 2396 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:57:21.0937 2396 AmdK8 - ok
13:57:22.0209 2396 amdkmdag (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:22.0420 2396 amdkmdag - ok
13:57:22.0529 2396 amdkmdap (adb8ee976ce4a47c54d39f2581593c03) C:\Windows\system32\DRIVERS\atikmpag.sys
13:57:22.0531 2396 amdkmdap - ok
13:57:22.0573 2396 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:57:22.0574 2396 AmdPPM - ok
13:57:22.0611 2396 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:57:22.0613 2396 amdsata - ok
13:57:22.0653 2396 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:22.0657 2396 amdsbs - ok
13:57:22.0684 2396 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:57:22.0684 2396 amdxata - ok
13:57:22.0751 2396 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:57:22.0755 2396 AntiVirSchedulerService - ok
13:57:22.0783 2396 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:57:22.0788 2396 AntiVirService - ok
13:57:22.0840 2396 AODDriver4.0 - ok
13:57:22.0876 2396 AODDriver4.01 - ok
13:57:23.0026 2396 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Users\Ullby\Desktop\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:57:23.0026 2396 AODDriver4.1 - ok
13:57:23.0156 2396 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:57:23.0164 2396 AppID - ok
13:57:23.0244 2396 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:57:23.0246 2396 AppIDSvc - ok
13:57:23.0291 2396 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:57:23.0292 2396 Appinfo - ok
13:57:23.0465 2396 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:57:23.0468 2396 Apple Mobile Device - ok
13:57:23.0525 2396 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:57:23.0529 2396 AppMgmt - ok
13:57:23.0567 2396 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:57:23.0569 2396 arc - ok
13:57:23.0597 2396 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:57:23.0599 2396 arcsas - ok
13:57:23.0636 2396 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:23.0637 2396 AsyncMac - ok
13:57:23.0655 2396 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:57:23.0656 2396 atapi - ok
13:57:23.0783 2396 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
13:57:23.0784 2396 AtiHDAudioService - ok
13:57:24.0282 2396 atikmdag (75bbd04f450ce109031a215fd4ec667a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:24.0342 2396 atikmdag - ok
13:57:24.0434 2396 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:57:24.0447 2396 AudioEndpointBuilder - ok
13:57:24.0462 2396 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:57:24.0467 2396 AudioSrv - ok
13:57:24.0527 2396 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
13:57:24.0528 2396 avipbb - ok
13:57:24.0567 2396 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:57:24.0570 2396 AxInstSV - ok
13:57:24.0621 2396 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:57:24.0629 2396 b06bdrv - ok
13:57:24.0686 2396 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:24.0691 2396 b57nd60a - ok
13:57:24.0727 2396 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:57:24.0730 2396 BDESVC - ok
13:57:24.0755 2396 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:24.0755 2396 Beep - ok
13:57:24.0806 2396 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
13:57:24.0823 2396 BITS - ok
13:57:24.0854 2396 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:24.0855 2396 blbdrive - ok
13:57:24.0961 2396 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:57:24.0970 2396 Bonjour Service - ok
13:57:25.0002 2396 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:57:25.0004 2396 bowser - ok
13:57:25.0036 2396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:25.0038 2396 BrFiltLo - ok
13:57:25.0060 2396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:25.0062 2396 BrFiltUp - ok
13:57:25.0084 2396 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:57:25.0087 2396 Browser - ok
13:57:25.0156 2396 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:25.0181 2396 Brserid - ok
13:57:25.0226 2396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:25.0227 2396 BrSerWdm - ok
13:57:25.0247 2396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:25.0248 2396 BrUsbMdm - ok
13:57:25.0287 2396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:25.0289 2396 BrUsbSer - ok
13:57:25.0324 2396 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:25.0326 2396 BTHMODEM - ok
13:57:25.0372 2396 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:57:25.0374 2396 bthserv - ok
13:57:25.0412 2396 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:25.0414 2396 cdfs - ok
13:57:25.0452 2396 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:57:25.0455 2396 cdrom - ok
13:57:25.0486 2396 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:57:25.0489 2396 CertPropSvc - ok
13:57:25.0514 2396 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:57:25.0516 2396 circlass - ok
13:57:25.0547 2396 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:25.0554 2396 CLFS - ok
13:57:25.0612 2396 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:25.0617 2396 clr_optimization_v2.0.50727_32 - ok
13:57:25.0661 2396 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:57:25.0665 2396 clr_optimization_v2.0.50727_64 - ok
13:57:25.0700 2396 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:25.0701 2396 CmBatt - ok
13:57:25.0724 2396 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:57:25.0725 2396 cmdide - ok
13:57:25.0760 2396 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:57:25.0767 2396 CNG - ok
13:57:25.0781 2396 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:25.0782 2396 Compbatt - ok
13:57:25.0813 2396 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:57:25.0814 2396 CompositeBus - ok
13:57:25.0826 2396 COMSysApp - ok
13:57:25.0850 2396 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:25.0851 2396 crcdisk - ok
13:57:25.0885 2396 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:57:25.0889 2396 CryptSvc - ok
13:57:25.0931 2396 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:57:25.0941 2396 CSC - ok
13:57:26.0005 2396 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
13:57:26.0020 2396 CscService - ok
13:57:26.0131 2396 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:57:26.0144 2396 DcomLaunch - ok
13:57:26.0206 2396 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:57:26.0211 2396 defragsvc - ok
13:57:26.0222 2396 deltafw - ok
13:57:26.0272 2396 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:57:26.0274 2396 DfsC - ok
13:57:26.0321 2396 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:57:26.0327 2396 Dhcp - ok
13:57:26.0349 2396 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:26.0351 2396 discache - ok
13:57:26.0386 2396 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:57:26.0387 2396 Disk - ok
13:57:26.0410 2396 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
13:57:26.0414 2396 Dnscache - ok
13:57:26.0439 2396 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:57:26.0445 2396 dot3svc - ok
13:57:26.0465 2396 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:57:26.0468 2396 DPS - ok
13:57:26.0507 2396 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:26.0509 2396 drmkaud - ok
13:57:26.0636 2396 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:26.0654 2396 DXGKrnl - ok
13:57:26.0724 2396 EagleX64 - ok
13:57:26.0751 2396 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:57:26.0772 2396 EapHost - ok
13:57:26.0958 2396 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:57:27.0016 2396 ebdrv - ok
13:57:27.0058 2396 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:57:27.0060 2396 EFS - ok
13:57:27.0117 2396 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
13:57:27.0129 2396 ehRecvr - ok
13:57:27.0146 2396 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:57:27.0149 2396 ehSched - ok
13:57:27.0181 2396 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:57:27.0191 2396 elxstor - ok
13:57:27.0218 2396 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:57:27.0219 2396 ErrDev - ok
13:57:27.0273 2396 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:57:27.0281 2396 EventSystem - ok
13:57:27.0306 2396 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:27.0310 2396 exfat - ok
13:57:27.0334 2396 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:27.0338 2396 fastfat - ok
13:57:27.0390 2396 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:57:27.0404 2396 Fax - ok
13:57:27.0421 2396 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:57:27.0422 2396 fdc - ok
13:57:27.0444 2396 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:57:27.0445 2396 fdPHost - ok
13:57:27.0460 2396 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:57:27.0462 2396 FDResPub - ok
13:57:27.0487 2396 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:27.0488 2396 FileInfo - ok
13:57:27.0509 2396 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:27.0510 2396 Filetrace - ok
13:57:27.0531 2396 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:27.0532 2396 flpydisk - ok
13:57:27.0557 2396 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:57:27.0562 2396 FltMgr - ok
13:57:27.0601 2396 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
13:57:27.0623 2396 FontCache - ok
13:57:27.0703 2396 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:57:27.0706 2396 FontCache3.0.0.0 - ok
13:57:27.0734 2396 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:27.0735 2396 FsDepends - ok
13:57:27.0760 2396 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:27.0761 2396 Fs_Rec - ok
13:57:27.0800 2396 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:27.0804 2396 fvevol - ok
13:57:27.0830 2396 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:27.0832 2396 gagp30kx - ok
13:57:27.0909 2396 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:57:27.0910 2396 GEARAspiWDM - ok
13:57:27.0948 2396 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:57:27.0962 2396 gpsvc - ok
13:57:27.0988 2396 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:27.0990 2396 hcw85cir - ok
13:57:28.0041 2396 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:57:28.0047 2396 HdAudAddService - ok
13:57:28.0083 2396 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:28.0085 2396 HDAudBus - ok
13:57:28.0112 2396 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:28.0125 2396 HidBatt - ok
13:57:28.0154 2396 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:57:28.0166 2396 HidBth - ok
13:57:28.0221 2396 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:57:28.0222 2396 HidIr - ok
13:57:28.0257 2396 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:57:28.0258 2396 hidserv - ok
13:57:28.0301 2396 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:57:28.0302 2396 HidUsb - ok
13:57:28.0333 2396 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:57:28.0336 2396 hkmsvc - ok
13:57:28.0369 2396 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:57:28.0374 2396 HomeGroupListener - ok
13:57:28.0416 2396 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:57:28.0421 2396 HomeGroupProvider - ok
13:57:28.0450 2396 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:57:28.0452 2396 HpSAMD - ok
13:57:28.0498 2396 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:57:28.0512 2396 HTTP - ok
13:57:28.0535 2396 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:57:28.0535 2396 hwpolicy - ok
13:57:28.0575 2396 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:57:28.0578 2396 i8042prt - ok
13:57:28.0616 2396 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:57:28.0624 2396 iaStorV - ok
13:57:28.0712 2396 ICQ Service (b1a28fa1afde10b95ff9354b15701d70) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
13:57:28.0717 2396 ICQ Service - ok
13:57:28.0819 2396 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:57:28.0835 2396 idsvc - ok
13:57:28.0855 2396 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:57:28.0857 2396 iirsp - ok
13:57:28.0914 2396 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:57:28.0929 2396 IKEEXT - ok
13:57:29.0079 2396 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:29.0096 2396 IntcAzAudAddService - ok
13:57:29.0126 2396 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:57:29.0127 2396 intelide - ok
13:57:29.0158 2396 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:29.0159 2396 intelppm - ok
13:57:29.0187 2396 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:57:29.0190 2396 IPBusEnum - ok
13:57:29.0214 2396 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:29.0216 2396 IpFilterDriver - ok
13:57:29.0241 2396 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:57:29.0243 2396 IPMIDRV - ok
13:57:29.0287 2396 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:29.0289 2396 IPNAT - ok
13:57:29.0396 2396 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
13:57:29.0415 2396 iPod Service - ok
13:57:29.0443 2396 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:29.0445 2396 IRENUM - ok
13:57:29.0464 2396 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:57:29.0465 2396 isapnp - ok
13:57:29.0492 2396 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:57:29.0496 2396 iScsiPrt - ok
13:57:29.0538 2396 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:29.0539 2396 kbdclass - ok
13:57:29.0566 2396 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:29.0567 2396 kbdhid - ok
13:57:29.0603 2396 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:57:29.0604 2396 KeyIso - ok
13:57:29.0625 2396 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:57:29.0627 2396 KSecDD - ok
13:57:29.0650 2396 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:29.0652 2396 KSecPkg - ok
13:57:29.0675 2396 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:29.0676 2396 ksthunk - ok
13:57:29.0715 2396 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:57:29.0723 2396 KtmRm - ok
13:57:29.0763 2396 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\system32\srvsvc.dll
13:57:29.0769 2396 LanmanServer - ok
13:57:29.0805 2396 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:57:29.0809 2396 LanmanWorkstation - ok
13:57:29.0850 2396 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:29.0851 2396 lltdio - ok
13:57:29.0888 2396 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:57:29.0894 2396 lltdsvc - ok
13:57:29.0919 2396 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:57:29.0921 2396 lmhosts - ok
13:57:29.0956 2396 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:29.0958 2396 LSI_FC - ok
13:57:29.0980 2396 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:29.0983 2396 LSI_SAS - ok
13:57:30.0005 2396 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:30.0007 2396 LSI_SAS2 - ok
13:57:30.0034 2396 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:30.0037 2396 LSI_SCSI - ok
13:57:30.0081 2396 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:30.0083 2396 luafv - ok
13:57:30.0114 2396 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:57:30.0117 2396 Mcx2Svc - ok
13:57:30.0141 2396 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:57:30.0143 2396 megasas - ok
13:57:30.0168 2396 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:30.0174 2396 MegaSR - ok
13:57:30.0198 2396 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:30.0200 2396 MMCSS - ok
13:57:30.0219 2396 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:30.0229 2396 Modem - ok
13:57:30.0267 2396 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:30.0268 2396 monitor - ok
13:57:30.0298 2396 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:57:30.0298 2396 mouclass - ok
13:57:30.0336 2396 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:30.0337 2396 mouhid - ok
13:57:30.0364 2396 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:57:30.0366 2396 mountmgr - ok
13:57:30.0395 2396 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:57:30.0398 2396 mpio - ok
13:57:30.0412 2396 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:30.0414 2396 mpsdrv - ok
13:57:30.0454 2396 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:57:30.0457 2396 MRxDAV - ok
13:57:30.0482 2396 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:30.0485 2396 mrxsmb - ok
13:57:30.0507 2396 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:30.0512 2396 mrxsmb10 - ok
13:57:30.0536 2396 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:30.0538 2396 mrxsmb20 - ok
13:57:30.0573 2396 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:57:30.0574 2396 msahci - ok
13:57:30.0604 2396 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:57:30.0608 2396 msdsm - ok
13:57:30.0642 2396 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:57:30.0646 2396 MSDTC - ok
13:57:30.0671 2396 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:30.0672 2396 Msfs - ok
13:57:30.0694 2396 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:30.0695 2396 mshidkmdf - ok
13:57:30.0721 2396 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:57:30.0722 2396 msisadrv - ok
13:57:30.0767 2396 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:57:30.0771 2396 MSiSCSI - ok
13:57:30.0782 2396 msiserver - ok
13:57:30.0817 2396 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:30.0819 2396 MSKSSRV - ok
13:57:30.0846 2396 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:30.0847 2396 MSPCLOCK - ok
13:57:30.0877 2396 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:30.0878 2396 MSPQM - ok
13:57:30.0912 2396 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:57:30.0917 2396 MsRPC - ok
13:57:30.0937 2396 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:57:30.0938 2396 mssmbios - ok
13:57:30.0951 2396 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:30.0952 2396 MSTEE - ok
13:57:30.0972 2396 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:30.0973 2396 MTConfig - ok
13:57:31.0002 2396 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:31.0003 2396 Mup - ok
13:57:31.0047 2396 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:57:31.0057 2396 napagent - ok
13:57:31.0097 2396 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:31.0104 2396 NativeWifiP - ok
13:57:31.0162 2396 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:57:31.0179 2396 NDIS - ok
13:57:31.0216 2396 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:31.0217 2396 NdisCap - ok
13:57:31.0259 2396 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:31.0260 2396 NdisTapi - ok
13:57:31.0310 2396 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:31.0312 2396 Ndisuio - ok
13:57:31.0339 2396 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:31.0342 2396 NdisWan - ok
13:57:31.0363 2396 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:57:31.0365 2396 NDProxy - ok
13:57:31.0395 2396 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:31.0397 2396 NetBIOS - ok
13:57:31.0423 2396 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:57:31.0428 2396 NetBT - ok
13:57:31.0459 2396 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:57:31.0460 2396 Netlogon - ok
13:57:31.0509 2396 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:57:31.0517 2396 Netman - ok
13:57:31.0542 2396 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:57:31.0551 2396 netprofm - ok
13:57:31.0640 2396 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:57:31.0643 2396 NetTcpPortSharing - ok
13:57:31.0668 2396 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:31.0669 2396 nfrd960 - ok
13:57:31.0712 2396 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:57:31.0719 2396 NlaSvc - ok
13:57:31.0737 2396 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:31.0738 2396 Npfs - ok
13:57:31.0772 2396 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:57:31.0774 2396 nsi - ok
13:57:31.0794 2396 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:31.0795 2396 nsiproxy - ok
13:57:31.0857 2396 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:57:31.0886 2396 Ntfs - ok
13:57:31.0911 2396 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:31.0912 2396 Null - ok
13:57:31.0940 2396 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:57:31.0943 2396 nvraid - ok
13:57:31.0961 2396 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:57:31.0965 2396 nvstor - ok
13:57:31.0992 2396 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:57:31.0994 2396 nv_agp - ok
13:57:32.0095 2396 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:57:32.0103 2396 odserv - ok
13:57:32.0129 2396 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:57:32.0131 2396 ohci1394 - ok
13:57:32.0173 2396 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:57:32.0177 2396 ose - ok
13:57:32.0219 2396 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:32.0226 2396 p2pimsvc - ok
13:57:32.0345 2396 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:57:32.0363 2396 p2psvc - ok
13:57:32.0403 2396 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:57:32.0405 2396 Parport - ok
13:57:32.0433 2396 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:57:32.0435 2396 partmgr - ok
13:57:32.0454 2396 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:57:32.0458 2396 PcaSvc - ok
13:57:32.0484 2396 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:57:32.0488 2396 pci - ok
13:57:32.0508 2396 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:57:32.0509 2396 pciide - ok
13:57:32.0540 2396 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:32.0544 2396 pcmcia - ok
13:57:32.0621 2396 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:32.0621 2396 pcw - ok
13:57:32.0655 2396 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:32.0666 2396 PEAUTH - ok
13:57:32.0730 2396 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:57:32.0756 2396 PeerDistSvc - ok
13:57:32.0821 2396 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:57:32.0823 2396 PerfHost - ok
13:57:32.0891 2396 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:57:32.0917 2396 pla - ok
13:57:32.0957 2396 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
13:57:32.0965 2396 PlugPlay - ok
13:57:32.0993 2396 PnkBstrA - ok
13:57:33.0018 2396 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:57:33.0020 2396 PNRPAutoReg - ok
13:57:33.0056 2396 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:33.0059 2396 PNRPsvc - ok
13:57:33.0099 2396 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:57:33.0110 2396 PolicyAgent - ok
13:57:33.0142 2396 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:57:33.0147 2396 Power - ok
13:57:33.0202 2396 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:33.0204 2396 PptpMiniport - ok
13:57:33.0244 2396 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:57:33.0246 2396 Processor - ok
13:57:33.0275 2396 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:57:33.0280 2396 ProfSvc - ok
13:57:33.0316 2396 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:57:33.0317 2396 ProtectedStorage - ok
13:57:33.0360 2396 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:57:33.0363 2396 Psched - ok
13:57:33.0417 2396 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:57:33.0446 2396 ql2300 - ok
13:57:33.0473 2396 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:33.0476 2396 ql40xx - ok
13:57:33.0507 2396 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:57:33.0513 2396 QWAVE - ok
13:57:33.0536 2396 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:33.0537 2396 QWAVEdrv - ok
13:57:33.0561 2396 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:33.0562 2396 RasAcd - ok
13:57:33.0602 2396 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:33.0604 2396 RasAgileVpn - ok
13:57:33.0631 2396 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:57:33.0635 2396 RasAuto - ok
13:57:33.0667 2396 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:33.0670 2396 Rasl2tp - ok
13:57:33.0701 2396 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:57:33.0708 2396 RasMan - ok
13:57:33.0733 2396 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:33.0735 2396 RasPppoe - ok
13:57:33.0761 2396 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:33.0763 2396 RasSstp - ok
13:57:33.0789 2396 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:33.0794 2396 rdbss - ok
13:57:33.0817 2396 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:33.0819 2396 rdpbus - ok
13:57:33.0833 2396 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:33.0834 2396 RDPCDD - ok
13:57:33.0879 2396 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:57:33.0883 2396 RDPDR - ok
13:57:33.0916 2396 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:33.0917 2396 RDPENCDD - ok
13:57:33.0940 2396 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:33.0941 2396 RDPREFMP - ok
13:57:33.0978 2396 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:57:33.0982 2396 RDPWD - ok
13:57:34.0013 2396 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:57:34.0017 2396 rdyboost - ok
13:57:34.0076 2396 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:57:34.0079 2396 RemoteAccess - ok
13:57:34.0124 2396 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:57:34.0127 2396 RemoteRegistry - ok
13:57:34.0152 2396 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:57:34.0155 2396 RpcEptMapper - ok
13:57:34.0186 2396 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:57:34.0188 2396 RpcLocator - ok
13:57:34.0221 2396 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:57:34.0225 2396 RpcSs - ok
13:57:34.0261 2396 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:34.0263 2396 rspndr - ok
13:57:34.0300 2396 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
13:57:34.0302 2396 RTL8023x64 - ok
13:57:34.0330 2396 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:57:34.0333 2396 RTL8167 - ok
13:57:34.0371 2396 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
13:57:34.0372 2396 s3cap - ok
13:57:34.0402 2396 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:57:34.0403 2396 SamSs - ok
13:57:34.0429 2396 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:57:34.0432 2396 sbp2port - ok
13:57:34.0464 2396 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:57:34.0470 2396 SCardSvr - ok
13:57:34.0499 2396 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:34.0500 2396 scfilter - ok
13:57:34.0557 2396 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
13:57:34.0579 2396 Schedule - ok
13:57:34.0612 2396 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:57:34.0613 2396 SCPolicySvc - ok
13:57:34.0643 2396 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:57:34.0648 2396 SDRSVC - ok
13:57:34.0680 2396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:34.0681 2396 secdrv - ok
13:57:34.0704 2396 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:57:34.0706 2396 seclogon - ok
13:57:34.0730 2396 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:57:34.0733 2396 SENS - ok
13:57:34.0757 2396 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:57:34.0760 2396 SensrSvc - ok
13:57:34.0798 2396 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:57:34.0800 2396 Serenum - ok
13:57:34.0825 2396 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:57:34.0828 2396 Serial - ok
13:57:34.0850 2396 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:57:34.0851 2396 sermouse - ok
13:57:34.0886 2396 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:57:34.0890 2396 SessionEnv - ok
13:57:34.0917 2396 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:57:34.0918 2396 sffdisk - ok
13:57:34.0941 2396 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:57:34.0942 2396 sffp_mmc - ok
13:57:34.0968 2396 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:57:34.0969 2396 sffp_sd - ok
13:57:34.0995 2396 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:34.0996 2396 sfloppy - ok
13:57:35.0054 2396 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:57:35.0062 2396 SharedAccess - ok
13:57:35.0097 2396 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:57:35.0105 2396 ShellHWDetection - ok
13:57:35.0138 2396 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:35.0140 2396 SiSRaid2 - ok
13:57:35.0172 2396 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:35.0174 2396 SiSRaid4 - ok
13:57:35.0211 2396 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:35.0213 2396 Smb - ok
13:57:35.0256 2396 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:57:35.0258 2396 SNMPTRAP - ok
13:57:35.0291 2396 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:35.0291 2396 spldr - ok
13:57:35.0342 2396 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
13:57:35.0347 2396 Spooler - ok
13:57:35.0467 2396 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:57:35.0523 2396 sppsvc - ok
13:57:35.0575 2396 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:57:35.0579 2396 sppuinotify - ok
13:57:35.0715 2396 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
13:57:35.0732 2396 sptd - ok
13:57:35.0794 2396 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
13:57:35.0803 2396 srv - ok
13:57:35.0824 2396 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
13:57:35.0831 2396 srv2 - ok
13:57:35.0875 2396 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:35.0877 2396 srvnet - ok
13:57:35.0969 2396 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:57:35.0975 2396 SSDPSRV - ok
13:57:36.0029 2396 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:57:36.0033 2396 SstpSvc - ok
13:57:36.0075 2396 Steam Client Service - ok
13:57:36.0101 2396 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:57:36.0102 2396 stexstor - ok
13:57:36.0159 2396 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:57:36.0171 2396 stisvc - ok
13:57:36.0209 2396 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:57:36.0210 2396 storflt - ok
13:57:36.0280 2396 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:57:36.0283 2396 StorSvc - ok
13:57:36.0338 2396 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
13:57:36.0340 2396 storvsc - ok
13:57:36.0368 2396 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:57:36.0369 2396 swenum - ok
13:57:36.0399 2396 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:57:36.0410 2396 swprv - ok
13:57:36.0546 2396 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:57:36.0580 2396 SysMain - ok
13:57:36.0605 2396 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:57:36.0608 2396 TabletInputService - ok
13:57:36.0633 2396 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:57:36.0640 2396 TapiSrv - ok
13:57:36.0663 2396 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:57:36.0666 2396 TBS - ok
13:57:36.0732 2396 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
13:57:36.0765 2396 Tcpip - ok
13:57:36.0822 2396 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:36.0833 2396 TCPIP6 - ok
13:57:36.0860 2396 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:57:36.0862 2396 tcpipreg - ok
13:57:36.0886 2396 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:36.0887 2396 TDPIPE - ok
13:57:36.0909 2396 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:57:36.0911 2396 TDTCP - ok
13:57:36.0940 2396 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:57:36.0942 2396 tdx - ok
13:57:36.0964 2396 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:57:36.0965 2396 TermDD - ok
13:57:37.0008 2396 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:57:37.0023 2396 TermService - ok
13:57:37.0050 2396 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:57:37.0053 2396 Themes - ok
13:57:37.0085 2396 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:37.0087 2396 THREADORDER - ok
13:57:37.0111 2396 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:57:37.0115 2396 TrkWks - ok
13:57:37.0167 2396 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:57:37.0170 2396 TrustedInstaller - ok
13:57:37.0208 2396 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:37.0208 2396 tssecsrv - ok
13:57:37.0285 2396 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:37.0287 2396 tunnel - ok
13:57:37.0316 2396 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:57:37.0318 2396 uagp35 - ok
13:57:37.0349 2396 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:57:37.0355 2396 udfs - ok
13:57:37.0386 2396 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:57:37.0389 2396 UI0Detect - ok
13:57:37.0421 2396 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:57:37.0423 2396 uliagpkx - ok
13:57:37.0461 2396 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:57:37.0462 2396 umbus - ok
13:57:37.0486 2396 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:57:37.0487 2396 UmPass - ok
13:57:37.0527 2396 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
13:57:37.0533 2396 UmRdpService - ok
13:57:37.0563 2396 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:57:37.0571 2396 upnphost - ok
13:57:37.0642 2396 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:57:37.0644 2396 USBAAPL64 - ok
13:57:37.0693 2396 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:57:37.0696 2396 usbaudio - ok
13:57:37.0718 2396 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:37.0720 2396 usbccgp - ok
13:57:37.0755 2396 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:57:37.0758 2396 usbcir - ok
13:57:37.0791 2396 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:37.0792 2396 usbehci - ok
13:57:37.0833 2396 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:37.0839 2396 usbhub - ok
13:57:37.0857 2396 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:57:37.0858 2396 usbohci - ok
13:57:37.0887 2396 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:37.0888 2396 usbprint - ok
13:57:37.0915 2396 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:37.0916 2396 USBSTOR - ok
13:57:37.0944 2396 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:57:37.0946 2396 usbuhci - ok
13:57:37.0972 2396 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:57:37.0975 2396 UxSms - ok
13:57:38.0007 2396 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:57:38.0008 2396 VaultSvc - ok
13:57:38.0041 2396 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:57:38.0041 2396 vdrvroot - ok
13:57:38.0071 2396 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:57:38.0082 2396 vds - ok
13:57:38.0113 2396 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:38.0114 2396 vga - ok
13:57:38.0163 2396 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:38.0164 2396 VgaSave - ok
13:57:38.0191 2396 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:57:38.0195 2396 vhdmp - ok
13:57:38.0219 2396 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:57:38.0221 2396 viaide - ok
13:57:38.0261 2396 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:57:38.0266 2396 vmbus - ok
13:57:38.0291 2396 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:57:38.0293 2396 VMBusHID - ok
13:57:38.0319 2396 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:57:38.0320 2396 volmgr - ok
13:57:38.0348 2396 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:57:38.0355 2396 volmgrx - ok
13:57:38.0379 2396 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:57:38.0384 2396 volsnap - ok
13:57:38.0415 2396 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:38.0417 2396 vsmraid - ok
13:57:38.0477 2396 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:57:38.0507 2396 VSS - ok
13:57:38.0541 2396 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:38.0541 2396 vwifibus - ok
13:57:38.0575 2396 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:57:38.0583 2396 W32Time - ok
13:57:38.0610 2396 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:57:38.0612 2396 WacomPen - ok
13:57:38.0659 2396 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:38.0661 2396 WANARP - ok
13:57:38.0676 2396 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:38.0677 2396 Wanarpv6 - ok
13:57:38.0730 2396 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:57:38.0758 2396 wbengine - ok
13:57:38.0783 2396 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:57:38.0788 2396 WbioSrvc - ok
13:57:38.0818 2396 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
13:57:38.0827 2396 wcncsvc - ok
13:57:38.0851 2396 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:57:38.0854 2396 WcsPlugInService - ok
13:57:38.0878 2396 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:57:38.0879 2396 Wd - ok
13:57:38.0922 2396 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:38.0934 2396 Wdf01000 - ok
13:57:38.0953 2396 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:38.0957 2396 WdiServiceHost - ok
13:57:38.0960 2396 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:38.0963 2396 WdiSystemHost - ok
13:57:38.0989 2396 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
13:57:38.0996 2396 WebClient - ok
13:57:39.0018 2396 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:57:39.0025 2396 Wecsvc - ok
13:57:39.0045 2396 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:57:39.0049 2396 wercplsupport - ok
13:57:39.0083 2396 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:57:39.0087 2396 WerSvc - ok
13:57:39.0135 2396 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:39.0136 2396 WfpLwf - ok
13:57:39.0160 2396 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:39.0161 2396 WIMMount - ok
13:57:39.0167 2396 WinHttpAutoProxySvc - ok
13:57:39.0233 2396 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:57:39.0238 2396 Winmgmt - ok
13:57:39.0318 2396 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:57:39.0356 2396 WinRM - ok
13:57:39.0452 2396 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:39.0454 2396 WinUsb - ok
13:57:39.0503 2396 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:57:39.0521 2396 Wlansvc - ok
13:57:39.0558 2396 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:57:39.0560 2396 WmiAcpi - ok
13:57:39.0636 2396 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:57:39.0641 2396 wmiApSrv - ok
13:57:39.0687 2396 WMPNetworkSvc - ok
13:57:39.0709 2396 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:57:39.0712 2396 WPCSvc - ok
13:57:39.0741 2396 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:57:39.0745 2396 WPDBusEnum - ok
13:57:39.0769 2396 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:39.0770 2396 ws2ifsl - ok
13:57:39.0782 2396 WSearch - ok
13:57:39.0864 2396 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:57:39.0908 2396 wuauserv - ok
13:57:39.0932 2396 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:57:39.0935 2396 WudfPf - ok
13:57:39.0991 2396 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:39.0995 2396 WUDFRd - ok
13:57:40.0020 2396 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:57:40.0024 2396 wudfsvc - ok
13:57:40.0046 2396 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:57:40.0052 2396 WwanSvc - ok
13:57:40.0080 2396 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:57:40.0128 2396 \Device\Harddisk0\DR0 - ok
13:57:40.0133 2396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:57:40.0138 2396 \Device\Harddisk1\DR1 - ok
13:57:40.0142 2396 Boot (0x1200) (360e66b4a458d6a9acc8039178a8bf78) \Device\Harddisk0\DR0\Partition0
13:57:40.0143 2396 \Device\Harddisk0\DR0\Partition0 - ok
13:57:40.0159 2396 Boot (0x1200) (fabe41d0087663b7e960eac15cf8b906) \Device\Harddisk0\DR0\Partition1
13:57:40.0160 2396 \Device\Harddisk0\DR0\Partition1 - ok
13:57:40.0164 2396 Boot (0x1200) (1e06b4075a9644d13f59fb8f03f5ca3c) \Device\Harddisk1\DR1\Partition0
13:57:40.0167 2396 \Device\Harddisk1\DR1\Partition0 - ok
13:57:40.0167 2396 ============================================================
13:57:40.0167 2396 Scan finished
13:57:40.0167 2396 ============================================================
13:57:40.0181 2400 Detected object count: 0
13:57:40.0181 2400 Actual detected object count: 0
13:59:03.0370 1092 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 14:00:11
-----------------------------
14:00:11.889 OS Version: Windows x64 6.1.7600
14:00:11.889 Number of processors: 4 586 0x203
14:00:11.890 ComputerName: ULLBY-PC UserName: Ullby
14:00:12.360 Initialize success
14:01:34.388 AVAST engine defs: 12042100
14:02:11.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:02:11.576 Disk 0 Vendor: SAMSUNG_SP2014N VC100-33 Size: 190782MB BusType: 3
14:02:11.591 Disk 0 MBR read successfully
14:02:11.593 Disk 0 MBR scan
14:02:11.597 Disk 0 Windows 7 default MBR code
14:02:11.607 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:02:11.622 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190680 MB offset 206848
14:02:11.642 Disk 0 scanning C:\Windows\system32\drivers
14:02:19.869 Service scanning
14:02:38.548 Modules scanning
14:02:38.575 Disk 0 trace - called modules:
14:02:38.595 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:02:38.599 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f9060]
14:02:38.945 3 CLASSPNP.SYS[fffff880011c843f] -> nt!IofCallDriver -> [0xfffffa80047f0520]
14:02:38.950 5 ACPI.sys[fffff88000ebb781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047ee680]
14:02:39.469 AVAST engine scan C:\Windows
14:02:41.535 AVAST engine scan C:\Windows\system32
14:04:21.014 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
14:04:22.479 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
14:04:59.367 AVAST engine scan C:\Windows\system32\drivers
14:05:08.600 AVAST engine scan C:\Users\Ullby
14:11:38.877 AVAST engine scan C:\ProgramData
14:12:47.458 Scan finished successfully
14:28:36.773 Disk 0 MBR has been saved successfully to "C:\Users\Ullby\Desktop\MBR.dat"
14:28:36.777 The log file has been saved successfully to "C:\Users\Ullby\Desktop\aswMBR.txt"
[CODE] .DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Ullby at 14:31:09 on 2012-04-21
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.3064 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Spiele\Battlefield 3\Origin\Origin.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyServer = 146.57.249.98:3128
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoViewContextMenu = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube Download - C:\Users\Ullby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Ullby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.2\ICQ7.4\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90F8E880-893B-44CF-BF30-5746AD3DFE08} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CEF2B0CE-5603-4E6D-BB42-C7CAF0FB67C4} : NameServer = 192.168.1.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
IE-X64: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.2\ICQ7.4\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ullby\AppData\Roaming\Mozilla\Firefox\Profiles\xwqt6cjl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - 146.57.249.98
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 146.57.249.98
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 146.57.249.98
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 146.57.249.98
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Ullby\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: E:\Software\Itunes Software\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AODDriver4.1;AODDriver4.1;C:\Users\Ullby\Desktop\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 pctoolsfirewallplus;Winachcf;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Users\Ullby\Desktop\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
S4 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-11 136360]
S4 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-11 269480]
S4 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-2-1 247096]
.
=============== Created Last 30 ================
.
2012-04-20 21:34:53 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-20 21:29:36 -------- d-----w- C:\ProgramData\Battle.net
2012-04-19 15:02:29 -------- d-----w- C:\FRST
2012-04-14 00:19:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-14 00:18:41 -------- d-----we C:\Windows\system64
2012-04-09 18:14:20 -------- d-----w- C:\ProgramData\EA Logs
2012-04-04 14:20:13 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 05:45:11 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-21 12:14:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-21 12:14:21 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-21 12:14:00 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-13 22:27:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-09 18:24:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 21:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 21:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 21:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 21:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 21:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 21:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 21:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 21:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
============= FINISH: 14:31:35,68 ===============
--- --- --- DDS (Attach) : Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11.12.2010 10:14:17
System Uptime: 21.04.2012 13:52:12 (1 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7501
Processor: AMD Phenom(tm) 9550 Quad-Core Processor | CPU 1 | 2195/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 2,457 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 36,693 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.01
Device ID: ROOT\LEGACY_AODDRIVER4.01\0000
Manufacturer:
Name: AODDriver4.01
PNP Device ID: ROOT\LEGACY_AODDRIVER4.01\0000
Service: AODDriver4.01
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Reader 8.3.1 - Deutsch
Age of Conan: Hyborian Adventures
Alien Swarm
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
AquaSoft DiaShow Studio 6
Ashampoo Burning Studio 9.10
Avira AntiVir Personal - Free Antivirus
Bandisoft MPEG-1 Decoder
Battlefield 3™
Battlelog Web Plugins
Borderlands
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CrimeCraft GangWars
Diablo III Beta
Dungeon Defenders
eMule
ESN Sonar
FEAR
ffdshow v1.1.3614 [2010-10-22]
Free Audio CD Burner version 1.4.7
Free Video to MP3 Converter version 4.2.19.324
Free YouTube Download version 3.0.14.908
Free YouTube to MP3 Converter version 3.10.9.908
GameSpy Arcade
GUILD WARS
ICQ Toolbar
ICQ7.4
Java Auto Updater
Java(TM) 6 Update 29
Killing Floor
Left 4 Dead 2
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 de)
Nation Red
Need For Speed™ World
Nexon Game Manager
NVIDIA PhysX
Origin
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
ROCCAT Kone Mouse Driver
Spybot - Search & Destroy
SRWare Iron 5.0.382
Steam
Team Fortress 2
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
Ubisoft Game Launcher
UE3Redist
Uninstall 1.0.0.1
Unity Web Player
Vindictus EU
Winamp
Winamp Erkennungs-Plug-in
Windows Media Player Firefox Plugin
Xfire (remove only)
Xilisoft iPhone Klingelton Maker
Xilisoft iPhone to PC Copy
.
==== End Of File ===========================
|
|
21.04.2012, 15:14
| #12 | |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.04.2012, 15:57
| #13 |
| | PC stürzt nach erfolgreichem Virenscan ständig ab Combofix : Combofix Logfile: Code:
ATTFilter ComboFix 12-04-20.03 - Ullby 21.04.2012 16:40:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2483 [GMT 2:00]
ausgeführt von:: c:\users\Ullby\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ullby\AppData\Local\assembly\tmp
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\auth.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\burnlib.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\dsp_sps.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_aacplus.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_flac.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_lame.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_vorbis.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_wav.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\enc_wma.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_classicart.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_crasher.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_ff.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_find_on_disk.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_hotkeys.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_jumpex.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_ml.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_nopro.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_orgler.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_skinmanager.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_timerestore.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_tray.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\gen_undo.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_avi.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_cdda.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_dshow.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_flac.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_flv.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_linein.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_midi.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_mkv.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_mod.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_mp3.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_mp4.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_nsv.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_swf.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_vorbis.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_wav.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_wave.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_wm.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\in_wv.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_addons.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_autotag.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_bookmarks.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_devices.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_disc.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_downloads.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_enqplay.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_history.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_impex.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_local.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_nowplaying.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_online.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_orb.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_playlists.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_plg.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_pmp.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_rg.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_transcode.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ml_wire.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\ombrowser.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\out_disk.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\out_ds.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\out_wave.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\playlist.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_activesync.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_android.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_ipod.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_njb.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_p4s.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_usb.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\pmp_wifi.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\tagz.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\vis_avs.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\vis_milk2.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\vis_nsfs.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\winamp.lng
c:\users\Ullby\AppData\Local\Temp\WLZ9B63.tmp\winampa.lng
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\jestertb.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-21 bis 2012-04-21 ))))))))))))))))))))))))))))))
.
.
2012-04-21 14:46 . 2012-04-21 14:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 21:34 . 2012-04-20 21:34 -------- d-----w- c:\windows\system32\appmgmt
2012-04-20 21:29 . 2012-04-20 21:29 -------- d-----w- c:\programdata\Battle.net
2012-04-19 15:02 . 2012-04-19 15:03 -------- d-----w- C:\FRST
2012-04-14 00:18 . 2012-04-14 00:18 -------- d-----we c:\windows\system64
2012-04-09 18:14 . 2012-04-09 20:09 -------- d-----w- c:\programdata\EA Logs
2012-04-04 14:20 . 2012-04-13 22:27 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 05:45 . 2012-04-13 22:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 17:59 . 2012-03-24 17:59 -------- d-----w- c:\programdata\ATI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 13:31 . 2010-12-22 17:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-21 13:31 . 2010-12-22 14:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-21 13:31 . 2010-12-22 14:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-13 22:27 . 2011-05-18 14:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-09 18:24 . 2010-12-22 14:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\users\Ullby\Desktop\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AODDriver4.1;AODDriver4.1;c:\users\Ullby\Desktop\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
deltafw
igfx
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 146.57.249.98:3128
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Ullby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ullby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.2\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90F8E880-893B-44CF-BF30-5746AD3DFE08}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CEF2B0CE-5603-4E6D-BB42-C7CAF0FB67C4}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ullby\AppData\Roaming\Mozilla\Firefox\Profiles\xwqt6cjl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - 146.57.249.98
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 146.57.249.98
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 146.57.249.98
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 146.57.249.98
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2452620630-2399284679-4211720528-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,a1,4a,9f,63,41,1c,31,dd,0f,ca,9c,f6,be,e9,3c,2d,4d,b0,5f,67,
1b,02,ec,2d,27,8b,23,dc,97,97,6b,72,b7,80,b7,ea,02,05,f5,19,d8,9a,c8,3d,60,\
"rkeysecu"=hex:16,26,5d,b5,22,2f,fc,e5,ad,7e,7d,5d,97,08,4d,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-21 16:54:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-21 14:54
.
Vor Suchlauf: 2.141.478.912 Bytes frei
Nach Suchlauf: 1.946.578.944 Bytes frei
.
- - End Of File - - 33A3F21EFD2E6BE5D589D4D1673C1B74
|
|
21.04.2012, 17:59
| #14 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Schritt 1: CF Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DDS::
uInternet Settings,ProxyServer = 146.57.249.98:3128
FIREFOX::
FF - ProfilePath - c:\users\Ullby\AppData\Roaming\Mozilla\Firefox\Profiles\xwqt6cjl.default\
FF - prefs.js: network.proxy.ftp - 146.57.249.98
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 146.57.249.98
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 146.57.249.98
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 146.57.249.98
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
23.04.2012, 08:57
| #15 |
| /// Malwareteam | PC stürzt nach erfolgreichem Virenscan ständig ab Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu PC stürzt nach erfolgreichem Virenscan ständig ab |
| abgesicherten, aktuelle, antivir, board, dateien, daten, desktop, eingefangen, folge, fund, gelöscht, gen, hallo zusammen, komplett, modus, namen, neu, offline, rechner, scan, spybot, stürzt ab, tr/atraps.gen, tr/atraps.gen2, trojaner, virenscan, windows |
Linear-Darstellung
