| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.12.2012, 21:54
| #1 |
 |  Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Hallo brauche unbedingt hilfe. Habe diese Meldung von Avira gehabt 800000cb.@ selbst nach System neu aufsetzen kommt das wieder. Hoffe mir kann jemand helfen. |
|
09.12.2012, 10:21
| #2 | |
| /// TB-Ausbilder  | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Scan mit aswMBR Schritt 2: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 3: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
09.12.2012, 10:50
| #3 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Schritt 1 im Anhang
__________________Schritt2 : 10:39:21.0975 3456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 10:39:22.0287 3456 ============================================================ 10:39:22.0287 3456 Current date / time: 2012/12/09 10:39:22.0287 10:39:22.0287 3456 SystemInfo: 10:39:22.0287 3456 10:39:22.0287 3456 OS Version: 6.0.6001 ServicePack: 1.0 10:39:22.0287 3456 Product type: Workstation 10:39:22.0287 3456 ComputerName: HOME 10:39:22.0287 3456 UserName: stefan 10:39:22.0287 3456 Windows directory: C:\Windows 10:39:22.0287 3456 System windows directory: C:\Windows 10:39:22.0287 3456 Processor architecture: Intel x86 10:39:22.0287 3456 Number of processors: 4 10:39:22.0287 3456 Page size: 0x1000 10:39:22.0287 3456 Boot type: Normal boot 10:39:22.0287 3456 ============================================================ 10:39:23.0348 3456 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:39:23.0348 3456 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:39:23.0348 3456 Drive \Device\Harddisk2\DR2 - Size: 0xED400000 (3.71 Gb), SectorSize: 0x200, Cylinders: 0x1E3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 10:39:23.0364 3456 ============================================================ 10:39:23.0364 3456 \Device\Harddisk1\DR1: 10:39:23.0364 3456 MBR partitions: 10:39:23.0364 3456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9470000 10:39:23.0364 3456 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x975E800, BlocksNum 0x92BA800 10:39:23.0364 3456 \Device\Harddisk0\DR0: 10:39:23.0364 3456 MBR partitions: 10:39:23.0364 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D08FC7E 10:39:23.0364 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D08FCBD, BlocksNum 0x37675D04 10:39:23.0364 3456 \Device\Harddisk2\DR2: 10:39:23.0364 3456 MBR partitions: 10:39:23.0364 3456 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x768080 10:39:23.0364 3456 ============================================================ 10:39:23.0379 3456 C: <-> \Device\Harddisk1\DR1\Partition1 10:39:23.0426 3456 E: <-> \Device\Harddisk1\DR1\Partition2 10:39:23.0442 3456 G: <-> \Device\Harddisk0\DR0\Partition1 10:39:23.0457 3456 H: <-> \Device\Harddisk0\DR0\Partition2 10:39:23.0457 3456 ============================================================ 10:39:23.0457 3456 Initialize success 10:39:23.0457 3456 ============================================================ 10:39:46.0779 3968 ============================================================ 10:39:46.0779 3968 Scan started 10:39:46.0779 3968 Mode: Manual; TDLFS; 10:39:46.0779 3968 ============================================================ 10:39:47.0107 3968 ================ Scan system memory ======================== 10:39:47.0107 3968 System memory - ok 10:39:47.0107 3968 ================ Scan services ============================= 10:39:47.0247 3968 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 10:39:47.0247 3968 ACPI - ok 10:39:47.0278 3968 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 10:39:47.0278 3968 adp94xx - ok 10:39:47.0294 3968 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 10:39:47.0294 3968 adpahci - ok 10:39:47.0310 3968 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 10:39:47.0310 3968 adpu160m - ok 10:39:47.0325 3968 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 10:39:47.0325 3968 adpu320 - ok 10:39:47.0356 3968 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 10:39:47.0356 3968 AeLookupSvc - ok 10:39:47.0388 3968 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 10:39:47.0403 3968 AFD - ok 10:39:47.0434 3968 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 10:39:47.0434 3968 agp440 - ok 10:39:47.0466 3968 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 10:39:47.0466 3968 aic78xx - ok 10:39:47.0481 3968 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 10:39:47.0481 3968 ALG - ok 10:39:47.0497 3968 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 10:39:47.0497 3968 aliide - ok 10:39:47.0512 3968 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 10:39:47.0512 3968 amdagp - ok 10:39:47.0528 3968 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 10:39:47.0528 3968 amdide - ok 10:39:47.0544 3968 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 10:39:47.0544 3968 AmdK7 - ok 10:39:47.0559 3968 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 10:39:47.0559 3968 AmdK8 - ok 10:39:47.0637 3968 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 10:39:47.0637 3968 AntiVirSchedulerService - ok 10:39:47.0653 3968 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 10:39:47.0668 3968 AntiVirService - ok 10:39:47.0700 3968 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 10:39:47.0700 3968 Appinfo - ok 10:39:47.0715 3968 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 10:39:47.0715 3968 arc - ok 10:39:47.0746 3968 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 10:39:47.0746 3968 arcsas - ok 10:39:47.0824 3968 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 10:39:47.0840 3968 aspnet_state - ok 10:39:47.0871 3968 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 10:39:47.0871 3968 AsyncMac - ok 10:39:47.0887 3968 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys 10:39:47.0887 3968 atapi - ok 10:39:47.0934 3968 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 10:39:47.0934 3968 AudioEndpointBuilder - ok 10:39:47.0949 3968 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll 10:39:47.0949 3968 Audiosrv - ok 10:39:47.0965 3968 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 10:39:47.0965 3968 avgntflt - ok 10:39:47.0980 3968 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 10:39:47.0980 3968 avipbb - ok 10:39:48.0012 3968 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 10:39:48.0012 3968 b57nd60x - ok 10:39:48.0058 3968 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 10:39:48.0058 3968 Beep - ok 10:39:48.0136 3968 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll 10:39:48.0136 3968 BITS - ok 10:39:48.0183 3968 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 10:39:48.0183 3968 blbdrive - ok 10:39:48.0199 3968 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 10:39:48.0199 3968 bowser - ok 10:39:48.0230 3968 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 10:39:48.0230 3968 BrFiltLo - ok 10:39:48.0246 3968 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 10:39:48.0246 3968 BrFiltUp - ok 10:39:48.0261 3968 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 10:39:48.0261 3968 Browser - ok 10:39:48.0292 3968 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 10:39:48.0292 3968 Brserid - ok 10:39:48.0308 3968 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 10:39:48.0308 3968 BrSerWdm - ok 10:39:48.0324 3968 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 10:39:48.0324 3968 BrUsbMdm - ok 10:39:48.0339 3968 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 10:39:48.0339 3968 BrUsbSer - ok 10:39:48.0339 3968 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 10:39:48.0339 3968 BTHMODEM - ok 10:39:48.0370 3968 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 10:39:48.0370 3968 cdfs - ok 10:39:48.0386 3968 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 10:39:48.0386 3968 cdrom - ok 10:39:48.0417 3968 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 10:39:48.0417 3968 CertPropSvc - ok 10:39:48.0433 3968 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 10:39:48.0433 3968 circlass - ok 10:39:48.0448 3968 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 10:39:48.0448 3968 CLFS - ok 10:39:48.0495 3968 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:39:48.0526 3968 clr_optimization_v2.0.50727_32 - ok 10:39:48.0558 3968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:39:48.0558 3968 clr_optimization_v4.0.30319_32 - ok 10:39:48.0604 3968 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 10:39:48.0604 3968 CmBatt - ok 10:39:48.0620 3968 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 10:39:48.0620 3968 cmdide - ok 10:39:48.0636 3968 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 10:39:48.0636 3968 Compbatt - ok 10:39:48.0636 3968 COMSysApp - ok 10:39:48.0636 3968 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 10:39:48.0636 3968 crcdisk - ok 10:39:48.0651 3968 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 10:39:48.0667 3968 Crusoe - ok 10:39:48.0682 3968 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 10:39:48.0682 3968 CryptSvc - ok 10:39:48.0745 3968 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 10:39:48.0745 3968 DcomLaunch - ok 10:39:48.0776 3968 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 10:39:48.0776 3968 DfsC - ok 10:39:48.0870 3968 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 10:39:48.0885 3968 DFSR - ok 10:39:48.0916 3968 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 10:39:48.0932 3968 Dhcp - ok 10:39:48.0963 3968 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 10:39:48.0963 3968 disk - ok 10:39:48.0979 3968 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 10:39:48.0979 3968 Dnscache - ok 10:39:49.0010 3968 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 10:39:49.0041 3968 dot3svc - ok 10:39:49.0072 3968 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 10:39:49.0072 3968 DPS - ok 10:39:49.0104 3968 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 10:39:49.0104 3968 drmkaud - ok 10:39:49.0150 3968 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 10:39:49.0182 3968 DXGKrnl - ok 10:39:49.0213 3968 [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys 10:39:49.0228 3968 E100B - ok 10:39:49.0260 3968 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 10:39:49.0260 3968 E1G60 - ok 10:39:49.0291 3968 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 10:39:49.0291 3968 EapHost - ok 10:39:49.0338 3968 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 10:39:49.0338 3968 Ecache - ok 10:39:49.0384 3968 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 10:39:49.0400 3968 ehRecvr - ok 10:39:49.0416 3968 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 10:39:49.0416 3968 ehSched - ok 10:39:49.0431 3968 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 10:39:49.0431 3968 ehstart - ok 10:39:49.0462 3968 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 10:39:49.0462 3968 elxstor - ok 10:39:49.0509 3968 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll 10:39:49.0509 3968 EMDMgmt - ok 10:39:49.0540 3968 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 10:39:49.0540 3968 ErrDev - ok 10:39:49.0587 3968 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll 10:39:49.0587 3968 EventSystem - ok 10:39:49.0603 3968 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys 10:39:49.0603 3968 exfat - ok 10:39:49.0618 3968 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys 10:39:49.0618 3968 fastfat - ok 10:39:49.0634 3968 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 10:39:49.0634 3968 fdc - ok 10:39:49.0650 3968 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 10:39:49.0650 3968 fdPHost - ok 10:39:49.0665 3968 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 10:39:49.0665 3968 FDResPub - ok 10:39:49.0696 3968 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys 10:39:49.0696 3968 FETNDIS - ok 10:39:49.0712 3968 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 10:39:49.0712 3968 FileInfo - ok 10:39:49.0712 3968 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 10:39:49.0728 3968 Filetrace - ok 10:39:49.0806 3968 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe 10:39:49.0915 3968 FirebirdServerMAGIXInstance - ok 10:39:49.0930 3968 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 10:39:49.0930 3968 flpydisk - ok 10:39:49.0946 3968 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 10:39:49.0946 3968 FltMgr - ok 10:39:50.0008 3968 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:39:50.0024 3968 FontCache3.0.0.0 - ok 10:39:50.0024 3968 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 10:39:50.0024 3968 Fs_Rec - ok 10:39:50.0040 3968 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 10:39:50.0040 3968 gagp30kx - ok 10:39:50.0086 3968 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll 10:39:50.0118 3968 gpsvc - ok 10:39:50.0164 3968 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 10:39:50.0164 3968 HdAudAddService - ok 10:39:50.0164 3968 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 10:39:50.0164 3968 HDAudBus - ok 10:39:50.0180 3968 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 10:39:50.0180 3968 HidBth - ok 10:39:50.0196 3968 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 10:39:50.0196 3968 HidIr - ok 10:39:50.0227 3968 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 10:39:50.0227 3968 hidserv - ok 10:39:50.0258 3968 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 10:39:50.0258 3968 HidUsb - ok 10:39:50.0274 3968 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 10:39:50.0274 3968 hkmsvc - ok 10:39:50.0305 3968 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 10:39:50.0305 3968 HpCISSs - ok 10:39:50.0352 3968 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys 10:39:50.0367 3968 HTTP - ok 10:39:50.0383 3968 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 10:39:50.0383 3968 i2omp - ok 10:39:50.0414 3968 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 10:39:50.0414 3968 i8042prt - ok 10:39:50.0430 3968 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 10:39:50.0430 3968 iaStorV - ok 10:39:50.0523 3968 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:39:50.0554 3968 IDriverT - ok 10:39:50.0632 3968 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:39:50.0742 3968 idsvc - ok 10:39:50.0757 3968 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 10:39:50.0773 3968 iirsp - ok 10:39:50.0804 3968 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll 10:39:50.0820 3968 IKEEXT - ok 10:39:50.0835 3968 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 10:39:50.0835 3968 intelide - ok 10:39:50.0851 3968 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 10:39:50.0851 3968 intelppm - ok 10:39:50.0882 3968 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 10:39:50.0913 3968 IPBusEnum - ok 10:39:50.0929 3968 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:39:50.0929 3968 IpFilterDriver - ok 10:39:50.0929 3968 IpInIp - ok 10:39:50.0944 3968 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 10:39:50.0944 3968 IPMIDRV - ok 10:39:50.0960 3968 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 10:39:50.0960 3968 IPNAT - ok 10:39:50.0976 3968 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 10:39:50.0976 3968 IRENUM - ok 10:39:50.0991 3968 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 10:39:50.0991 3968 isapnp - ok 10:39:51.0022 3968 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 10:39:51.0022 3968 iScsiPrt - ok 10:39:51.0038 3968 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 10:39:51.0038 3968 iteatapi - ok 10:39:51.0054 3968 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 10:39:51.0054 3968 iteraid - ok 10:39:51.0054 3968 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 10:39:51.0054 3968 kbdclass - ok 10:39:51.0069 3968 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 10:39:51.0069 3968 kbdhid - ok 10:39:51.0100 3968 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe 10:39:51.0100 3968 KeyIso - ok 10:39:51.0147 3968 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 10:39:51.0147 3968 KSecDD - ok 10:39:51.0178 3968 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 10:39:51.0178 3968 KtmRm - ok 10:39:51.0210 3968 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll 10:39:51.0210 3968 LanmanServer - ok 10:39:51.0241 3968 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 10:39:51.0256 3968 LanmanWorkstation - ok 10:39:51.0272 3968 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 10:39:51.0272 3968 lltdio - ok 10:39:51.0303 3968 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 10:39:51.0334 3968 lltdsvc - ok 10:39:51.0350 3968 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 10:39:51.0350 3968 lmhosts - ok 10:39:51.0381 3968 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 10:39:51.0381 3968 LSI_FC - ok 10:39:51.0397 3968 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 10:39:51.0397 3968 LSI_SAS - ok 10:39:51.0428 3968 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 10:39:51.0428 3968 LSI_SCSI - ok 10:39:51.0444 3968 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 10:39:51.0444 3968 luafv - ok 10:39:51.0475 3968 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 10:39:51.0475 3968 MBAMProtector - ok 10:39:51.0537 3968 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 10:39:51.0537 3968 MBAMScheduler - ok 10:39:51.0600 3968 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:39:51.0600 3968 MBAMService - ok 10:39:51.0631 3968 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 10:39:51.0646 3968 Mcx2Svc - ok 10:39:51.0678 3968 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 10:39:51.0678 3968 mdmxsdk - ok 10:39:51.0709 3968 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 10:39:51.0709 3968 megasas - ok 10:39:51.0740 3968 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 10:39:51.0740 3968 MegaSR - ok 10:39:51.0756 3968 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 10:39:51.0756 3968 MMCSS - ok 10:39:51.0771 3968 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 10:39:51.0771 3968 Modem - ok 10:39:51.0802 3968 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 10:39:51.0802 3968 monitor - ok 10:39:51.0818 3968 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 10:39:51.0818 3968 mouclass - ok 10:39:51.0834 3968 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 10:39:51.0834 3968 mouhid - ok 10:39:51.0834 3968 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 10:39:51.0834 3968 MountMgr - ok 10:39:51.0865 3968 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 10:39:51.0865 3968 mpio - ok 10:39:51.0865 3968 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 10:39:51.0880 3968 mpsdrv - ok 10:39:51.0896 3968 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 10:39:51.0896 3968 Mraid35x - ok 10:39:51.0912 3968 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 10:39:51.0912 3968 MRxDAV - ok 10:39:51.0927 3968 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 10:39:51.0927 3968 mrxsmb - ok 10:39:51.0943 3968 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:39:51.0958 3968 mrxsmb10 - ok 10:39:51.0958 3968 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:39:51.0974 3968 mrxsmb20 - ok 10:39:51.0990 3968 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys 10:39:51.0990 3968 msahci - ok 10:39:52.0005 3968 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 10:39:52.0005 3968 msdsm - ok 10:39:52.0021 3968 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 10:39:52.0052 3968 MSDTC - ok 10:39:52.0052 3968 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 10:39:52.0052 3968 Msfs - ok 10:39:52.0068 3968 [ 1E00B9B8601F24A96AD71A7D0FC5F136 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 10:39:52.0068 3968 msisadrv - ok 10:39:52.0099 3968 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 10:39:52.0114 3968 MSiSCSI - ok 10:39:52.0114 3968 msiserver - ok 10:39:52.0146 3968 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 10:39:52.0146 3968 MSKSSRV - ok 10:39:52.0177 3968 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 10:39:52.0177 3968 MSPCLOCK - ok 10:39:52.0192 3968 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 10:39:52.0192 3968 MSPQM - ok 10:39:52.0208 3968 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 10:39:52.0208 3968 MsRPC - ok 10:39:52.0224 3968 [ 215634CF935B696E3EBCA813D02E9165 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 10:39:52.0224 3968 mssmbios - ok 10:39:52.0270 3968 MSSQL$JTLWAWI - ok 10:39:52.0286 3968 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 10:39:52.0286 3968 MSSQLServerADHelper - ok 10:39:52.0302 3968 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 10:39:52.0302 3968 MSTEE - ok 10:39:52.0333 3968 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys 10:39:52.0348 3968 Mup - ok 10:39:52.0411 3968 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll 10:39:52.0426 3968 napagent - ok 10:39:52.0458 3968 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 10:39:52.0458 3968 NativeWifiP - ok 10:39:52.0489 3968 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys 10:39:52.0504 3968 NDIS - ok 10:39:52.0520 3968 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 10:39:52.0520 3968 NdisTapi - ok 10:39:52.0536 3968 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 10:39:52.0536 3968 Ndisuio - ok 10:39:52.0567 3968 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 10:39:52.0567 3968 NdisWan - ok 10:39:52.0567 3968 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 10:39:52.0582 3968 NDProxy - ok 10:39:52.0582 3968 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 10:39:52.0582 3968 NetBIOS - ok 10:39:52.0598 3968 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 10:39:52.0598 3968 netbt - ok 10:39:52.0614 3968 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe 10:39:52.0614 3968 Netlogon - ok 10:39:52.0629 3968 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 10:39:52.0629 3968 Netman - ok 10:39:52.0660 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:39:52.0692 3968 NetMsmqActivator - ok 10:39:52.0692 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:39:52.0692 3968 NetPipeActivator - ok 10:39:52.0707 3968 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 10:39:52.0707 3968 netprofm - ok 10:39:52.0707 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:39:52.0707 3968 NetTcpActivator - ok 10:39:52.0723 3968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:39:52.0723 3968 NetTcpPortSharing - ok 10:39:52.0738 3968 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 10:39:52.0738 3968 nfrd960 - ok 10:39:52.0754 3968 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 10:39:52.0754 3968 NlaSvc - ok 10:39:52.0770 3968 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys 10:39:52.0770 3968 Npfs - ok 10:39:52.0785 3968 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 10:39:52.0785 3968 nsi - ok 10:39:52.0801 3968 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 10:39:52.0801 3968 nsiproxy - ok 10:39:52.0832 3968 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 10:39:52.0863 3968 Ntfs - ok 10:39:52.0879 3968 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 10:39:52.0879 3968 ntrigdigi - ok 10:39:52.0894 3968 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 10:39:52.0894 3968 Null - ok 10:39:52.0926 3968 [ CA566883BD16A1B3A86F49B8F8F57D8C ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys 10:39:52.0926 3968 NVNET - ok 10:39:52.0941 3968 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 10:39:52.0941 3968 nvraid - ok 10:39:52.0972 3968 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys 10:39:52.0972 3968 nvsmu - ok 10:39:52.0988 3968 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 10:39:52.0988 3968 nvstor - ok 10:39:53.0004 3968 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 10:39:53.0004 3968 nv_agp - ok 10:39:53.0004 3968 NwlnkFlt - ok 10:39:53.0019 3968 NwlnkFwd - ok 10:39:53.0035 3968 O2MDRDR - ok 10:39:53.0050 3968 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 10:39:53.0050 3968 ohci1394 - ok 10:39:53.0097 3968 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll 10:39:53.0160 3968 p2pimsvc - ok 10:39:53.0160 3968 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll 10:39:53.0175 3968 p2psvc - ok 10:39:53.0191 3968 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 10:39:53.0191 3968 Parport - ok 10:39:53.0206 3968 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys 10:39:53.0206 3968 partmgr - ok 10:39:53.0222 3968 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 10:39:53.0222 3968 Parvdm - ok 10:39:53.0253 3968 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 10:39:53.0253 3968 PcaSvc - ok 10:39:53.0253 3968 [ ECA39351296D905BAA4FA3244C152B00 ] pci C:\Windows\system32\drivers\pci.sys 10:39:53.0253 3968 pci - ok 10:39:53.0253 3968 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 10:39:53.0253 3968 pciide - ok 10:39:53.0284 3968 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 10:39:53.0284 3968 pcmcia - ok 10:39:53.0316 3968 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 10:39:53.0362 3968 PEAUTH - ok 10:39:53.0425 3968 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 10:39:53.0472 3968 pla - ok 10:39:53.0503 3968 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll 10:39:53.0503 3968 PlugPlay - ok 10:39:53.0534 3968 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 10:39:53.0534 3968 PNRPAutoReg - ok 10:39:53.0550 3968 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll 10:39:53.0565 3968 PNRPsvc - ok 10:39:53.0596 3968 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 10:39:53.0628 3968 PolicyAgent - ok 10:39:53.0659 3968 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 10:39:53.0659 3968 PptpMiniport - ok 10:39:53.0674 3968 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys 10:39:53.0674 3968 Processor - ok 10:39:53.0690 3968 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll 10:39:53.0706 3968 ProfSvc - ok 10:39:53.0706 3968 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe 10:39:53.0721 3968 ProtectedStorage - ok 10:39:53.0737 3968 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys 10:39:53.0737 3968 PSched - ok 10:39:53.0768 3968 [ 674EBA70A52C02696E503B0A57AE6372 ] QIOMem C:\Windows\system32\DRIVERS\QIOMem.sys 10:39:53.0768 3968 QIOMem - ok 10:39:53.0815 3968 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 10:39:53.0846 3968 ql2300 - ok 10:39:53.0862 3968 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 10:39:53.0862 3968 ql40xx - ok 10:39:53.0893 3968 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 10:39:53.0893 3968 QWAVE - ok 10:39:53.0908 3968 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 10:39:53.0908 3968 QWAVEdrv - ok 10:39:53.0924 3968 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 10:39:53.0924 3968 RasAcd - ok 10:39:53.0940 3968 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 10:39:53.0940 3968 RasAuto - ok 10:39:53.0955 3968 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 10:39:53.0955 3968 Rasl2tp - ok 10:39:53.0971 3968 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll 10:39:53.0971 3968 RasMan - ok 10:39:53.0986 3968 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 10:39:53.0986 3968 RasPppoe - ok 10:39:54.0002 3968 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 10:39:54.0002 3968 RasSstp - ok 10:39:54.0018 3968 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 10:39:54.0018 3968 rdbss - ok 10:39:54.0033 3968 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 10:39:54.0033 3968 RDPCDD - ok 10:39:54.0049 3968 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 10:39:54.0049 3968 rdpdr - ok 10:39:54.0049 3968 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 10:39:54.0049 3968 RDPENCDD - ok 10:39:54.0064 3968 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 10:39:54.0080 3968 RDPWD - ok 10:39:54.0096 3968 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 10:39:54.0096 3968 RemoteAccess - ok 10:39:54.0127 3968 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll 10:39:54.0158 3968 RemoteRegistry - ok 10:39:54.0189 3968 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 10:39:54.0189 3968 RpcLocator - ok 10:39:54.0220 3968 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll 10:39:54.0236 3968 RpcSs - ok 10:39:54.0252 3968 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 10:39:54.0252 3968 rspndr - ok 10:39:54.0283 3968 [ 8CCA591019216E9523E3CB385CE643E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 10:39:54.0283 3968 RTL8169 - ok 10:39:54.0283 3968 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe 10:39:54.0283 3968 SamSs - ok 10:39:54.0298 3968 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 10:39:54.0298 3968 sbp2port - ok 10:39:54.0330 3968 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll 10:39:54.0330 3968 SCardSvr - ok 10:39:54.0376 3968 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll 10:39:54.0376 3968 Schedule - ok 10:39:54.0408 3968 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll 10:39:54.0408 3968 SCPolicySvc - ok 10:39:54.0439 3968 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 10:39:54.0439 3968 sdbus - ok 10:39:54.0454 3968 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 10:39:54.0454 3968 SDRSVC - ok 10:39:54.0470 3968 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 10:39:54.0470 3968 secdrv - ok 10:39:54.0470 3968 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 10:39:54.0470 3968 seclogon - ok 10:39:54.0486 3968 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 10:39:54.0486 3968 SENS - ok 10:39:54.0501 3968 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 10:39:54.0501 3968 Serenum - ok 10:39:54.0532 3968 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys 10:39:54.0532 3968 Serial - ok 10:39:54.0548 3968 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 10:39:54.0548 3968 sermouse - ok 10:39:54.0579 3968 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 10:39:54.0595 3968 SessionEnv - ok 10:39:54.0595 3968 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 10:39:54.0595 3968 sffdisk - ok 10:39:54.0610 3968 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 10:39:54.0610 3968 sffp_mmc - ok 10:39:54.0626 3968 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 10:39:54.0626 3968 sffp_sd - ok 10:39:54.0642 3968 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 10:39:54.0642 3968 sfloppy - ok 10:39:54.0673 3968 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 10:39:54.0673 3968 ShellHWDetection - ok 10:39:54.0688 3968 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 10:39:54.0688 3968 sisagp - ok 10:39:54.0704 3968 [ 025250FF00CF701AE0E60532B2211899 ] SISNIC C:\Windows\system32\DRIVERS\sisnic.sys 10:39:54.0704 3968 SISNIC - ok 10:39:54.0720 3968 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 10:39:54.0720 3968 SiSRaid2 - ok 10:39:54.0735 3968 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 10:39:54.0735 3968 SiSRaid4 - ok 10:39:54.0829 3968 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe 10:39:54.0891 3968 slsvc - ok 10:39:54.0954 3968 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll 10:39:54.0954 3968 SLUINotify - ok 10:39:54.0954 3968 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys 10:39:54.0954 3968 Smb - ok 10:39:54.0969 3968 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 10:39:54.0985 3968 SNMPTRAP - ok 10:39:55.0000 3968 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 10:39:55.0000 3968 spldr - ok 10:39:55.0032 3968 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe 10:39:55.0032 3968 Spooler - ok 10:39:55.0078 3968 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 10:39:55.0078 3968 SQLBrowser - ok 10:39:55.0125 3968 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 10:39:55.0125 3968 SQLWriter - ok 10:39:55.0156 3968 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys 10:39:55.0156 3968 srv - ok 10:39:55.0188 3968 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 10:39:55.0188 3968 srv2 - ok 10:39:55.0219 3968 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 10:39:55.0219 3968 srvnet - ok 10:39:55.0234 3968 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 10:39:55.0250 3968 SSDPSRV - ok 10:39:55.0266 3968 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 10:39:55.0266 3968 ssmdrv - ok 10:39:55.0297 3968 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 10:39:55.0297 3968 SstpSvc - ok 10:39:55.0344 3968 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll 10:39:55.0344 3968 stisvc - ok 10:39:55.0375 3968 [ 97E089971A6ABA49AD5592BD6298E416 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 10:39:55.0375 3968 swenum - ok 10:39:55.0390 3968 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll 10:39:55.0406 3968 swprv - ok 10:39:55.0406 3968 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 10:39:55.0406 3968 Symc8xx - ok 10:39:55.0437 3968 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 10:39:55.0437 3968 Sym_hi - ok 10:39:55.0453 3968 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 10:39:55.0453 3968 Sym_u3 - ok 10:39:55.0484 3968 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll 10:39:55.0484 3968 SysMain - ok 10:39:55.0484 3968 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 10:39:55.0500 3968 TabletInputService - ok 10:39:55.0500 3968 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll 10:39:55.0500 3968 TapiSrv - ok 10:39:55.0515 3968 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 10:39:55.0515 3968 TBS - ok 10:39:55.0562 3968 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 10:39:55.0578 3968 Tcpip - ok 10:39:55.0609 3968 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 10:39:55.0609 3968 Tcpip6 - ok 10:39:55.0640 3968 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 10:39:55.0640 3968 tcpipreg - ok 10:39:55.0656 3968 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 10:39:55.0656 3968 tdcmdpst - ok 10:39:55.0671 3968 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 10:39:55.0687 3968 TDPIPE - ok 10:39:55.0687 3968 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 10:39:55.0687 3968 TDTCP - ok 10:39:55.0702 3968 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 10:39:55.0702 3968 tdx - ok 10:39:55.0718 3968 [ 718B2F4355CD8EB2844741ADDAC0E622 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 10:39:55.0718 3968 TermDD - ok 10:39:55.0749 3968 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll 10:39:55.0765 3968 TermService - ok 10:39:55.0780 3968 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll 10:39:55.0780 3968 Themes - ok 10:39:55.0796 3968 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 10:39:55.0796 3968 THREADORDER - ok 10:39:55.0812 3968 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe 10:39:55.0812 3968 TODDSrv - ok 10:39:55.0843 3968 TOSHIBA Bluetooth Service - ok 10:39:55.0874 3968 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe 10:39:55.0874 3968 TOSHIBA SMART Log Service - ok 10:39:55.0890 3968 Tosrfcom - ok 10:39:55.0905 3968 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 10:39:55.0905 3968 TrkWks - ok 10:39:55.0983 3968 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 10:39:55.0983 3968 TrustedInstaller - ok 10:39:55.0999 3968 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 10:39:55.0999 3968 tssecsrv - ok 10:39:56.0014 3968 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 10:39:56.0014 3968 tunmp - ok 10:39:56.0046 3968 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 10:39:56.0046 3968 tunnel - ok 10:39:56.0061 3968 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 10:39:56.0061 3968 uagp35 - ok 10:39:56.0077 3968 [ C985B36E127EA9B8A92396120BFF52D8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 10:39:56.0077 3968 udfs - ok 10:39:56.0092 3968 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 10:39:56.0124 3968 UI0Detect - ok 10:39:56.0170 3968 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 10:39:56.0170 3968 UleadBurningHelper - ok 10:39:56.0217 3968 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 10:39:56.0217 3968 uliagpkx - ok 10:39:56.0233 3968 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 10:39:56.0233 3968 uliahci - ok 10:39:56.0248 3968 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 10:39:56.0248 3968 UlSata - ok 10:39:56.0264 3968 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 10:39:56.0264 3968 ulsata2 - ok 10:39:56.0280 3968 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 10:39:56.0280 3968 umbus - ok 10:39:56.0295 3968 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 10:39:56.0311 3968 upnphost - ok 10:39:56.0311 3968 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 10:39:56.0311 3968 usbccgp - ok 10:39:56.0326 3968 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 10:39:56.0326 3968 usbcir - ok 10:39:56.0358 3968 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 10:39:56.0358 3968 usbehci - ok 10:39:56.0358 3968 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 10:39:56.0358 3968 usbhub - ok 10:39:56.0373 3968 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 10:39:56.0373 3968 usbohci - ok 10:39:56.0389 3968 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 10:39:56.0389 3968 usbprint - ok 10:39:56.0404 3968 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:39:56.0404 3968 USBSTOR - ok 10:39:56.0404 3968 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 10:39:56.0404 3968 usbuhci - ok 10:39:56.0436 3968 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 10:39:56.0436 3968 usbvideo - ok 10:39:56.0467 3968 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll 10:39:56.0467 3968 UxSms - ok 10:39:56.0514 3968 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe 10:39:56.0514 3968 vds - ok 10:39:56.0529 3968 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 10:39:56.0545 3968 vga - ok 10:39:56.0545 3968 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 10:39:56.0545 3968 VgaSave - ok 10:39:56.0576 3968 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 10:39:56.0576 3968 viaagp - ok 10:39:56.0592 3968 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 10:39:56.0592 3968 ViaC7 - ok 10:39:56.0607 3968 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 10:39:56.0607 3968 viaide - ok 10:39:56.0623 3968 [ BDD98BBE7323FC0975A26373D8050471 ] volmgr C:\Windows\system32\drivers\volmgr.sys 10:39:56.0623 3968 volmgr - ok 10:39:56.0638 3968 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 10:39:56.0638 3968 volmgrx - ok 10:39:56.0654 3968 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys 10:39:56.0654 3968 volsnap - ok 10:39:56.0685 3968 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 10:39:56.0685 3968 vsmraid - ok 10:39:56.0732 3968 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe 10:39:56.0748 3968 VSS - ok 10:39:56.0763 3968 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll 10:39:56.0763 3968 W32Time - ok 10:39:56.0779 3968 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 10:39:56.0779 3968 WacomPen - ok 10:39:56.0779 3968 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 10:39:56.0779 3968 Wanarp - ok 10:39:56.0779 3968 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 10:39:56.0779 3968 Wanarpv6 - ok 10:39:56.0810 3968 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll 10:39:56.0826 3968 wcncsvc - ok 10:39:56.0826 3968 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 10:39:56.0826 3968 WcsPlugInService - ok 10:39:56.0841 3968 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 10:39:56.0841 3968 Wd - ok 10:39:56.0872 3968 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 10:39:56.0888 3968 Wdf01000 - ok 10:39:56.0904 3968 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 10:39:56.0904 3968 WdiServiceHost - ok 10:39:56.0919 3968 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 10:39:56.0919 3968 WdiSystemHost - ok 10:39:56.0935 3968 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll 10:39:56.0935 3968 WebClient - ok 10:39:56.0966 3968 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 10:39:56.0966 3968 Wecsvc - ok 10:39:56.0982 3968 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 10:39:56.0982 3968 wercplsupport - ok 10:39:56.0997 3968 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll 10:39:56.0997 3968 WerSvc - ok 10:39:57.0013 3968 WinHttpAutoProxySvc - ok 10:39:57.0060 3968 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 10:39:57.0060 3968 Winmgmt - ok 10:39:57.0122 3968 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 10:39:57.0122 3968 WinRM - ok 10:39:57.0169 3968 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll 10:39:57.0184 3968 Wlansvc - ok 10:39:57.0216 3968 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 10:39:57.0216 3968 WmiAcpi - ok 10:39:57.0247 3968 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 10:39:57.0262 3968 wmiApSrv - ok 10:39:57.0309 3968 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 10:39:57.0372 3968 WMPNetworkSvc - ok 10:39:57.0403 3968 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 10:39:57.0403 3968 WPCSvc - ok 10:39:57.0418 3968 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 10:39:57.0418 3968 WPDBusEnum - ok 10:39:57.0481 3968 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 10:39:57.0543 3968 WPFFontCache_v0400 - ok 10:39:57.0559 3968 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 10:39:57.0559 3968 ws2ifsl - ok 10:39:57.0574 3968 WSearch - ok 10:39:57.0637 3968 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll 10:39:57.0652 3968 wuauserv - ok 10:39:57.0684 3968 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 10:39:57.0684 3968 WUDFRd - ok 10:39:57.0699 3968 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 10:39:57.0699 3968 wudfsvc - ok 10:39:57.0715 3968 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 10:39:57.0715 3968 XAudio - ok 10:39:57.0746 3968 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 10:39:57.0746 3968 XAudioService - ok 10:39:57.0777 3968 [ 7D4CCA3659FA0780603206E3D12A993F ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 10:39:57.0777 3968 yukonwlh - ok 10:39:57.0793 3968 ================ Scan global =============================== 10:39:57.0824 3968 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 10:39:57.0855 3968 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 10:39:57.0871 3968 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 10:39:57.0902 3968 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe 10:39:57.0902 3968 [Global] - ok 10:39:57.0902 3968 ================ Scan MBR ================================== 10:39:57.0918 3968 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1 10:39:58.0417 3968 \Device\Harddisk1\DR1 - ok 10:39:58.0417 3968 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 10:39:58.0448 3968 \Device\Harddisk0\DR0 - ok 10:39:58.0448 3968 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2 10:40:00.0258 3968 \Device\Harddisk2\DR2 - ok 10:40:00.0258 3968 ================ Scan VBR ================================== 10:40:00.0289 3968 [ 701C47B0619D92249F53DF2A0C4E9A61 ] \Device\Harddisk1\DR1\Partition1 10:40:00.0289 3968 \Device\Harddisk1\DR1\Partition1 - ok 10:40:00.0304 3968 [ CFCABF0DE5AA490EAF22D0078660F4BA ] \Device\Harddisk1\DR1\Partition2 10:40:00.0304 3968 \Device\Harddisk1\DR1\Partition2 - ok 10:40:00.0304 3968 [ D48C9C32331C719341D620316A486C74 ] \Device\Harddisk0\DR0\Partition1 10:40:00.0320 3968 \Device\Harddisk0\DR0\Partition1 - ok 10:40:00.0336 3968 [ 1E462845041183355B13F0ACCEC2BB2E ] \Device\Harddisk0\DR0\Partition2 10:40:00.0336 3968 \Device\Harddisk0\DR0\Partition2 - ok 10:40:00.0336 3968 [ AC2E8999F55239E6F422B384D177C373 ] \Device\Harddisk2\DR2\Partition1 10:40:00.0336 3968 \Device\Harddisk2\DR2\Partition1 - ok 10:40:00.0351 3968 ============================================================ 10:40:00.0351 3968 Scan finished 10:40:00.0351 3968 ============================================================ 10:40:00.0351 2560 Detected object count: 0 10:40:00.0351 2560 Actual detected object count: 0 Schritt 3: dds DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639
Run by stefan at 10:41:38 on 2012-12-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1333 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://endurocup.de/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
StartupFolder: c:\users\stefan\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{7E75E5AB-4318-4CB0-A1C4-F0F28E1C2774} : DHCPNameServer = 192.168.178.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2012-12-8 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2012-12-8 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-12-8 66616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-9 676936]
R2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-9 22856]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-7-18 1527900]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-09 08:51:20 231936 ----a-w- c:\windows\system32\msshsq.dll
2012-12-09 08:30:52 17920 ----a-w- c:\windows\system32\netevent.dll
2012-12-09 08:30:52 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-12-09 08:30:35 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-12-09 08:25:02 -------- d-----w- c:\users\stefan\appdata\local\WindowsUpdate
2012-12-09 07:43:03 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-12-09 07:43:02 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-12-09 07:43:02 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-12-09 07:43:01 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-12-09 07:43:01 11264 ----a-w- c:\windows\system32\icardres.dll
2012-12-09 07:42:59 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-12-09 07:42:33 -------- d-----w- c:\users\stefan\appdata\roaming\Malwarebytes
2012-12-09 07:42:20 -------- d-----w- c:\programdata\Malwarebytes
2012-12-09 07:42:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 07:42:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 07:37:46 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-12-09 07:37:40 83968 ----a-w- c:\windows\system32\mscories.dll
2012-12-09 07:36:00 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-12-09 03:23:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-12-09 03:23:01 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2012-12-09 03:22:52 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2012-12-09 02:14:42 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-12-09 02:14:42 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-12-09 02:14:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-09 02:14:39 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-09 02:10:02 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-12-09 02:09:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-09 02:05:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-12-09 02:05:31 411136 ----a-w- c:\windows\system32\drivers\http.sys
2012-12-09 02:05:31 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-12-08 23:02:21 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-12-08 22:55:38 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-12-08 22:55:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-12-08 22:54:15 501760 ----a-w- c:\windows\system32\usp10.dll
2012-12-08 22:54:10 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2012-12-08 22:54:10 515584 ----a-w- c:\program files\windows mail\wab.exe
2012-12-08 22:54:10 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2012-12-08 22:51:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-12-08 22:51:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-08 22:51:53 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-12-08 22:51:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-12-08 22:51:46 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-12-08 22:41:58 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-08 22:41:56 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-12-08 22:41:56 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-12-08 22:41:56 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-12-08 22:41:55 513024 ----a-w- c:\windows\system32\wlansvc.dll
2012-12-08 22:41:50 1399296 ----a-w- c:\windows\system32\msxml6.dll
2012-12-08 22:41:39 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-12-08 22:38:40 213504 ----a-w- c:\windows\system32\msv1_0.dll
2012-12-08 22:38:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-12-08 22:38:27 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2012-12-08 22:38:21 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2012-12-08 22:38:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-12-08 22:38:12 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2012-12-08 22:38:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2012-12-08 22:38:03 2868224 ----a-w- c:\windows\system32\mf.dll
2012-12-08 22:36:32 269312 ----a-w- c:\windows\system32\es.dll
2012-12-08 22:36:26 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-12-08 22:33:43 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-12-08 22:33:42 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-12-08 22:33:41 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2012-12-08 22:33:37 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-12-08 22:33:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-12-08 22:26:39 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-12-08 22:26:36 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-12-08 22:26:34 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-12-08 22:26:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2012-12-08 22:19:56 636928 ----a-w- c:\windows\system32\localspl.dll
2012-12-08 22:19:41 563200 ----a-w- c:\windows\system32\oleaut32.dll
2012-12-08 22:19:31 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-12-08 22:19:31 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-12-08 22:18:35 36352 ----a-w- c:\windows\system32\rtutils.dll
2012-12-08 22:13:34 2927104 ----a-w- c:\windows\explorer.exe
2012-12-08 22:13:27 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-12-08 22:13:27 1695744 ----a-w- c:\windows\system32\gameux.dll
2012-12-08 22:13:26 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-12-08 22:10:39 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-12-08 22:10:39 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-12-08 22:10:38 9728 ----a-w- c:\windows\system32\lsass.exe
2012-12-08 22:10:38 72704 ----a-w- c:\windows\system32\secur32.dll
2012-12-08 22:10:38 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-12-08 22:10:38 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-08 22:03:27 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-12-08 22:03:26 323072 ----a-w- c:\windows\system32\sbe.dll
2012-12-08 22:03:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-08 22:03:26 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-12-08 22:03:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-12-08 22:03:22 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-12-08 22:03:22 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-12-08 22:02:28 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-12-08 22:02:16 603648 ----a-w- c:\windows\system32\schedsvc.dll
2012-12-08 22:02:16 357376 ----a-w- c:\windows\system32\taskschd.dll
2012-12-08 22:02:16 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-12-08 22:02:16 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-12-08 22:02:16 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-12-08 22:02:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2012-12-08 22:02:05 24064 ----a-w- c:\windows\system32\amxread.dll
2012-12-08 22:02:05 13824 ----a-w- c:\windows\system32\apilogen.dll
2012-12-08 22:00:37 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-12-08 22:00:37 511488 ----a-w- c:\windows\system32\RMActivate.exe
2012-12-08 22:00:37 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2012-12-08 22:00:37 472064 ----a-w- c:\windows\system32\secproc.dll
2012-12-08 22:00:37 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-12-08 22:00:37 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-12-08 22:00:36 329216 ----a-w- c:\windows\system32\msdrm.dll
2012-12-08 22:00:36 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-12-08 22:00:36 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-12-08 21:56:07 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-12-08 21:56:07 94720 ----a-w- c:\windows\system32\logagent.exe
2012-12-08 21:55:45 90112 ----a-w- c:\windows\system32\wshext.dll
2012-12-08 21:55:45 180224 ----a-w- c:\windows\system32\scrobj.dll
2012-12-08 21:55:45 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-12-08 21:55:45 155648 ----a-w- c:\windows\system32\wscript.exe
2012-12-08 21:55:45 135168 ----a-w- c:\windows\system32\wshom.ocx
2012-12-08 21:55:45 135168 ----a-w- c:\windows\system32\cscript.exe
2012-12-08 21:55:17 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-12-08 21:55:17 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-12-08 21:55:15 61440 ----a-w- c:\windows\system32\msasn1.dll
2012-12-08 21:55:13 1645568 ----a-w- c:\windows\system32\connect.dll
2012-12-08 21:55:09 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-12-08 21:54:38 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-12-08 21:54:38 2067456 ----a-w- c:\windows\system32\mstscax.dll
2012-12-08 21:52:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-08 21:42:41 281600 ----a-w- c:\windows\system32\raschap.dll
2012-12-08 21:42:41 244224 ----a-w- c:\windows\system32\rastls.dll
2012-12-08 21:42:35 351232 ----a-w- c:\windows\system32\WSDApi.dll
2012-12-08 21:32:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-12-08 21:32:21 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-12-08 21:32:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-12-08 21:32:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-12-08 21:32:20 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-12-08 21:32:20 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-12-08 21:32:20 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-12-08 21:17:49 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-12-08 21:17:49 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-12-08 21:17:49 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-12-08 21:17:49 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-12-08 21:17:49 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-12-08 21:17:49 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-12-08 21:17:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-12-08 21:17:49 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-12-08 21:17:49 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2012-12-08 21:17:45 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-12-08 21:17:42 276992 ----a-w- c:\windows\system32\schannel.dll
2012-12-08 19:52:56 -------- d-----w- c:\users\stefan\appdata\local\Adobe
2012-12-08 19:46:31 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-12-08 18:55:30 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-12-08 18:55:14 98304 ----a-w- c:\windows\system32\cabview.dll
2012-12-08 15:21:23 -------- d-----w- c:\users\stefan\appdata\local\JTL-Software-GmbH
2012-12-08 15:17:07 -------- d-----w- c:\program files\JTL-Software
2012-12-08 15:03:48 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-12-08 15:03:48 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-12-08 15:03:48 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-12-08 15:03:48 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-12-08 15:03:48 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-12-08 14:47:43 -------- d-----w- c:\users\stefan\appdata\roaming\jtl-software
2012-12-08 14:47:01 -------- d-----w- c:\program files\ATI
2012-12-08 14:46:46 -------- d-----w- c:\program files\ATI Technologies
2012-12-08 14:45:41 -------- d-----w- C:\ATI
2012-12-08 14:09:17 -------- d-----w- c:\windows\PCHEALTH
2012-12-08 14:09:08 -------- d-----w- c:\program files\Microsoft SQL Server
2012-12-08 14:04:05 -------- d-----w- c:\program files\WS_FTP
2012-12-08 14:00:42 -------- d-----w- c:\users\stefan\appdata\roaming\Avira
2012-12-08 13:49:21 705536 ----a-w- c:\windows\system32\cohelper.dll
2012-12-08 13:49:21 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-12-08 13:37:22 485920 ----a-w- c:\windows\system32\nvuninst.exe
2012-12-08 13:31:31 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-08 13:31:30 -------- d-----w- c:\programdata\Avira
2012-12-08 13:31:30 -------- d-----w- c:\program files\Avira
2012-12-07 22:52:21 -------- d-----w- c:\users\stefan\appdata\local\Seven Zip
2012-12-07 22:42:52 -------- d-----w- c:\users\stefan\appdata\local\Google
2012-12-07 22:42:49 -------- d-----w- c:\users\stefan\appdata\local\Toshiba
2012-12-07 22:42:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-07 22:42:10 -------- d-----w- c:\users\stefan\appdata\local\VirtualStore
2012-12-07 22:37:48 -------- d-sh--we C:\Programme
2012-12-07 22:37:48 -------- d-sh--we c:\programdata\Vorlagen
2012-12-07 22:37:48 -------- d-sh--we c:\programdata\Startmenü
2012-12-07 22:37:48 -------- d-sh--we c:\programdata\Favoriten
2012-12-07 22:37:48 -------- d-sh--we c:\programdata\Dokumente
2012-12-07 22:37:48 -------- d-sh--we c:\programdata\Anwendungsdaten
2012-12-07 22:37:48 -------- d-sh--we c:\program files\Gemeinsame Dateien
2012-12-07 22:37:48 -------- d-sh--we C:\Dokumente und Einstellungen
.
==================== Find3M ====================
.
.
============= FINISH: 10:42:03,71 ===============
attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07.12.2012 22:22:26
System Uptime: 09.12.2012 10:16:03 (0 hours ago)
.
Motherboard: ECS | | GF8100VM-M5
Processor: AMD Phenom(tm) II X4 955 Processor | CPU 1 | 2100/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 49,092 GiB free.
D: is Removable
E: is FIXED (NTFS) - 73 GiB total, 68,231 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 488 GiB total, 481,83 GiB free.
H: is FIXED (NTFS) - 443 GiB total, 323,189 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Standard-VGA-Grafikkarte
Device ID: PCI\VEN_1002&DEV_68BE&SUBSYS_E138174B&REV_00\4&182F0470&0&0080
Manufacturer: (Standardgrafikkartentypen)
Name: Standard-VGA-Grafikkarte
PNP Device ID: PCI\VEN_1002&DEV_68BE&SUBSYS_E138174B&REV_00\4&182F0470&0&0080
Service: vga
.
==== System Restore Points ===================
.
RP72: 08.12.2012 22:12:36 - Removed Java(TM) 6 Update 6
RP73: 09.12.2012 03:00:18 - Windows Update
RP74: 09.12.2012 08:35:25 - Windows Update
RP75: 09.12.2012 08:59:02 - Windows Update
RP76: 09.12.2012 09:17:20 - Windows Update
RP77: 09.12.2012 09:50:40 - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2 - Deutsch
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 7
JTL-Wawi
Malwarebytes Anti-Malware Version 1.65.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (JTLWAWI)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Media Encoder (KB2447961)
Tools für Microsoft SQL Server 2005 Express Edition
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Windows Media Encoder 9-Reihe
WinRAR 4.20 (32-Bit)
.
==== End Of File ===========================
|
|
09.12.2012, 11:27
| #4 | ||
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Ja gut soweit. Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.12.2012, 14:10
| #5 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefundenCode:
ATTFilter ComboFix 12-12-07.01 - stefan 09.12.2012 13:50:51.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1419 [GMT 1:00]
ausgeführt von:: c:\users\stefan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\@
c:\$recycle.bin\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\n
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
G:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-09 bis 2012-12-09 ))))))))))))))))))))))))))))))
.
.
2012-12-09 12:39 . 2012-12-09 12:39 -------- d-----w- c:\program files\Microsoft Silverlight
2012-12-09 12:22 . 2012-12-09 12:22 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-12-09 12:19 . 2012-12-09 12:19 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-12-09 12:19 . 2012-12-09 12:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-12-09 12:19 . 2012-12-09 12:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-12-09 12:19 . 2012-12-09 12:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-12-09 12:19 . 2012-12-09 12:19 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-12-09 12:19 . 2012-12-09 12:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-12-09 12:19 . 2012-12-09 12:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-12-09 12:04 . 2012-12-09 12:05 -------- d-----w- c:\windows\system32\ca-ES
2012-12-09 12:04 . 2012-12-09 12:05 -------- d-----w- c:\windows\system32\eu-ES
2012-12-09 12:04 . 2012-12-09 12:05 -------- d-----w- c:\windows\system32\vi-VN
2012-12-09 10:44 . 2012-12-09 10:44 -------- d-----w- c:\windows\system32\EventProviders
2012-12-09 10:42 . 2009-04-11 06:33 926184 ----a-w- c:\windows\system32\winresume.exe
2012-12-09 10:41 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-12-09 10:41 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-12-09 10:41 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-12-09 08:30 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-12-09 08:30 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-12-09 08:30 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-12-09 07:42 . 2012-12-09 07:42 -------- d-----w- c:\programdata\Malwarebytes
2012-12-09 07:42 . 2012-12-09 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 07:42 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 07:36 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-12-09 02:16 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-12-09 02:09 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-09 02:05 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-12-09 02:05 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-12-09 02:05 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-12-08 23:37 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-12-08 23:37 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-12-08 23:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2012-12-08 23:02 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-12-08 22:55 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-12-08 22:55 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-12-08 22:55 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2012-12-08 22:55 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-12-08 22:55 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-12-08 22:55 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-12-08 22:55 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2012-12-08 22:54 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-12-08 22:54 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-12-08 22:54 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2012-12-08 22:54 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2012-12-08 22:51 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-08 22:51 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-12-08 22:51 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-12-08 22:51 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2012-12-08 22:51 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-12-08 22:41 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-08 22:41 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-12-08 22:41 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-12-08 22:41 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-12-08 22:41 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-12-08 22:41 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-12-08 22:41 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-12-08 22:41 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-12-08 22:41 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-12-08 22:38 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-12-08 22:38 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2012-12-08 22:38 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-12-08 22:38 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-12-08 22:38 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-12-08 22:38 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-12-08 22:38 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-12-08 22:38 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2012-12-08 22:36 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-12-08 22:33 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-12-08 22:33 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-12-08 22:33 . 2009-04-11 06:28 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2012-12-08 22:33 . 2009-04-11 06:28 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2012-12-08 22:33 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-12-08 22:33 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-12-08 22:26 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-12-08 22:26 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-12-08 22:19 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2012-12-08 22:19 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-12-08 22:19 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-12-08 22:19 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-12-08 22:18 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-12-08 22:13 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-12-08 22:13 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-12-08 22:13 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-12-08 22:10 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-08 22:10 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-12-08 22:10 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-12-08 22:10 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-12-08 22:10 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2012-12-08 22:10 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2012-12-08 22:04 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-12-08 22:03 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-12-08 22:03 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2012-12-08 22:03 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-12-08 22:03 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-08 22:03 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-12-08 22:03 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-12-08 22:03 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-12-08 22:03 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-12-08 22:02 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-12-08 22:02 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-12-08 22:02 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-12-08 22:02 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-12-08 22:02 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-12-08 22:02 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-12-08 22:01 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2012-12-08 22:01 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-12-08 22:01 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-08 22:01 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-12-08 22:01 . 2009-07-15 10:21 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-12-08 22:01 . 2009-07-15 10:21 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-12-08 22:00 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-12-08 22:00 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-12-08 22:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-12-08 22:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-12-08 22:00 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-12-08 22:00 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-12-08 22:00 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-12-08 22:00 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-12-08 22:00 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-12-08 21:55 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-12-08 21:55 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-12-08 21:55 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-12-08 21:55 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-12-08 21:54 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-12-08 21:54 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-09 12:19 . 2012-12-09 12:19 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
.
c:\users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://endurocup.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????}l????X?b???b???b???b?
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-09 14:00:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-09 12:59
.
Vor Suchlauf: 7 Verzeichnis(se), 48.365.006.848 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 48.351.186.944 Bytes frei
.
- - End Of File - - F5DE99DE7B168D1BF78983C6E30DE01A
|
|
09.12.2012, 14:13
| #6 |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Dann zur Kontrolle: Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden |
|
09.12.2012, 15:01
| #7 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefundenCode:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.09.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
stefan :: HOME [administrator]
09.12.2012 14:54:25
mbar-log-2012-12-09 (14-54-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27013
Time elapsed: 7 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Welche Programme sind für die Zukunft empfehlenswert? |
|
09.12.2012, 15:07
| #8 | |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Vermutlich hast du das System nicht richtig "Neu" gemacht  Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.12.2012, 14:19
| #9 |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.12.2012, 21:32
| #10 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Hallo erstmal sorry war jetzt 2 tage im arbeitsstress und bin nicht an mein PC gekommen. Also folgendes. Schritt 1 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.11.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 stefan :: HOME [Administrator] Schutz: Aktiviert 11.12.2012 16:21:43 mbam-log-2012-12-11 (16-21-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198335 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) nach langen versuchen hat sich ein angebliches Virenprogramm installiert da hab ich gleich alles abgebrochen neustart und Schritt 1 nochmal gemacht da kam dann das bei raus. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.11.05 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 stefan :: HOME [Administrator] Schutz: Deaktiviert 11.12.2012 21:17:09 mbam-log-2012-12-11 (21-17-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198020 Laufzeit: 3 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|AE30E137F0531EE10000AE30330C2347 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\AE30E137F0531EE10000AE30330C2347\AE30E137F0531EE10000AE30330C2347.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\n (Trojan.0Access) -> Löschen bei Neustart. C:\$RECYCLE.BIN\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41\n (Trojan.0Access) -> Löschen bei Neustart. C:\Users\stefan\AppData\Local\temp\~!#CC75.tmp (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\stefan\AppData\Local\temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.12.2012, 21:37
| #11 |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Wo hast du dir denn das jetzt eingefangen? (Unser Downloadlink ist nämlich sauber ... ) Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.12.2012, 22:41
| #12 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden so hier der erste scan Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.11.11
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
stefan :: HOME [administrator]
11.12.2012 22:22:02
mbar-log-2012-12-11 (22-22-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27355
Time elapsed: 9 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 6
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\U (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41\U (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\L (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41\L (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41 (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41 (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 6
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\@ (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-2046774138-84151618-707571048-1000\$8cf857c71d418695f9964dcafa707a41\@ (Trojan.Siredef.C) -> Delete on reboot.
C:\Users\stefan\AppData\Local\Temporary Internet Files\Content.IE5\1YCUAXFC\setup[1].exe (Trojan.Ransom) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$8cf857c71d418695f9964dcafa707a41\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.11.11
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
stefan :: HOME [administrator]
11.12.2012 22:39:03
mbar-log-2012-12-11 (22-39-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27419
Time elapsed: 11 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
11.12.2012, 22:46
| #13 |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Gut, dann benutzen wir mal eine Alternative. Onlinescan mit Panda Cloud Cleaner
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.12.2012, 22:50
| #14 |
| | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden die downloadrate ist seit der ganzen sache fürn arsch da schlaf ich bei ein. so langsam kann das doch nicht normal sein. |
|
11.12.2012, 22:56
| #15 |
| /// TB-Ausbilder | Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden Eingangs habe ich erwähnt, dass man NIE alles erwischen kann. Wir schauen nach diesem Scan nach deiner Internetanbindung.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Alarmmeldung Avira 800000cb.@ TR/Atraps.gen gefunden |
| 800000cb.@, aufsetzen, avira, bedingt, brauche, gefunde, hoffe, meldung, neu, neu aufsetzen, system, system neu, system neu aufsetzen, tr/atraps.gen, unbedingt |
Button.
und dann 
Linear-Darstellung
