Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2011, 14:26   #1
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



Hallo!
Ich bin in Sachen PC- Nutzung recht fit, habe aber bisher noch nie einen Virus bzw. Trojaner entfernen müssen; kenne mich also nicht so gut aus.
Ich habe hier im Forum ein bisschen gestöbert aber keine Lösung gefunden.

Mein Problem: Ich habe einen Trojaner, der anscheinend von Malewarebytes und Antivir gefunden wird, aber nicht gelöscht werden kann.

In der Datei 'C:\Windows\System32\aptwwp82g.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich kann auch eine HiJack-Logfile hochladen falls das was nützt.

Danke, dass ihr euch mit meinem Problem beschäftigt!
LG- Feeluck

Alt 29.12.2011, 14:53   #2
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hi, poste mal alle Malwarebytes logs.
malwarebytes öffnen, logdateien anklicken, logs posten
__________________

__________________

Alt 29.12.2011, 15:46   #3
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hier der log:

2011/12/29 00:00:58 +0100 FELIXHESS-PC Felix MESSAGE Starting database refresh
2011/12/29 00:00:58 +0100 FELIXHESS-PC Felix MESSAGE Stopping IP protection
2011/12/29 00:00:59 +0100 FELIXHESS-PC Felix MESSAGE IP Protection stopped
2011/12/29 00:01:27 +0100 FELIXHESS-PC Felix MESSAGE Database refreshed successfully
2011/12/29 00:01:27 +0100 FELIXHESS-PC Felix MESSAGE Starting IP protection
2011/12/29 00:01:28 +0100 FELIXHESS-PC Felix MESSAGE IP Protection started successfully
2011/12/29 00:01:48 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:01:48 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:01:50 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:01:57 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:01:57 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:01:57 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:02:19 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:02:19 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:02:19 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:05:06 +0100 FELIXHESS-PC Felix IP-BLOCK 89.149.227.62 (Type: outgoing, Port: 49469, Process: firefox.exe)
2011/12/29 00:07:36 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:07:36 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 00:07:37 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 05:04:42 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 09:34:05 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 09:34:05 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 09:34:06 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
2011/12/29 14:21:18 +0100 FELIXHESS-PC Felix MESSAGE Starting protection
2011/12/29 14:21:20 +0100 FELIXHESS-PC Felix MESSAGE Executing scheduled update: Daily
2011/12/29 14:21:23 +0100 FELIXHESS-PC Felix MESSAGE Protection started successfully
2011/12/29 14:21:26 +0100 FELIXHESS-PC Felix MESSAGE Starting IP protection
2011/12/29 14:21:27 +0100 FELIXHESS-PC Felix MESSAGE Scheduled update executed successfully: database updated from version v2011.12.28.05 to version v2011.12.29.02
2011/12/29 14:21:27 +0100 FELIXHESS-PC Felix MESSAGE IP Protection started successfully
2011/12/29 14:21:27 +0100 FELIXHESS-PC Felix MESSAGE Starting database refresh
2011/12/29 14:21:27 +0100 FELIXHESS-PC Felix MESSAGE Stopping IP protection
2011/12/29 14:21:29 +0100 FELIXHESS-PC Felix MESSAGE IP Protection stopped
2011/12/29 14:21:31 +0100 FELIXHESS-PC Felix MESSAGE Database refreshed successfully
2011/12/29 14:21:31 +0100 FELIXHESS-PC Felix MESSAGE Starting IP protection
2011/12/29 14:21:32 +0100 FELIXHESS-PC Felix MESSAGE IP Protection started successfully
2011/12/29 14:21:45 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject QUARANTINE
2011/12/29 14:21:45 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject DENY
2011/12/29 14:31:51 +0100 FELIXHESS-PC Felix IP-BLOCK 62.45.32.103 (Type: outgoing, Port: 50043, Process: pmb.exe)
2011/12/29 14:36:16 +0100 FELIXHESS-PC Felix IP-BLOCK 62.45.32.103 (Type: outgoing, Port: 50590, Process: pmb.exe)
2011/12/29 14:43:29 +0100 FELIXHESS-PC Felix IP-BLOCK 93.114.40.157 (Type: outgoing, Port: 65345, Process: pmb.exe)
2011/12/29 15:09:05 +0100 FELIXHESS-PC Felix MESSAGE Starting protection
2011/12/29 15:09:07 +0100 FELIXHESS-PC Felix MESSAGE Protection started successfully
2011/12/29 15:09:10 +0100 FELIXHESS-PC Felix MESSAGE Starting IP protection
2011/12/29 15:09:11 +0100 FELIXHESS-PC Felix MESSAGE IP Protection started successfully
2011/12/29 15:23:30 +0100 FELIXHESS-PC Felix IP-BLOCK 62.45.32.103 (Type: outgoing, Port: 49983, Process: pmb.exe)
2011/12/29 16:43:25 +0100 FELIXHESS-PC Felix IP-BLOCK 62.45.32.103 (Type: outgoing, Port: 50820, Process: pmb.exe)


dieser hardbase-player ist n online radio stream. keine Ahnung was der daran hat. war bisher noch nie ein problem. erst seit gestern kommen da andauernd meldungen.
__________________

Alt 29.12.2011, 16:06   #4
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hi

waren das alle logs?
falls nein poste alle.
falls ja:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.12.2011, 16:19   #5
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



das war jetzt der aktuellste.
meine logs reichen zurück bis 2008, werde also nicht alle posten.
hier noch die letzten logs:

00:37:16 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
00:37:16 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
00:37:19 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
03:58:54 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
03:58:54 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
03:58:54 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
07:35:40 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
07:49:17 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
07:49:17 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
07:49:17 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
18:32:38 Felix MESSAGE Protection started successfully
18:32:42 Felix MESSAGE IP Protection started successfully
18:32:43 Felix MESSAGE IP Protection stopped
18:36:05 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
18:47:31 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
18:47:31 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
19:08:48 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
19:11:09 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
19:36:16 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
19:36:16 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
19:36:16 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
23:38:34 Felix MESSAGE Database updated successfully
2011/12/28 23:43:18 +0100 FELIXHESS-PC Felix MESSAGE Starting protection
2011/12/28 23:43:39 +0100 FELIXHESS-PC Felix MESSAGE Protection started successfully
2011/12/28 23:43:42 +0100 FELIXHESS-PC Felix MESSAGE Starting IP protection
2011/12/28 23:43:43 +0100 FELIXHESS-PC Felix MESSAGE IP Protection started successfully
2011/12/28 23:45:19 +0100 FELIXHESS-PC Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject QUARANTINE
2011/12/28 23:45:22 +0100 FELIXHESS-PC Felix DETECTION c:\program files\harderbase.fm\harderbase.fm player\harderbase-player.exe VirTool.DelfInject DENY
2011/12/28 23:49:49 +0100 FELIXHESS-PC Felix IP-BLOCK 89.149.227.62 (Type: outgoing, Port: 49243, Process: firefox.exe)
2011/12/28 23:49:49 +0100 FELIXHESS-PC Felix IP-BLOCK 89.149.227.62 (Type: outgoing, Port: 49244, Process: firefox.exe)




16:48:05 Felix MESSAGE Protection started successfully
16:48:10 Felix MESSAGE IP Protection started successfully
16:48:11 Felix MESSAGE IP Protection stopped
17:09:26 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-UPDATER_V2.EXE VirTool.DelfInject ALLOW
17:17:32 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
18:30:17 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
18:30:18 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
18:30:18 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
18:33:06 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
22:23:42 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW




15:11:54 Felix MESSAGE Protection started successfully
15:11:58 Felix MESSAGE IP Protection started successfully
15:12:00 Felix MESSAGE IP Protection stopped
15:14:20 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW




05:25:56 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-UPDATER_V2.EXE VirTool.DelfInject ALLOW
17:21:55 Felix MESSAGE Protection started successfully
17:21:59 Felix MESSAGE IP Protection started successfully
17:22:00 Felix MESSAGE IP Protection stopped
17:25:37 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
19:20:24 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
23:49:32 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
23:49:32 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
23:49:32 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW




00:26:42 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
00:26:45 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
14:26:00 Felix MESSAGE Protection started successfully
14:26:04 Felix MESSAGE IP Protection started successfully
14:26:05 Felix MESSAGE IP Protection stopped
14:28:02 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
14:50:40 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
14:50:40 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
14:50:40 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
16:58:00 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
16:58:00 Felix DETECTION C:\PROGRAM FILES\HARDERBASE.FM\HARDERBASE.FM PLAYER\HARDERBASE-PLAYER.EXE VirTool.DelfInject ALLOW
22:44:04 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW
22:44:04 Felix DETECTION C:\Program Files\HarderBase.FM\HarderBase.FM Player\HarderBase-Player.exe VirTool.DelfInject ALLOW



die datei die da so oft aufgelistet wurde hatte ich eigentlich in quarantäne verschoben und gelöscht. hmpf hat das auch nich geklappt..
antivir spuckt mir den pfad hier aus: C:\Windows\System32\aptwwp82g.dlltr


Alt 29.12.2011, 16:24   #6
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hier mal ein hijack log:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:06, on 29.12.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Gnab\Service\GnabTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ICQ7.6\ICQ.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.45\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.116\deploy\LolClient.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Felix\Desktop\Desktop\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15_Premium\TrayServer.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Link mit Mega Manager herunterladen... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 11202 bytes
         
--- --- ---


hoffe du kannst damit was anfangen

Alt 29.12.2011, 16:33   #7
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



nö, mit hjt logs kann man nichts anfangen.
lies bitte meine anleitung zu combofix, und mache damit weiter.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.12.2011, 18:45   #8
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hier der combofix log

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-29.04 - Felix 29.12.2011  19:33:18.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2093 [GMT 1:00]
ausgeführt von:: c:\users\Felix\Desktop\Desktop\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))
.
.
2011-12-29 18:40 . 2011-12-29 18:40	--------	d-----w-	c:\users\Felix\AppData\Local\temp
2011-12-27 15:49 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ADEC18A-01B1-413A-8C35-5B86D5DBAFCA}\mpengine.dll
2011-12-16 21:42 . 2011-12-16 21:42	--------	d-----w-	c:\users\Felix\AppData\Local\SWTOR
2011-12-14 09:29 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:29 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 09:29 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 09:27 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 09:27 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 09:24 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 09:24 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-13 07:17 . 2011-12-13 07:17	--------	d-----w-	c:\programdata\McAfee
2011-12-08 11:36 . 2011-12-29 13:19	212992	----a-w-	c:\windows\system32\aptwwp82g.dll
2011-12-07 23:52 . 2011-12-07 23:52	--------	d-----w-	c:\users\Felix\AppData\Local\Opera
2011-12-07 23:51 . 2011-12-07 23:54	--------	dc----w-	c:\program files\Opera
2011-12-07 23:18 . 2011-12-07 23:18	386560	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2011-12-07 23:18 . 2011-12-07 23:18	22016	----a-w-	c:\program files\Internet Explorer\ExtExport.exe
2011-12-07 22:06 . 2011-12-07 22:06	114000	----a-w-	c:\windows\system32\UpdSvc.dll
2011-12-02 03:40 . 2011-12-02 03:40	--------	d-----w-	c:\program files\Common Files\BioWare
2011-12-02 03:40 . 2011-12-02 03:40	--------	dc----w-	c:\program files\Electronic Arts
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 07:17 . 2011-06-06 12:32	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2008-12-31 08:53	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-05 14:18 . 2003-03-18 18:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-11-05 14:18 . 2003-02-21 02:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-10-03 03:06 . 2010-06-28 09:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-21 04:21 . 2011-12-11 10:03	134104	-c--a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49	176936	-c--a-w-	c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-16 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="c:\program files\ICQ7.6\ICQ.exe" [2011-10-10 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-04-06 215512]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GnabTray"="c:\program files\Common Files\Gnab\Service\GnabTray.exe" [2007-04-13 327680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_15_Premium\TrayServer.exe" [2008-08-07 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-05 273528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;h:\i386\AsProcOb.sys [x]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-06-01 110304]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-06-06 81936]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-09-13 5504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - hidg1546
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Link mit Mega Manager herunterladen... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\om6v6gdn.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-NvSvc - c:\windows\system32\nvsvc.dll
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Teamspeak 2 RC2_is1 - c:\program files\Teamspeak2_RC2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-29 19:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2311984294-2807333158-3872205673-1003\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**óâ*Äê`]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4eef393e
.
Zeit der Fertigstellung: 2011-12-29  19:42:58
ComboFix-quarantined-files.txt  2011-12-29 18:42
.
Vor Suchlauf: 22 Verzeichnis(se), 90.503.335.936 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 90.465.648.640 Bytes frei
.
- - End Of File - - 531ED9C4332507AE2D3544BCA2011C22
         
--- --- ---

hat hervorragend geklappt. endlich eine lösung für nicht so versierte pc-user hast du das programmiert?
ich werde jetzt meine virenprogramme wieder anschmeißen. mal sehen ob es immer noch meldungen gibt.

Alt 29.12.2011, 18:55   #9
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
lösche nichts, nur log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.12.2011, 20:47   #10
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



soo, hier die daten:

21:46:22.0212 5620 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:46:22.0305 5620 ============================================================
21:46:22.0305 5620 Current date / time: 2011/12/29 21:46:22.0305
21:46:22.0305 5620 SystemInfo:
21:46:22.0305 5620
21:46:22.0305 5620 OS Version: 6.0.6002 ServicePack: 2.0
21:46:22.0305 5620 Product type: Workstation
21:46:22.0306 5620 ComputerName: FELIXHESS-PC
21:46:22.0306 5620 UserName: Felix
21:46:22.0306 5620 Windows directory: C:\Windows
21:46:22.0306 5620 System windows directory: C:\Windows
21:46:22.0306 5620 Processor architecture: Intel x86
21:46:22.0306 5620 Number of processors: 4
21:46:22.0306 5620 Page size: 0x1000
21:46:22.0306 5620 Boot type: Normal boot
21:46:22.0306 5620 ============================================================
21:46:22.0635 5620 Initialize success
21:46:37.0291 5364 ============================================================
21:46:37.0291 5364 Scan started
21:46:37.0291 5364 Mode: Manual; SigCheck; TDLFS;
21:46:37.0291 5364 ============================================================
21:46:39.0182 5364 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
21:46:39.0329 5364 ACEDRV09 - ok
21:46:39.0718 5364 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:46:39.0733 5364 ACPI - ok
21:46:39.0888 5364 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:46:39.0906 5364 adp94xx - ok
21:46:39.0966 5364 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:46:39.0978 5364 adpahci - ok
21:46:40.0036 5364 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:46:40.0046 5364 adpu160m - ok
21:46:40.0074 5364 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:46:40.0084 5364 adpu320 - ok
21:46:40.0156 5364 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:46:40.0212 5364 AFD - ok
21:46:40.0271 5364 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:46:40.0280 5364 agp440 - ok
21:46:40.0300 5364 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:46:40.0322 5364 aic78xx - ok
21:46:40.0381 5364 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
21:46:40.0391 5364 aliide - ok
21:46:41.0209 5364 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:46:41.0218 5364 amdagp - ok
21:46:41.0242 5364 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
21:46:41.0252 5364 amdide - ok
21:46:41.0292 5364 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:46:41.0333 5364 AmdK7 - ok
21:46:41.0364 5364 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:46:41.0405 5364 AmdK8 - ok
21:46:41.0614 5364 amdkmdag (bc7c2154c4b23f74222859c4d93a3039) C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:41.0939 5364 amdkmdag - ok
21:46:42.0033 5364 amdkmdap (dc5d417390a70db5583374a232be622f) C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:42.0050 5364 amdkmdap - ok
21:46:42.0181 5364 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:46:42.0205 5364 arc - ok
21:46:42.0267 5364 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:46:42.0278 5364 arcsas - ok
21:46:42.0317 5364 ASUSProcObsrv - ok
21:46:42.0360 5364 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:42.0385 5364 AsyncMac - ok
21:46:42.0408 5364 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:46:42.0418 5364 atapi - ok
21:46:42.0479 5364 AtiHDAudioService (f71b6ee018eadf4cfd52f3c83847e5f6) C:\Windows\system32\drivers\AtihdLH3.sys
21:46:42.0489 5364 AtiHDAudioService - ok
21:46:42.0588 5364 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:46:42.0596 5364 avgio - ok
21:46:42.0689 5364 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
21:46:42.0697 5364 avgntflt - ok
21:46:42.0750 5364 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
21:46:42.0757 5364 avipbb - ok
21:46:42.0798 5364 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:46:42.0821 5364 Beep - ok
21:46:42.0846 5364 blbdrive - ok
21:46:42.0893 5364 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:46:42.0928 5364 bowser - ok
21:46:42.0974 5364 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:46:42.0995 5364 BrFiltLo - ok
21:46:43.0030 5364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:46:43.0052 5364 BrFiltUp - ok
21:46:43.0097 5364 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:46:43.0151 5364 Brserid - ok
21:46:43.0197 5364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:46:43.0236 5364 BrSerWdm - ok
21:46:43.0298 5364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:46:43.0338 5364 BrUsbMdm - ok
21:46:43.0376 5364 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:46:43.0415 5364 BrUsbSer - ok
21:46:43.0474 5364 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:46:43.0513 5364 BTHMODEM - ok
21:46:43.0603 5364 catchme - ok
21:46:43.0687 5364 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:46:43.0710 5364 cdfs - ok
21:46:43.0747 5364 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:46:43.0765 5364 cdrom - ok
21:46:43.0833 5364 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:46:43.0872 5364 circlass - ok
21:46:43.0919 5364 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:46:43.0933 5364 CLFS - ok
21:46:44.0022 5364 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
21:46:44.0031 5364 cmdide - ok
21:46:44.0071 5364 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:46:44.0079 5364 Compbatt - ok
21:46:44.0154 5364 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:46:44.0164 5364 crcdisk - ok
21:46:44.0207 5364 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:46:44.0246 5364 Crusoe - ok
21:46:44.0347 5364 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:46:44.0360 5364 DfsC - ok
21:46:44.0426 5364 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:46:44.0437 5364 disk - ok
21:46:44.0505 5364 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:46:44.0523 5364 drmkaud - ok
21:46:44.0563 5364 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:46:44.0585 5364 DXGKrnl - ok
21:46:44.0657 5364 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:46:44.0668 5364 e1express - ok
21:46:44.0731 5364 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:46:44.0779 5364 E1G60 - ok
21:46:44.0846 5364 EagleNT - ok
21:46:44.0925 5364 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:46:44.0937 5364 Ecache - ok
21:46:44.0988 5364 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:46:45.0001 5364 elxstor - ok
21:46:45.0046 5364 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:46:45.0059 5364 exfat - ok
21:46:45.0117 5364 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:46:45.0136 5364 fastfat - ok
21:46:45.0169 5364 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:46:45.0207 5364 fdc - ok
21:46:45.0269 5364 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:46:45.0279 5364 FileInfo - ok
21:46:45.0325 5364 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:46:45.0347 5364 Filetrace - ok
21:46:45.0397 5364 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:45.0437 5364 flpydisk - ok
21:46:45.0493 5364 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:46:45.0505 5364 FltMgr - ok
21:46:45.0563 5364 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:46:45.0589 5364 Fs_Rec - ok
21:46:45.0685 5364 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:46:45.0695 5364 gagp30kx - ok
21:46:45.0789 5364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:46:45.0797 5364 GEARAspiWDM - ok
21:46:45.0853 5364 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:46:45.0868 5364 HdAudAddService - ok
21:46:45.0911 5364 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:45.0937 5364 HDAudBus - ok
21:46:45.0965 5364 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:46:46.0004 5364 HidBth - ok
21:46:46.0077 5364 hidg1546 (fa36d3dc02ca17bb8cbf0f4f162c7c69) C:\Windows\system32\drivers\hidg1546.sys
21:46:46.0087 5364 hidg1546 ( UnsignedFile.Multi.Generic ) - warning
21:46:46.0087 5364 hidg1546 - detected UnsignedFile.Multi.Generic (1)
21:46:46.0134 5364 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:46:46.0172 5364 HidIr - ok
21:46:46.0220 5364 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:46:46.0238 5364 HidUsb - ok
21:46:46.0262 5364 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:46:46.0270 5364 HpCISSs - ok
21:46:46.0299 5364 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:46:46.0318 5364 HTTP - ok
21:46:46.0348 5364 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:46:46.0357 5364 i2omp - ok
21:46:46.0398 5364 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:46.0418 5364 i8042prt - ok
21:46:46.0487 5364 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
21:46:46.0498 5364 iaStor - ok
21:46:46.0544 5364 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:46:46.0556 5364 iaStorV - ok
21:46:46.0572 5364 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:46:46.0582 5364 iirsp - ok
21:46:46.0675 5364 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
21:46:46.0757 5364 IntcAzAudAddService - ok
21:46:46.0803 5364 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
21:46:46.0823 5364 IntelDH - ok
21:46:46.0881 5364 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
21:46:46.0890 5364 intelide - ok
21:46:46.0962 5364 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:46:46.0984 5364 intelppm - ok
21:46:47.0049 5364 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:47.0072 5364 IpFilterDriver - ok
21:46:47.0104 5364 IpInIp - ok
21:46:47.0164 5364 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:46:47.0203 5364 IPMIDRV - ok
21:46:47.0244 5364 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:46:47.0268 5364 IPNAT - ok
21:46:47.0312 5364 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:46:47.0336 5364 IRENUM - ok
21:46:47.0369 5364 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:46:47.0378 5364 isapnp - ok
21:46:47.0407 5364 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:46:47.0419 5364 iScsiPrt - ok
21:46:47.0466 5364 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:46:47.0475 5364 iteatapi - ok
21:46:47.0495 5364 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:46:47.0504 5364 iteraid - ok
21:46:47.0527 5364 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:47.0536 5364 kbdclass - ok
21:46:47.0563 5364 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:47.0581 5364 kbdhid - ok
21:46:47.0622 5364 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:46:47.0642 5364 KSecDD - ok
21:46:47.0688 5364 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:46:47.0712 5364 lltdio - ok
21:46:47.0767 5364 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:46:47.0777 5364 LSI_FC - ok
21:46:47.0819 5364 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:46:47.0828 5364 LSI_SAS - ok
21:46:47.0863 5364 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:46:47.0872 5364 LSI_SCSI - ok
21:46:47.0910 5364 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:46:47.0935 5364 luafv - ok
21:46:47.0998 5364 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:46:48.0006 5364 MBAMProtector - ok
21:46:48.0063 5364 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:46:48.0072 5364 megasas - ok
21:46:48.0123 5364 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:46:48.0146 5364 Modem - ok
21:46:48.0181 5364 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:46:48.0204 5364 monitor - ok
21:46:48.0229 5364 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:46:48.0238 5364 mouclass - ok
21:46:48.0294 5364 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:46:48.0317 5364 mouhid - ok
21:46:48.0369 5364 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:46:48.0378 5364 MountMgr - ok
21:46:48.0427 5364 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:46:48.0436 5364 mpio - ok
21:46:48.0464 5364 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:46:48.0483 5364 mpsdrv - ok
21:46:48.0533 5364 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:46:48.0542 5364 Mraid35x - ok
21:46:48.0581 5364 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:46:48.0595 5364 MRxDAV - ok
21:46:48.0639 5364 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:48.0653 5364 mrxsmb - ok
21:46:48.0678 5364 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:48.0692 5364 mrxsmb10 - ok
21:46:48.0704 5364 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:48.0717 5364 mrxsmb20 - ok
21:46:48.0754 5364 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
21:46:48.0764 5364 msahci - ok
21:46:48.0804 5364 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:46:48.0813 5364 msdsm - ok
21:46:48.0844 5364 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:46:48.0867 5364 Msfs - ok
21:46:48.0934 5364 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:46:48.0943 5364 msisadrv - ok
21:46:49.0042 5364 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:46:49.0064 5364 MSKSSRV - ok
21:46:49.0133 5364 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:49.0156 5364 MSPCLOCK - ok
21:46:49.0183 5364 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:46:49.0206 5364 MSPQM - ok
21:46:49.0236 5364 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:46:49.0248 5364 MsRPC - ok
21:46:49.0329 5364 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:49.0338 5364 mssmbios - ok
21:46:49.0378 5364 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:46:49.0401 5364 MSTEE - ok
21:46:49.0445 5364 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:46:49.0456 5364 Mup - ok
21:46:49.0502 5364 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:46:49.0516 5364 NativeWifiP - ok
21:46:49.0556 5364 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:46:49.0574 5364 NDIS - ok
21:46:49.0607 5364 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:49.0625 5364 NdisTapi - ok
21:46:49.0647 5364 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:49.0669 5364 Ndisuio - ok
21:46:49.0700 5364 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:49.0719 5364 NdisWan - ok
21:46:49.0793 5364 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:46:49.0811 5364 NDProxy - ok
21:46:49.0880 5364 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:46:49.0903 5364 NetBIOS - ok
21:46:49.0944 5364 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:46:49.0964 5364 netbt - ok
21:46:50.0003 5364 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:46:50.0012 5364 nfrd960 - ok
21:46:50.0069 5364 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
21:46:50.0078 5364 nmsunidr - ok
21:46:50.0102 5364 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:46:50.0120 5364 Npfs - ok
21:46:50.0140 5364 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:46:50.0163 5364 nsiproxy - ok
21:46:50.0226 5364 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:46:50.0257 5364 Ntfs - ok
21:46:50.0315 5364 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:46:50.0354 5364 ntrigdigi - ok
21:46:50.0411 5364 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:46:50.0434 5364 Null - ok
21:46:50.0465 5364 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:46:50.0475 5364 nvraid - ok
21:46:50.0509 5364 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:46:50.0517 5364 nvstor - ok
21:46:50.0550 5364 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:46:50.0559 5364 nv_agp - ok
21:46:50.0586 5364 NwlnkFlt - ok
21:46:50.0603 5364 NwlnkFwd - ok
21:46:50.0664 5364 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:46:50.0684 5364 ohci1394 - ok
21:46:50.0753 5364 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:46:50.0792 5364 Parport - ok
21:46:50.0836 5364 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:46:50.0847 5364 partmgr - ok
21:46:50.0901 5364 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:46:50.0943 5364 Parvdm - ok
21:46:51.0000 5364 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:46:51.0013 5364 pci - ok
21:46:51.0047 5364 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:46:51.0058 5364 pciide - ok
21:46:51.0113 5364 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:46:51.0124 5364 pcmcia - ok
21:46:51.0166 5364 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:46:51.0220 5364 PEAUTH - ok
21:46:51.0412 5364 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:46:51.0435 5364 PptpMiniport - ok
21:46:51.0757 5364 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:46:51.0796 5364 Processor - ok
21:46:51.0948 5364 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:46:51.0966 5364 PSched - ok
21:46:52.0025 5364 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:46:52.0055 5364 ql2300 - ok
21:46:52.0080 5364 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:46:52.0090 5364 ql40xx - ok
21:46:52.0122 5364 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:46:52.0135 5364 QWAVEdrv - ok
21:46:52.0220 5364 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:46:52.0242 5364 RasAcd - ok
21:46:52.0377 5364 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:52.0401 5364 Rasl2tp - ok
21:46:52.0474 5364 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:52.0492 5364 RasPppoe - ok
21:46:52.0529 5364 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:46:52.0542 5364 RasSstp - ok
21:46:52.0579 5364 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:46:52.0600 5364 rdbss - ok
21:46:52.0627 5364 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:52.0649 5364 RDPCDD - ok
21:46:52.0685 5364 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:46:52.0726 5364 rdpdr - ok
21:46:52.0777 5364 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:46:52.0799 5364 RDPENCDD - ok
21:46:52.0837 5364 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:46:52.0856 5364 RDPWD - ok
21:46:52.0951 5364 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:46:52.0974 5364 rspndr - ok
21:46:53.0016 5364 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:46:53.0025 5364 sbp2port - ok
21:46:53.0069 5364 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:46:53.0110 5364 secdrv - ok
21:46:53.0168 5364 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:46:53.0191 5364 Serenum - ok
21:46:53.0216 5364 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:46:53.0241 5364 Serial - ok
21:46:53.0273 5364 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:46:53.0295 5364 sermouse - ok
21:46:53.0387 5364 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:46:53.0397 5364 sffdisk - ok
21:46:53.0424 5364 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:46:53.0435 5364 sffp_mmc - ok
21:46:53.0464 5364 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:46:53.0475 5364 sffp_sd - ok
21:46:53.0501 5364 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:46:53.0540 5364 sfloppy - ok
21:46:53.0566 5364 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:46:53.0575 5364 sisagp - ok
21:46:53.0593 5364 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:46:53.0603 5364 SiSRaid2 - ok
21:46:53.0629 5364 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:46:53.0639 5364 SiSRaid4 - ok
21:46:53.0669 5364 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:46:53.0687 5364 Smb - ok
21:46:53.0784 5364 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:46:53.0793 5364 spldr - ok
21:46:53.0834 5364 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:46:53.0849 5364 srv - ok
21:46:53.0884 5364 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:46:53.0897 5364 srv2 - ok
21:46:53.0926 5364 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:46:53.0939 5364 srvnet - ok
21:46:53.0995 5364 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:46:54.0002 5364 ssmdrv - ok
21:46:54.0073 5364 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:46:54.0083 5364 swenum - ok
21:46:54.0135 5364 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:46:54.0144 5364 Symc8xx - ok
21:46:54.0177 5364 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:46:54.0186 5364 Sym_hi - ok
21:46:54.0207 5364 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:46:54.0215 5364 Sym_u3 - ok
21:46:54.0305 5364 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:46:54.0335 5364 Tcpip - ok
21:46:54.0406 5364 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:46:54.0432 5364 Tcpip6 - ok
21:46:54.0519 5364 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:46:54.0532 5364 tcpipreg - ok
21:46:54.0568 5364 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:46:54.0590 5364 TDPIPE - ok
21:46:54.0616 5364 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:46:54.0639 5364 TDTCP - ok
21:46:54.0707 5364 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:46:54.0725 5364 tdx - ok
21:46:54.0768 5364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:46:54.0779 5364 TermDD - ok
21:46:54.0886 5364 TSHWMDTCP (de8829c9da8fa4eda99948f1b78da80a) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
21:46:54.0894 5364 TSHWMDTCP - ok
21:46:54.0972 5364 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:55.0001 5364 tssecsrv - ok
21:46:55.0051 5364 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:46:55.0063 5364 tunmp - ok
21:46:55.0126 5364 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:46:55.0138 5364 tunnel - ok
21:46:55.0167 5364 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:46:55.0176 5364 uagp35 - ok
21:46:55.0205 5364 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:46:55.0225 5364 udfs - ok
21:46:55.0246 5364 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:46:55.0256 5364 uliagpkx - ok
21:46:55.0279 5364 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:46:55.0292 5364 uliahci - ok
21:46:55.0314 5364 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:46:55.0324 5364 UlSata - ok
21:46:55.0341 5364 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:46:55.0351 5364 ulsata2 - ok
21:46:55.0382 5364 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:46:55.0405 5364 umbus - ok
21:46:55.0484 5364 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\Windows\system32\Drivers\usbaapl.sys
21:46:55.0489 5364 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:46:55.0489 5364 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:46:55.0540 5364 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:55.0558 5364 usbccgp - ok
21:46:55.0602 5364 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:46:55.0641 5364 usbcir - ok
21:46:55.0693 5364 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:46:55.0711 5364 usbehci - ok
21:46:55.0744 5364 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:46:55.0763 5364 usbhub - ok
21:46:55.0790 5364 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:46:55.0829 5364 usbohci - ok
21:46:55.0879 5364 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:46:55.0917 5364 usbprint - ok
21:46:55.0950 5364 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:55.0969 5364 USBSTOR - ok
21:46:56.0035 5364 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:46:56.0053 5364 usbuhci - ok
21:46:56.0095 5364 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:56.0122 5364 vga - ok
21:46:56.0169 5364 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:46:56.0191 5364 VgaSave - ok
21:46:56.0227 5364 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:46:56.0236 5364 viaagp - ok
21:46:56.0260 5364 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:46:56.0298 5364 ViaC7 - ok
21:46:56.0325 5364 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
21:46:56.0334 5364 viaide - ok
21:46:56.0367 5364 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:46:56.0377 5364 volmgr - ok
21:46:56.0405 5364 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:46:56.0419 5364 volmgrx - ok
21:46:56.0446 5364 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:46:56.0459 5364 volsnap - ok
21:46:56.0510 5364 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:46:56.0520 5364 vsmraid - ok
21:46:56.0554 5364 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:46:56.0592 5364 WacomPen - ok
21:46:56.0670 5364 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:56.0688 5364 Wanarp - ok
21:46:56.0712 5364 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:56.0730 5364 Wanarpv6 - ok
21:46:56.0769 5364 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:46:56.0777 5364 Wd - ok
21:46:56.0827 5364 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:46:56.0845 5364 Wdf01000 - ok
21:46:57.0005 5364 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:46:57.0043 5364 WmiAcpi - ok
21:46:57.0126 5364 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:46:57.0149 5364 ws2ifsl - ok
21:46:57.0248 5364 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:57.0271 5364 WUDFRd - ok
21:46:57.0317 5364 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:46:57.0459 5364 \Device\Harddisk0\DR0 - ok
21:46:57.0463 5364 Boot (0x1200) (eab41064e5a1d8bd6e17f1b4085cb795) \Device\Harddisk0\DR0\Partition0
21:46:57.0463 5364 \Device\Harddisk0\DR0\Partition0 - ok
21:46:57.0486 5364 Boot (0x1200) (5499d37ba8a818705c2318c74fe863ea) \Device\Harddisk0\DR0\Partition1
21:46:57.0487 5364 \Device\Harddisk0\DR0\Partition1 - ok
21:46:57.0510 5364 Boot (0x1200) (09a44893659efe6a815c5faf43a1db72) \Device\Harddisk0\DR0\Partition2
21:46:57.0510 5364 \Device\Harddisk0\DR0\Partition2 - ok
21:46:57.0511 5364 ============================================================
21:46:57.0511 5364 Scan finished
21:46:57.0511 5364 ============================================================
21:46:57.0521 5464 Detected object count: 2
21:46:57.0521 5464 Actual detected object count: 2
21:47:05.0573 5464 hidg1546 ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:05.0573 5464 hidg1546 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:05.0575 5464 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:05.0575 5464 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 30.12.2011, 12:51   #11
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



öffne Malwarebytes update, dann vollständiger scan, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.12.2011, 17:07   #12
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hier der malewarebytes log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Felix :: FELIXHESS-PC [Administrator]

Schutz: Aktiviert

30.12.2011 15:46:19
mbam-log-2011-12-30 (18-05-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 420941
Laufzeit: 2 Stunde(n), 16 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Felix\Desktop\Desktop\Desktop\Downloads\HTTPTunnelInstallerv444000.exe (Adware.BetterInternet) -> Keine Aktion durchgeführt.

(Ende)


habe nun ausschließlich C gescannt, allein das hat schon über 2 std gedauert. irgendwie hängt sich das programm immer auf, wenn ich komplett alles durchsuchen möchte.

Alt 30.12.2011, 17:11   #13
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



gibts sonst noch probleme mit dem pc
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.12.2011, 17:19   #14
feeluck
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



hmm ich weiß nich. habe die datei entfernt und MWB wollte für den vorgang den pc neustarten. die datei ist jetzt aber immer noch in der quarantäne.. merkwürdig.
ich habe übrigens den gesamten ordner in dem diese ominöse hardbase-player datei drin war manuell gelöscht.
habe bis jetzt auch keine virusmeldungen mehr bekommen. auch nicht von antivir.
ist das problem jetzt gelöst?

Alt 30.12.2011, 19:20   #15
markusg
/// Malware-holic
 
'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Standard

'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'



in der quarantäne tut sie nichts.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'
'tr/atraps.gen', aktion, antivir, beschäftigt, c:\windows, datei, entferne, entfernen, forum, gelöscht, lösung, nutzung, problem, programm, recht, sache, sachen, schei, system, system32, tr/atraps.gen, trojaner, unerwünschtes programm, virus, windows, zugriff



Ähnliche Themen: 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'


  1. Windows 8 x64 mit tr/atraps.gen - tr/atraps.gen2 befallen
    Log-Analyse und Auswertung - 17.01.2014 (50)
  2. Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (13)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (4)
  5. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  6. Avira: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer...
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (9)
  7. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  8. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  9. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  10. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  11. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  12. TR/ATRAPS.Gen in C:\Windows\System32\aptwaouxz.dll
    Plagegeister aller Art und deren Bekämpfung - 23.06.2012 (28)
  13. Tr/ATRAPS in System32\aptw0otc7.dll
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (5)
  14. TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32
    Log-Analyse und Auswertung - 06.04.2012 (10)
  15. @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (1)
  16. Avira: findet TR/ATRAPS.Gen2 in C:\WINDOWS\system32\odb.dll
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  17. TR/ATRAPS.GEN in C:\Windows\System32\oobe\info\resources\startoffic e.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.10.2009 (2)

Zum Thema 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' - Hallo! Ich bin in Sachen PC- Nutzung recht fit, habe aber bisher noch nie einen Virus bzw. Trojaner entfernen müssen; kenne mich also nicht so gut aus. Ich habe hier - 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll'...
Archiv
Du betrachtest: 'TR/ATRAPS.Gen' in 'C:\Windows\System32\aptwwp82g.dll' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.