| |
| |||||||
Log-Analyse und Auswertung: Problem mit Rootkit BOO/TDss.OWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.04.2012, 10:06
| #1 |
| |  Problem mit Rootkit BOO/TDss.O Hallo, nach diversen Problemen (Popups von Fehlermeldungen) hat mit Avira DE-Cleaner mitgeteilt, dass sich mein Rechner den oben genannten Rootkit eingefangen habe. Ich habe schon TDSSKiller laufen lassen, das Logfile ist hier: Code:
ATTFilter 01:59:52.0431 2028 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
01:59:53.0274 2028 ============================================================
01:59:53.0274 2028 Current date / time: 2012/04/30 01:59:53.0274
01:59:53.0274 2028 SystemInfo:
01:59:53.0274 2028
01:59:53.0274 2028 OS Version: 6.1.7600 ServicePack: 0.0
01:59:53.0274 2028 Product type: Workstation
01:59:53.0274 2028 ComputerName: *********
01:59:53.0274 2028 UserName: *********
01:59:53.0274 2028 Windows directory: C:\windows
01:59:53.0274 2028 System windows directory: C:\windows
01:59:53.0274 2028 Running under WOW64
01:59:53.0274 2028 Processor architecture: Intel x64
01:59:53.0274 2028 Number of processors: 4
01:59:53.0274 2028 Page size: 0x1000
01:59:53.0274 2028 Boot type: Safe boot
01:59:53.0274 2028 ============================================================
01:59:55.0426 2028 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:59:55.0426 2028 ============================================================
01:59:55.0426 2028 \Device\Harddisk0\DR0:
01:59:55.0426 2028 MBR partitions:
01:59:55.0426 2028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000
01:59:55.0426 2028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x171C9800, BlocksNum 0xE2602B0
01:59:55.0426 2028 ============================================================
01:59:55.0520 2028 C: <-> \Device\Harddisk0\DR0\Partition0
01:59:55.0707 2028 D: <-> \Device\Harddisk0\DR0\Partition1
01:59:55.0707 2028 ============================================================
01:59:55.0707 2028 Initialize success
01:59:55.0707 2028 ============================================================
01:59:57.0735 1096 ============================================================
01:59:57.0735 1096 Scan started
01:59:57.0735 1096 Mode: Manual;
01:59:57.0735 1096 ============================================================
02:00:00.0309 1096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
02:00:00.0309 1096 1394ohci - ok
02:00:00.0668 1096 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:00:00.0668 1096 ACDaemon - ok
02:00:00.0918 1096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
02:00:00.0933 1096 ACPI - ok
02:00:01.0027 1096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
02:00:01.0027 1096 AcpiPmi - ok
02:00:01.0120 1096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
02:00:01.0370 1096 adp94xx - ok
02:00:01.0417 1096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
02:00:01.0432 1096 adpahci - ok
02:00:01.0479 1096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
02:00:01.0479 1096 adpu320 - ok
02:00:01.0526 1096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
02:00:01.0526 1096 AeLookupSvc - ok
02:00:01.0588 1096 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
02:00:01.0588 1096 AFD - ok
02:00:01.0666 1096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
02:00:01.0666 1096 agp440 - ok
02:00:01.0698 1096 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
02:00:01.0698 1096 ALG - ok
02:00:01.0744 1096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
02:00:01.0744 1096 aliide - ok
02:00:01.0791 1096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
02:00:01.0791 1096 amdide - ok
02:00:01.0822 1096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
02:00:01.0822 1096 AmdK8 - ok
02:00:01.0869 1096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
02:00:01.0869 1096 AmdPPM - ok
02:00:01.0963 1096 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
02:00:01.0978 1096 amdsata - ok
02:00:02.0103 1096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
02:00:02.0134 1096 amdsbs - ok
02:00:02.0181 1096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
02:00:02.0197 1096 amdxata - ok
02:00:02.0228 1096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
02:00:02.0228 1096 AppID - ok
02:00:02.0275 1096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
02:00:02.0275 1096 AppIDSvc - ok
02:00:02.0290 1096 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
02:00:02.0290 1096 Appinfo - ok
02:00:02.0462 1096 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:00:02.0462 1096 Apple Mobile Device - ok
02:00:02.0540 1096 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
02:00:02.0540 1096 arc - ok
02:00:02.0571 1096 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
02:00:02.0571 1096 arcsas - ok
02:00:02.0680 1096 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
02:00:02.0680 1096 ArcSoftKsUFilter - ok
02:00:02.0992 1096 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:00:03.0024 1096 aspnet_state - ok
02:00:03.0055 1096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
02:00:03.0055 1096 AsyncMac - ok
02:00:03.0102 1096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
02:00:03.0102 1096 atapi - ok
02:00:03.0226 1096 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\windows\system32\DRIVERS\athrx.sys
02:00:03.0258 1096 athr - ok
02:00:03.0414 1096 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
02:00:03.0445 1096 AudioEndpointBuilder - ok
02:00:03.0460 1096 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
02:00:03.0460 1096 AudioSrv - ok
02:00:03.0523 1096 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
02:00:03.0523 1096 AxInstSV - ok
02:00:03.0648 1096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
02:00:03.0694 1096 b06bdrv - ok
02:00:03.0772 1096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
02:00:03.0772 1096 b57nd60a - ok
02:00:03.0835 1096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
02:00:03.0835 1096 BDESVC - ok
02:00:03.0835 1096 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
02:00:03.0835 1096 Beep - ok
02:00:04.0100 1096 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
02:00:04.0131 1096 BFE - ok
02:00:04.0209 1096 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
02:00:04.0240 1096 BITS - ok
02:00:04.0755 1096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
02:00:04.0755 1096 blbdrive - ok
02:00:04.0989 1096 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:00:05.0005 1096 Bonjour Service - ok
02:00:05.0488 1096 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
02:00:05.0488 1096 bowser - ok
02:00:05.0598 1096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
02:00:05.0629 1096 BrFiltLo - ok
02:00:05.0707 1096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
02:00:05.0707 1096 BrFiltUp - ok
02:00:05.0769 1096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
02:00:05.0769 1096 BridgeMP - ok
02:00:05.0894 1096 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
02:00:05.0910 1096 Browser - ok
02:00:05.0941 1096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
02:00:05.0956 1096 Brserid - ok
02:00:06.0019 1096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
02:00:06.0019 1096 BrSerWdm - ok
02:00:06.0050 1096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
02:00:06.0050 1096 BrUsbMdm - ok
02:00:06.0128 1096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
02:00:06.0128 1096 BrUsbSer - ok
02:00:06.0159 1096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
02:00:06.0159 1096 BTHMODEM - ok
02:00:06.0206 1096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
02:00:06.0206 1096 bthserv - ok
02:00:06.0253 1096 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
02:00:06.0253 1096 cdfs - ok
02:00:06.0315 1096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
02:00:06.0315 1096 cdrom - ok
02:00:06.0346 1096 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
02:00:06.0346 1096 CertPropSvc - ok
02:00:06.0409 1096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
02:00:06.0409 1096 circlass - ok
02:00:06.0471 1096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
02:00:06.0487 1096 CLFS - ok
02:00:06.0549 1096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:00:06.0549 1096 clr_optimization_v2.0.50727_32 - ok
02:00:06.0596 1096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:00:06.0596 1096 clr_optimization_v2.0.50727_64 - ok
02:00:06.0768 1096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:00:06.0814 1096 clr_optimization_v4.0.30319_32 - ok
02:00:06.0908 1096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:00:06.0986 1096 clr_optimization_v4.0.30319_64 - ok
02:00:07.0017 1096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
02:00:07.0017 1096 CmBatt - ok
02:00:07.0126 1096 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
02:00:07.0126 1096 cmdide - ok
02:00:07.0236 1096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
02:00:07.0267 1096 CNG - ok
02:00:07.0282 1096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
02:00:07.0282 1096 Compbatt - ok
02:00:07.0345 1096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
02:00:07.0345 1096 CompositeBus - ok
02:00:07.0376 1096 COMSysApp - ok
02:00:07.0423 1096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
02:00:07.0423 1096 crcdisk - ok
02:00:07.0485 1096 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
02:00:07.0485 1096 CryptSvc - ok
02:00:07.0563 1096 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
02:00:07.0579 1096 DcomLaunch - ok
02:00:07.0813 1096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
02:00:07.0844 1096 defragsvc - ok
02:00:07.0953 1096 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
02:00:07.0953 1096 DfsC - ok
02:00:08.0016 1096 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
02:00:08.0016 1096 Dhcp - ok
02:00:08.0047 1096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
02:00:08.0047 1096 discache - ok
02:00:08.0172 1096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
02:00:08.0172 1096 Disk - ok
02:00:08.0234 1096 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
02:00:08.0234 1096 Dnscache - ok
02:00:08.0328 1096 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
02:00:08.0359 1096 dot3svc - ok
02:00:08.0546 1096 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
02:00:08.0577 1096 DPS - ok
02:00:08.0655 1096 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
02:00:08.0671 1096 drmkaud - ok
02:00:08.0749 1096 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
02:00:08.0764 1096 DXGKrnl - ok
02:00:08.0811 1096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
02:00:08.0811 1096 EapHost - ok
02:00:09.0108 1096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
02:00:09.0420 1096 ebdrv - ok
02:00:09.0607 1096 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\System32\lsass.exe
02:00:09.0607 1096 EFS - ok
02:00:09.0716 1096 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\windows\ehome\ehRecvr.exe
02:00:09.0747 1096 ehRecvr - ok
02:00:09.0794 1096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
02:00:09.0794 1096 ehSched - ok
02:00:09.0919 1096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
02:00:09.0950 1096 elxstor - ok
02:00:09.0966 1096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
02:00:09.0966 1096 ErrDev - ok
02:00:10.0090 1096 EUCR (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
02:00:10.0090 1096 EUCR - ok
02:00:10.0137 1096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
02:00:10.0153 1096 EventSystem - ok
02:00:10.0200 1096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
02:00:10.0200 1096 exfat - ok
02:00:10.0246 1096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
02:00:10.0246 1096 fastfat - ok
02:00:10.0324 1096 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
02:00:10.0340 1096 Fax - ok
02:00:10.0387 1096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
02:00:10.0387 1096 fdc - ok
02:00:10.0402 1096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
02:00:10.0402 1096 fdPHost - ok
02:00:10.0418 1096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
02:00:10.0418 1096 FDResPub - ok
02:00:10.0465 1096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
02:00:10.0465 1096 FileInfo - ok
02:00:10.0496 1096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
02:00:10.0496 1096 Filetrace - ok
02:00:10.0543 1096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
02:00:10.0543 1096 flpydisk - ok
02:00:10.0590 1096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
02:00:10.0590 1096 FltMgr - ok
02:00:10.0668 1096 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\windows\system32\FntCache.dll
02:00:10.0714 1096 FontCache - ok
02:00:10.0808 1096 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:00:10.0808 1096 FontCache3.0.0.0 - ok
02:00:10.0870 1096 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
02:00:10.0870 1096 FsDepends - ok
02:00:10.0917 1096 fspad_wlh64 (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_wlh64.sys
02:00:10.0917 1096 fspad_wlh64 - ok
02:00:10.0933 1096 fspad_xp64 (768fae6c348e5538b370fa62ab1b43b1) C:\windows\system32\DRIVERS\fspad_xp64.sys
02:00:10.0933 1096 fspad_xp64 - ok
02:00:10.0948 1096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
02:00:10.0948 1096 Fs_Rec - ok
02:00:11.0011 1096 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
02:00:11.0026 1096 fvevol - ok
02:00:11.0042 1096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
02:00:11.0042 1096 gagp30kx - ok
02:00:11.0136 1096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:00:11.0136 1096 GEARAspiWDM - ok
02:00:11.0214 1096 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
02:00:11.0245 1096 gpsvc - ok
02:00:11.0916 1096 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:00:11.0916 1096 gupdate - ok
02:00:11.0931 1096 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:00:11.0931 1096 gupdatem - ok
02:00:11.0978 1096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
02:00:11.0978 1096 hcw85cir - ok
02:00:12.0555 1096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
02:00:12.0571 1096 HdAudAddService - ok
02:00:12.0649 1096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
02:00:12.0649 1096 HDAudBus - ok
02:00:12.0774 1096 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
02:00:12.0774 1096 HECIx64 - ok
02:00:12.0820 1096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
02:00:12.0852 1096 HidBatt - ok
02:00:13.0398 1096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
02:00:13.0429 1096 HidBth - ok
02:00:13.0522 1096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
02:00:13.0522 1096 HidIr - ok
02:00:13.0616 1096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
02:00:13.0616 1096 hidserv - ok
02:00:13.0710 1096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
02:00:13.0710 1096 HidUsb - ok
02:00:13.0741 1096 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
02:00:13.0741 1096 hkmsvc - ok
02:00:13.0803 1096 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
02:00:13.0834 1096 HomeGroupListener - ok
02:00:13.0928 1096 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
02:00:13.0928 1096 HomeGroupProvider - ok
02:00:13.0990 1096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
02:00:14.0006 1096 HpSAMD - ok
02:00:14.0115 1096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
02:00:14.0115 1096 HTTP - ok
02:00:14.0209 1096 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
02:00:14.0209 1096 hwpolicy - ok
02:00:14.0302 1096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
02:00:14.0302 1096 i8042prt - ok
02:00:14.0490 1096 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
02:00:14.0490 1096 iaStor - ok
02:00:14.0926 1096 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:00:14.0926 1096 IAStorDataMgrSvc - ok
02:00:15.0082 1096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
02:00:15.0129 1096 iaStorV - ok
02:00:15.0519 1096 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:00:15.0862 1096 idsvc - ok
02:00:16.0611 1096 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
02:00:16.0814 1096 igfx - ok
02:00:16.0986 1096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
02:00:16.0986 1096 iirsp - ok
02:00:17.0064 1096 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
02:00:17.0079 1096 IKEEXT - ok
02:00:17.0157 1096 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
02:00:17.0157 1096 Impcd - ok
02:00:17.0313 1096 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\windows\system32\drivers\RTKVHD64.sys
02:00:17.0360 1096 IntcAzAudAddService - ok
02:00:17.0532 1096 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
02:00:17.0532 1096 IntcDAud - ok
02:00:17.0563 1096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
02:00:17.0563 1096 intelide - ok
02:00:17.0594 1096 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
02:00:17.0594 1096 intelppm - ok
02:00:17.0625 1096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
02:00:17.0625 1096 IPBusEnum - ok
02:00:17.0672 1096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
02:00:17.0672 1096 IpFilterDriver - ok
02:00:17.0719 1096 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
02:00:17.0719 1096 iphlpsvc - ok
02:00:17.0734 1096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
02:00:17.0734 1096 IPMIDRV - ok
02:00:17.0766 1096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
02:00:17.0766 1096 IPNAT - ok
02:00:17.0859 1096 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
02:00:17.0875 1096 iPod Service - ok
02:00:17.0922 1096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
02:00:17.0922 1096 IRENUM - ok
02:00:17.0968 1096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
02:00:17.0968 1096 isapnp - ok
02:00:18.0000 1096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
02:00:18.0000 1096 iScsiPrt - ok
02:00:18.0031 1096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
02:00:18.0046 1096 kbdclass - ok
02:00:18.0078 1096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
02:00:18.0078 1096 kbdhid - ok
02:00:18.0109 1096 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:18.0109 1096 KeyIso - ok
02:00:18.0124 1096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
02:00:18.0124 1096 KSecDD - ok
02:00:18.0171 1096 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
02:00:18.0171 1096 KSecPkg - ok
02:00:18.0187 1096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
02:00:18.0187 1096 ksthunk - ok
02:00:18.0234 1096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
02:00:18.0249 1096 KtmRm - ok
02:00:18.0327 1096 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
02:00:18.0343 1096 LanmanServer - ok
02:00:18.0374 1096 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
02:00:18.0374 1096 LanmanWorkstation - ok
02:00:18.0468 1096 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
02:00:18.0468 1096 lltdio - ok
02:00:18.0514 1096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
02:00:18.0514 1096 lltdsvc - ok
02:00:18.0561 1096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
02:00:18.0561 1096 lmhosts - ok
02:00:18.0655 1096 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:00:18.0670 1096 LMS - ok
02:00:18.0686 1096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
02:00:18.0702 1096 LSI_FC - ok
02:00:18.0733 1096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
02:00:18.0733 1096 LSI_SAS - ok
02:00:18.0764 1096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
02:00:18.0764 1096 LSI_SAS2 - ok
02:00:18.0795 1096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
02:00:18.0795 1096 LSI_SCSI - ok
02:00:18.0826 1096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
02:00:18.0826 1096 luafv - ok
02:00:18.0873 1096 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
02:00:18.0873 1096 MBAMProtector - ok
02:00:18.0967 1096 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:00:18.0998 1096 MBAMService - ok
02:00:19.0060 1096 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
02:00:19.0060 1096 Mcx2Svc - ok
02:00:19.0092 1096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
02:00:19.0092 1096 megasas - ok
02:00:19.0107 1096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
02:00:19.0123 1096 MegaSR - ok
02:00:19.0170 1096 MGHwCtrl - ok
02:00:19.0263 1096 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\System Control Manager\MSIService.exe
02:00:19.0263 1096 Micro Star SCM - ok
02:00:19.0294 1096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:00:19.0294 1096 MMCSS - ok
02:00:19.0326 1096 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
02:00:19.0326 1096 Modem - ok
02:00:19.0341 1096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
02:00:19.0341 1096 monitor - ok
02:00:19.0372 1096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
02:00:19.0372 1096 mouclass - ok
02:00:19.0388 1096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
02:00:19.0388 1096 mouhid - ok
02:00:19.0419 1096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
02:00:19.0419 1096 mountmgr - ok
02:00:19.0482 1096 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:00:19.0482 1096 MozillaMaintenance - ok
02:00:19.0497 1096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
02:00:19.0497 1096 mpio - ok
02:00:19.0528 1096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
02:00:19.0528 1096 mpsdrv - ok
02:00:19.0544 1096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
02:00:19.0544 1096 MRxDAV - ok
02:00:19.0591 1096 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
02:00:19.0591 1096 mrxsmb - ok
02:00:19.0622 1096 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
02:00:19.0622 1096 mrxsmb10 - ok
02:00:19.0669 1096 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
02:00:19.0669 1096 mrxsmb20 - ok
02:00:19.0716 1096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
02:00:19.0716 1096 msahci - ok
02:00:19.0731 1096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
02:00:19.0731 1096 msdsm - ok
02:00:19.0762 1096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
02:00:19.0762 1096 MSDTC - ok
02:00:19.0794 1096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
02:00:19.0794 1096 Msfs - ok
02:00:19.0809 1096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
02:00:19.0809 1096 mshidkmdf - ok
02:00:19.0825 1096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
02:00:19.0825 1096 msisadrv - ok
02:00:19.0872 1096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
02:00:19.0872 1096 MSiSCSI - ok
02:00:19.0872 1096 msiserver - ok
02:00:19.0903 1096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
02:00:19.0903 1096 MSKSSRV - ok
02:00:19.0950 1096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
02:00:19.0950 1096 MSPCLOCK - ok
02:00:19.0965 1096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
02:00:19.0965 1096 MSPQM - ok
02:00:19.0996 1096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
02:00:20.0028 1096 MsRPC - ok
02:00:20.0059 1096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
02:00:20.0059 1096 mssmbios - ok
02:00:20.0090 1096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
02:00:20.0090 1096 MSTEE - ok
02:00:20.0106 1096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
02:00:20.0106 1096 MTConfig - ok
02:00:20.0121 1096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
02:00:20.0121 1096 Mup - ok
02:00:20.0168 1096 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
02:00:20.0184 1096 napagent - ok
02:00:20.0246 1096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
02:00:20.0246 1096 NativeWifiP - ok
02:00:20.0355 1096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
02:00:20.0355 1096 NDIS - ok
02:00:20.0386 1096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
02:00:20.0402 1096 NdisCap - ok
02:00:20.0418 1096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
02:00:20.0418 1096 NdisTapi - ok
02:00:20.0433 1096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
02:00:20.0433 1096 Ndisuio - ok
02:00:20.0449 1096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
02:00:20.0464 1096 NdisWan - ok
02:00:20.0496 1096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
02:00:20.0496 1096 NDProxy - ok
02:00:20.0527 1096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
02:00:20.0527 1096 NetBIOS - ok
02:00:20.0558 1096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
02:00:20.0558 1096 NetBT - ok
02:00:20.0589 1096 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:20.0589 1096 Netlogon - ok
02:00:20.0652 1096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
02:00:20.0714 1096 Netman - ok
02:00:20.0823 1096 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:20.0823 1096 NetMsmqActivator - ok
02:00:20.0823 1096 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:20.0839 1096 NetPipeActivator - ok
02:00:20.0901 1096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
02:00:20.0917 1096 netprofm - ok
02:00:21.0057 1096 netr28x (b6e1bf8dbff4b18f1a2d65da6e40bc7c) C:\windows\system32\DRIVERS\netr28x.sys
02:00:21.0057 1096 netr28x - ok
02:00:21.0198 1096 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:21.0198 1096 NetTcpActivator - ok
02:00:21.0198 1096 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:00:21.0198 1096 NetTcpPortSharing - ok
02:00:21.0260 1096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
02:00:21.0260 1096 nfrd960 - ok
02:00:21.0307 1096 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
02:00:21.0322 1096 NlaSvc - ok
02:00:21.0322 1096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
02:00:21.0322 1096 Npfs - ok
02:00:21.0338 1096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
02:00:21.0354 1096 nsi - ok
02:00:21.0385 1096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
02:00:21.0400 1096 nsiproxy - ok
02:00:21.0494 1096 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
02:00:21.0525 1096 Ntfs - ok
02:00:21.0697 1096 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
02:00:21.0697 1096 Null - ok
02:00:22.0149 1096 nvlddmkm (33fc1e65ea8e3c836d7293526d04d459) C:\windows\system32\DRIVERS\nvlddmkm.sys
02:00:22.0383 1096 nvlddmkm - ok
02:00:22.0555 1096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
02:00:22.0555 1096 nvraid - ok
02:00:22.0586 1096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
02:00:22.0586 1096 nvstor - ok
02:00:22.0648 1096 nvsvc (bb8da091ec7f8169ea6e32042ed0b456) C:\windows\system32\nvvsvc.exe
02:00:22.0664 1096 nvsvc - ok
02:00:22.0836 1096 nvUpdatusService (ec6e07aa055776ca474e0ce0b0d1822f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:00:22.0867 1096 nvUpdatusService - ok
02:00:23.0023 1096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
02:00:23.0023 1096 nv_agp - ok
02:00:23.0038 1096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
02:00:23.0038 1096 ohci1394 - ok
02:00:23.0163 1096 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:00:23.0163 1096 ose - ok
02:00:23.0413 1096 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:00:23.0491 1096 osppsvc - ok
02:00:23.0600 1096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:00:23.0616 1096 p2pimsvc - ok
02:00:23.0662 1096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
02:00:23.0678 1096 p2psvc - ok
02:00:23.0740 1096 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
02:00:23.0740 1096 Parport - ok
02:00:23.0772 1096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
02:00:23.0772 1096 partmgr - ok
02:00:23.0787 1096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
02:00:23.0787 1096 PcaSvc - ok
02:00:23.0850 1096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
02:00:23.0850 1096 pci - ok
02:00:23.0865 1096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
02:00:23.0865 1096 pciide - ok
02:00:23.0896 1096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
02:00:23.0912 1096 pcmcia - ok
02:00:23.0959 1096 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\windows\system32\drivers\PCTCore64.sys
02:00:23.0974 1096 PCTCore - ok
02:00:24.0037 1096 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\windows\system32\drivers\pctDS64.sys
02:00:24.0084 1096 pctDS - ok
02:00:24.0146 1096 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\windows\system32\drivers\pctEFA64.sys
02:00:24.0146 1096 pctEFA - ok
02:00:24.0208 1096 PCTSD (9b7670b21e7fcbe9da9c4a751f31cca6) C:\windows\system32\Drivers\PCTSD64.sys
02:00:24.0224 1096 PCTSD - ok
02:00:24.0286 1096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
02:00:24.0286 1096 pcw - ok
02:00:24.0333 1096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
02:00:24.0333 1096 PEAUTH - ok
02:00:24.0411 1096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
02:00:24.0411 1096 PerfHost - ok
02:00:24.0505 1096 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
02:00:24.0536 1096 pla - ok
02:00:24.0598 1096 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
02:00:24.0614 1096 PlugPlay - ok
02:00:24.0630 1096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
02:00:24.0630 1096 PNRPAutoReg - ok
02:00:24.0661 1096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:00:24.0661 1096 PNRPsvc - ok
02:00:24.0739 1096 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
02:00:24.0754 1096 PolicyAgent - ok
02:00:24.0770 1096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
02:00:24.0770 1096 Power - ok
02:00:24.0864 1096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
02:00:24.0864 1096 PptpMiniport - ok
02:00:24.0895 1096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
02:00:24.0895 1096 Processor - ok
02:00:24.0926 1096 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
02:00:24.0942 1096 ProfSvc - ok
02:00:24.0973 1096 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:24.0973 1096 ProtectedStorage - ok
02:00:25.0035 1096 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
02:00:25.0035 1096 Psched - ok
02:00:25.0144 1096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
02:00:25.0222 1096 ql2300 - ok
02:00:25.0378 1096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
02:00:25.0378 1096 ql40xx - ok
02:00:25.0410 1096 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
02:00:25.0410 1096 QWAVE - ok
02:00:25.0425 1096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
02:00:25.0425 1096 QWAVEdrv - ok
02:00:25.0441 1096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
02:00:25.0441 1096 RasAcd - ok
02:00:25.0472 1096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
02:00:25.0488 1096 RasAgileVpn - ok
02:00:25.0519 1096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
02:00:25.0519 1096 RasAuto - ok
02:00:25.0534 1096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
02:00:25.0534 1096 Rasl2tp - ok
02:00:25.0581 1096 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
02:00:25.0581 1096 RasMan - ok
02:00:25.0597 1096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
02:00:25.0612 1096 RasPppoe - ok
02:00:25.0628 1096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
02:00:25.0628 1096 RasSstp - ok
02:00:25.0675 1096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
02:00:25.0675 1096 rdbss - ok
02:00:25.0690 1096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
02:00:25.0690 1096 rdpbus - ok
02:00:25.0706 1096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
02:00:25.0706 1096 RDPCDD - ok
02:00:25.0737 1096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
02:00:25.0737 1096 RDPENCDD - ok
02:00:25.0753 1096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
02:00:25.0753 1096 RDPREFMP - ok
02:00:25.0784 1096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
02:00:25.0784 1096 RDPWD - ok
02:00:25.0815 1096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
02:00:25.0831 1096 rdyboost - ok
02:00:25.0862 1096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
02:00:25.0862 1096 RemoteAccess - ok
02:00:25.0893 1096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
02:00:25.0909 1096 RemoteRegistry - ok
02:00:25.0909 1096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
02:00:25.0924 1096 RpcEptMapper - ok
02:00:25.0940 1096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
02:00:25.0940 1096 RpcLocator - ok
02:00:25.0987 1096 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
02:00:25.0987 1096 RpcSs - ok
02:00:26.0034 1096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
02:00:26.0034 1096 rspndr - ok
02:00:26.0080 1096 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\windows\system32\DRIVERS\Rt64win7.sys
02:00:26.0080 1096 RTL8167 - ok
02:00:26.0127 1096 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:26.0127 1096 SamSs - ok
02:00:26.0143 1096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
02:00:26.0143 1096 sbp2port - ok
02:00:26.0190 1096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
02:00:26.0190 1096 SCardSvr - ok
02:00:26.0205 1096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
02:00:26.0221 1096 scfilter - ok
02:00:26.0314 1096 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
02:00:26.0346 1096 Schedule - ok
02:00:26.0377 1096 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
02:00:26.0377 1096 SCPolicySvc - ok
02:00:26.0564 1096 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
02:00:26.0564 1096 sdAuxService - ok
02:00:26.0658 1096 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
02:00:26.0673 1096 sdbus - ok
02:00:26.0782 1096 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
02:00:26.0814 1096 sdCoreService - ok
02:00:26.0860 1096 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
02:00:26.0860 1096 SDRSVC - ok
02:00:26.0954 1096 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:00:26.0954 1096 SeaPort - ok
02:00:27.0063 1096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
02:00:27.0063 1096 secdrv - ok
02:00:27.0079 1096 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
02:00:27.0094 1096 seclogon - ok
02:00:27.0110 1096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
02:00:27.0110 1096 SENS - ok
02:00:27.0126 1096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
02:00:27.0126 1096 SensrSvc - ok
02:00:27.0172 1096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
02:00:27.0172 1096 Serenum - ok
02:00:27.0204 1096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
02:00:27.0204 1096 Serial - ok
02:00:27.0266 1096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
02:00:27.0266 1096 sermouse - ok
02:00:27.0297 1096 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
02:00:27.0313 1096 SessionEnv - ok
02:00:27.0328 1096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
02:00:27.0328 1096 sffdisk - ok
02:00:27.0328 1096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
02:00:27.0328 1096 sffp_mmc - ok
02:00:27.0344 1096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
02:00:27.0344 1096 sffp_sd - ok
02:00:27.0344 1096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
02:00:27.0344 1096 sfloppy - ok
02:00:27.0391 1096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
02:00:27.0406 1096 SharedAccess - ok
02:00:27.0453 1096 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
02:00:27.0469 1096 ShellHWDetection - ok
02:00:27.0500 1096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
02:00:27.0500 1096 SiSRaid2 - ok
02:00:27.0531 1096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
02:00:27.0531 1096 SiSRaid4 - ok
02:00:27.0562 1096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
02:00:27.0578 1096 Smb - ok
02:00:27.0656 1096 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
02:00:27.0672 1096 smserial - ok
02:00:27.0734 1096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
02:00:27.0734 1096 SNMPTRAP - ok
02:00:27.0750 1096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
02:00:27.0750 1096 spldr - ok
02:00:27.0812 1096 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
02:00:27.0843 1096 Spooler - ok
02:00:27.0999 1096 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
02:00:28.0062 1096 sppsvc - ok
02:00:28.0186 1096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
02:00:28.0186 1096 sppuinotify - ok
02:00:28.0280 1096 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
02:00:28.0280 1096 srv - ok
02:00:28.0327 1096 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
02:00:28.0327 1096 srv2 - ok
02:00:28.0374 1096 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
02:00:28.0374 1096 srvnet - ok
02:00:28.0420 1096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
02:00:28.0420 1096 SSDPSRV - ok
02:00:28.0436 1096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
02:00:28.0452 1096 SstpSvc - ok
02:00:28.0467 1096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
02:00:28.0483 1096 stexstor - ok
02:00:28.0545 1096 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
02:00:28.0561 1096 stisvc - ok
02:00:28.0592 1096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
02:00:28.0592 1096 swenum - ok
02:00:28.0654 1096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
02:00:28.0670 1096 swprv - ok
02:00:28.0764 1096 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
02:00:28.0795 1096 SysMain - ok
02:00:28.0920 1096 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
02:00:28.0920 1096 TabletInputService - ok
02:00:28.0951 1096 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
02:00:28.0951 1096 TapiSrv - ok
02:00:28.0966 1096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
02:00:28.0966 1096 TBS - ok
02:00:29.0138 1096 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
02:00:29.0185 1096 Tcpip - ok
02:00:29.0388 1096 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
02:00:29.0388 1096 TCPIP6 - ok
02:00:29.0481 1096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
02:00:29.0481 1096 tcpipreg - ok
02:00:29.0512 1096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
02:00:29.0512 1096 TDPIPE - ok
02:00:29.0528 1096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
02:00:29.0528 1096 TDTCP - ok
02:00:29.0559 1096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
02:00:29.0559 1096 tdx - ok
02:00:29.0746 1096 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
02:00:29.0793 1096 TeamViewer7 - ok
02:00:29.0934 1096 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
02:00:29.0949 1096 TermDD - ok
02:00:30.0027 1096 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
02:00:30.0043 1096 TermService - ok
02:00:30.0058 1096 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
02:00:30.0058 1096 Themes - ok
02:00:30.0090 1096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:00:30.0090 1096 THREADORDER - ok
02:00:30.0105 1096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
02:00:30.0105 1096 TrkWks - ok
02:00:30.0183 1096 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
02:00:30.0183 1096 TrustedInstaller - ok
02:00:30.0230 1096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
02:00:30.0230 1096 tssecsrv - ok
02:00:30.0292 1096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
02:00:30.0292 1096 tunnel - ok
02:00:30.0308 1096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
02:00:30.0308 1096 uagp35 - ok
02:00:30.0355 1096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
02:00:30.0355 1096 udfs - ok
02:00:30.0386 1096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
02:00:30.0386 1096 UI0Detect - ok
02:00:30.0402 1096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
02:00:30.0402 1096 uliagpkx - ok
02:00:30.0417 1096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
02:00:30.0417 1096 umbus - ok
02:00:30.0448 1096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
02:00:30.0448 1096 UmPass - ok
02:00:30.0620 1096 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:00:30.0667 1096 UNS - ok
02:00:30.0792 1096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
02:00:30.0823 1096 upnphost - ok
02:00:30.0870 1096 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
02:00:30.0870 1096 USBAAPL64 - ok
02:00:30.0916 1096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
02:00:30.0916 1096 usbccgp - ok
02:00:30.0932 1096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
02:00:30.0932 1096 usbcir - ok
02:00:30.0963 1096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
02:00:30.0963 1096 usbehci - ok
02:00:30.0994 1096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
02:00:31.0010 1096 usbhub - ok
02:00:31.0026 1096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
02:00:31.0041 1096 usbohci - ok
02:00:31.0057 1096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
02:00:31.0057 1096 usbprint - ok
02:00:31.0057 1096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
02:00:31.0072 1096 USBSTOR - ok
02:00:31.0088 1096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
02:00:31.0088 1096 usbuhci - ok
02:00:31.0150 1096 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
02:00:31.0150 1096 usbvideo - ok
02:00:31.0197 1096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
02:00:31.0197 1096 UxSms - ok
02:00:31.0228 1096 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
02:00:31.0228 1096 VaultSvc - ok
02:00:31.0260 1096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
02:00:31.0260 1096 vdrvroot - ok
02:00:31.0322 1096 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
02:00:31.0353 1096 vds - ok
02:00:31.0384 1096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
02:00:31.0384 1096 vga - ok
02:00:31.0400 1096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
02:00:31.0400 1096 VgaSave - ok
02:00:31.0431 1096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
02:00:31.0447 1096 vhdmp - ok
02:00:31.0478 1096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
02:00:31.0478 1096 viaide - ok
02:00:31.0494 1096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
02:00:31.0494 1096 volmgr - ok
02:00:31.0540 1096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
02:00:31.0556 1096 volmgrx - ok
02:00:31.0618 1096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
02:00:31.0618 1096 volsnap - ok
02:00:31.0665 1096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
02:00:31.0665 1096 vsmraid - ok
02:00:31.0759 1096 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
02:00:31.0806 1096 VSS - ok
02:00:31.0962 1096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
02:00:31.0962 1096 vwifibus - ok
02:00:31.0993 1096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
02:00:31.0993 1096 vwififlt - ok
02:00:32.0040 1096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
02:00:32.0040 1096 vwifimp - ok
02:00:32.0102 1096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
02:00:32.0133 1096 W32Time - ok
02:00:32.0149 1096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
02:00:32.0149 1096 WacomPen - ok
02:00:32.0196 1096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
02:00:32.0196 1096 WANARP - ok
02:00:32.0196 1096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
02:00:32.0196 1096 Wanarpv6 - ok
02:00:32.0305 1096 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
02:00:32.0336 1096 wbengine - ok
02:00:32.0461 1096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
02:00:32.0461 1096 WbioSrvc - ok
02:00:32.0523 1096 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\windows\System32\wcncsvc.dll
02:00:32.0539 1096 wcncsvc - ok
02:00:32.0554 1096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
02:00:32.0554 1096 WcsPlugInService - ok
02:00:32.0632 1096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
02:00:32.0632 1096 Wd - ok
02:00:32.0695 1096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
02:00:32.0710 1096 Wdf01000 - ok
02:00:32.0757 1096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:00:32.0757 1096 WdiServiceHost - ok
02:00:32.0773 1096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:00:32.0773 1096 WdiSystemHost - ok
02:00:32.0804 1096 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\windows\System32\webclnt.dll
02:00:32.0804 1096 WebClient - ok
02:00:32.0835 1096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
02:00:32.0835 1096 Wecsvc - ok
02:00:32.0866 1096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
02:00:32.0866 1096 wercplsupport - ok
02:00:32.0898 1096 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
02:00:32.0898 1096 WerSvc - ok
02:00:32.0991 1096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
02:00:32.0991 1096 WfpLwf - ok
02:00:33.0007 1096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
02:00:33.0007 1096 WIMMount - ok
02:00:33.0085 1096 WinDefend - ok
02:00:33.0085 1096 WinHttpAutoProxySvc - ok
02:00:33.0178 1096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
02:00:33.0194 1096 Winmgmt - ok
02:00:33.0319 1096 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
02:00:33.0366 1096 WinRM - ok
02:00:33.0537 1096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
02:00:33.0537 1096 WinUsb - ok
02:00:33.0615 1096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
02:00:33.0631 1096 Wlansvc - ok
02:00:33.0709 1096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
02:00:33.0709 1096 WmiAcpi - ok
02:00:33.0802 1096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
02:00:33.0802 1096 wmiApSrv - ok
02:00:33.0849 1096 WMPNetworkSvc - ok
02:00:33.0880 1096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
02:00:33.0896 1096 WPCSvc - ok
02:00:33.0927 1096 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
02:00:33.0927 1096 WPDBusEnum - ok
02:00:33.0958 1096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
02:00:33.0958 1096 ws2ifsl - ok
02:00:33.0974 1096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
02:00:33.0974 1096 wscsvc - ok
02:00:33.0990 1096 WSearch - ok
02:00:34.0146 1096 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
02:00:34.0224 1096 wuauserv - ok
02:00:34.0380 1096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
02:00:34.0380 1096 WudfPf - ok
02:00:34.0427 1096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
02:00:34.0427 1096 WUDFRd - ok
02:00:34.0458 1096 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
02:00:34.0458 1096 wudfsvc - ok
02:00:34.0489 1096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
02:00:34.0489 1096 WwanSvc - ok
02:00:34.0536 1096 MBR (0x1B8) (14321d2c56b8c2b3045d514f070e8ed1) \Device\Harddisk0\DR0
02:00:34.0567 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
02:00:34.0567 1096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
02:00:34.0598 1096 Boot (0x1200) (9db6211045b839115e51421dda36a8cb) \Device\Harddisk0\DR0\Partition0
02:00:34.0598 1096 \Device\Harddisk0\DR0\Partition0 - ok
02:00:34.0629 1096 Boot (0x1200) (862d02533f77c60a8bdf1fe169203cd3) \Device\Harddisk0\DR0\Partition1
02:00:34.0629 1096 \Device\Harddisk0\DR0\Partition1 - ok
02:00:34.0629 1096 ============================================================
02:00:34.0629 1096 Scan finished
02:00:34.0629 1096 ============================================================
02:00:34.0629 1104 Detected object count: 1
02:00:34.0629 1104 Actual detected object count: 1
02:00:56.0485 1104 \Device\Harddisk0\DR0\# - copied to quarantine
02:00:56.0485 1104 \Device\Harddisk0\DR0 - copied to quarantine
02:00:56.0532 1104 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
02:00:56.0532 1104 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
02:00:56.0532 1104 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
02:00:56.0532 1104 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
02:00:56.0532 1104 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
02:00:56.0547 1104 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
02:00:56.0547 1104 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
02:00:56.0547 1104 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
02:00:56.0547 1104 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
02:00:56.0579 1104 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
02:00:56.0594 1104 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
02:00:56.0672 1104 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
02:00:56.0688 1104 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
02:00:56.0703 1104 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
02:00:56.0719 1104 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
02:00:56.0735 1104 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
02:00:56.0750 1104 \Device\Harddisk0\DR0 - processing error
02:01:08.0419 1104 \Device\Harddisk0\DR0 - will be restored on reboot
02:01:08.0513 1104 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
02:01:10.0665 2020 Deinitialize success
Code:
ATTFilter ComboFix 12-04-29.02 - ******** 30.04.2012 2:22.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3886.2844 [GMT 2:00]
ausgeführt von:: c:\users\*********\Desktop\cofi.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3HUSDTQCqzyz0Q
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-28 bis 2012-04-30 ))))))))))))))))))))))))))))))
.
.
2012-04-30 00:30 . 2012-04-30 00:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-30 00:30 . 2012-04-30 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 00:00 . 2012-04-30 00:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 23:20 . 2011-12-01 14:07 1096688 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-04-29 23:20 . 2011-12-01 14:07 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-04-29 23:20 . 2012-02-24 08:31 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-04-29 23:20 . 2012-02-24 08:31 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-04-29 23:20 . 2011-11-14 13:12 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-04-29 23:20 . 2012-02-24 08:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-29 23:20 . 2012-02-24 08:35 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-29 23:20 . 2012-02-24 08:37 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-04-29 23:20 . 2012-04-29 23:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-04-29 23:20 . 2012-04-29 23:23 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-29 23:20 . 2012-04-29 23:20 -------- d-----w- c:\programdata\PC Tools
2012-04-29 23:16 . 2012-04-29 23:19 -------- d-----w- c:\users\*********\AppData\Roaming\GetRightToGo
2012-04-29 23:08 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 22:45 . 2012-04-29 22:45 244736 ---ha-w- c:\programdata\3HUSDTQCqzyz0Q.exe
2012-04-26 14:54 . 2012-04-26 14:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 14:54 . 2012-04-26 14:54 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:54 . 2012-04-26 14:54 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-03 10:34 . 2012-04-03 10:34 -------- d-----w- C:\found.000
2012-04-01 19:21 . 2012-04-01 19:21 -------- d--h--w- c:\users\**********\AppData\Roaming\TeamViewer
2012-04-01 16:18 . 2012-04-01 16:18 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 12:21 . 2012-03-08 11:46 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1CAE415-47B2-4786-82CE-52B5F5EADB89}\mpengine.dll
2012-02-23 08:18 . 2012-03-08 11:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-10-30 08:46 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2011-10-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-01-08 2396160]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-02-02 220744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-23 1800808]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R3 16384126;16384126; [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\DRIVERS\fspad_xp64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files (x86)\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 00:58]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-05 00:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*********\AppData\Roaming\Mozilla\Firefox\Profiles\1k95elk5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-30 02:34:05
ComboFix-quarantined-files.txt 2012-04-30 00:34
.
Vor Suchlauf: 7 Verzeichnis(se), 95.268.810.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 94.760.005.632 Bytes frei
.
- - End Of File - - DB08135E52C70E0C77A0A8BED6D7113A
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.29.07 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 30.04.2012 09:51:19 mbam-log-2012-04-30 (10-23-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 335768 Laufzeit: 29 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 12 C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_01.59.53\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\30.04.2012_02.46.17\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Keine Aktion durchgeführt. (Ende) DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by ********* at 10:07:30 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3886.2799 [GMT 2:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\**********\Desktop\dds.com
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26F7C85B-2A9B-4E31-998B-978E81957942} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AFA71E5D-7E1F-44A2-975F-68265BE7EE1F} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\1k95elk5.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\windows\system32\drivers\pctDS64.sys --> C:\windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\system32\drivers\pctEFA64.sys --> C:\windows\system32\drivers\pctEFA64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\DRIVERS\fspad_wlh64.sys --> C:\windows\system32\DRIVERS\fspad_wlh64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\windows\system32\Drivers\PCTSD64.sys --> C:\windows\system32\Drivers\PCTSD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-5 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-6-4 1800808]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-4-30 402336]
S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-4-30 1117624]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-1 2666880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-4 2320920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\DRIVERS\fspad_xp64.sys --> C:\windows\system32\DRIVERS\fspad_xp64.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-5 136176]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-30 08:07:37 -------- d-----w- C:\Users\***********\AppData\Local\Microsoft
2012-04-30 00:43:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-30 00:09:33 98816 ----a-w- C:\windows\sed.exe
2012-04-30 00:09:33 518144 ----a-w- C:\windows\SWREG.exe
2012-04-30 00:09:33 256000 ----a-w- C:\windows\PEV.exe
2012-04-30 00:09:33 208896 ----a-w- C:\windows\MBR.exe
2012-04-30 00:00:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 23:20:26 453896 ----a-w- C:\windows\System32\drivers\pctDS64.sys
2012-04-29 23:20:26 1096688 ----a-w- C:\windows\System32\drivers\pctEFA64.sys
2012-04-29 23:20:23 339608 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys
2012-04-29 23:20:23 145432 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys
2012-04-29 23:20:19 367912 ----a-w- C:\windows\System32\drivers\PCTCore64.sys
2012-04-29 23:20:17 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-04-29 23:20:17 14776 ----a-w- C:\windows\System32\drivers\pctBTFix64.sys
2012-04-29 23:20:13 92896 ----a-w- C:\windows\System32\drivers\pctplsg64.sys
2012-04-29 23:20:05 -------- d-----w- C:\ProgramData\PC Tools
2012-04-29 23:20:05 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-04-29 23:20:05 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-29 23:16:59 -------- d-----w- C:\Users\**********\AppData\Roaming\GetRightToGo
2012-04-29 23:08:17 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-29 22:45:16 244736 ----a-w- C:\ProgramData\3HUSDTQCqzyz0Q.exe
2012-04-26 14:54:35 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 14:54:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:54:34 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-03 10:34:33 -------- d-----w- C:\found.000
2012-04-01 19:21:39 -------- d-----w- C:\Users\********\AppData\Roaming\TeamViewer
2012-04-01 16:18:22 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M ====================
.
2012-02-23 08:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-15 10:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
.
============= FINISH: 10:08:21,25 ===============
Hat sich aber weiter noch nichts getan, habe immer noch Probleme, Programme stürzen ab/lassen sich nicht starten, Startleiste ist leer, schwarzer Hintergrund etc. Wäre super, wenn mir jemand helfen könnte! Geändert von The_Pirate (30.04.2012 um 10:23 Uhr) |
|
30.04.2012, 17:50
| #2 |
| /// Malware-holic   | Problem mit Rootkit BOO/TDss.O hi
__________________nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ |
|
30.04.2012, 17:59
| #3 |
| | Problem mit Rootkit BOO/TDss.O Hallo,
__________________eigentlich nur fürs Onlinebanking, allerdings eher sporadisch. PayPal benutze ich aber immer wieder mal. Ich werd mal direkt die Passwörter an einem anderen, sauberen Rechner ändern. |
|
01.05.2012, 11:26
| #4 |
| /// Malware-holic | Problem mit Rootkit BOO/TDss.O hi bank anrufen, onlinebanking sperren lassen, neue zugangsdaten schicken lassen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2012, 13:49
| #5 |
| | Problem mit Rootkit BOO/TDss.O Hallo, vielen Dank für deine Hilfe. Zu den von dir angesprochenen Punkten: 1. Autorun ist deaktiviert, Daten sind gesichert (ist kaum was Relevantes draufgewesen zum Glück). 2. Treiber sind von der Hersteller-Homepage runtergeladen und weggebrannt, Servicepack 1 hab ich auf USB-Stick. Soll die Formatierung dann über die ISO-DVD gemacht werden? Das werde ich zusammen mit dem Neuaufsetzen von Windows dann wohl erst am nächsten Wochenende schaffen, da ich dann erst wieder an einen Rechner komme, mit dem ich die ISO-DVD brennen kann. 3. Werde ich deinen Anweisungen gemäß machen, wenn der Rechner wieder aufgesetzt ist. 4. Passwörter werden geändert, Bank ist informiert (Onlinebanking mache ich, wenn dann eh nur mit Chip Card Reader). Was genau ist denn mit dem Rechner passiert, dass er so hoffnungslos hinüber ist? Nochmals vielen Dank für deine Hilfe. |
|
01.05.2012, 17:22
| #6 |
| /// Malware-holic | Problem mit Rootkit BOO/TDss.O du hast ein rootkit, solche rootkits können weitere enderungen am system machen die wir evtl nicht nachvollziehen können. wie das mit der formatierung geht, weist du?
__________________ --> Problem mit Rootkit BOO/TDss.O |
|
01.05.2012, 17:35
| #7 |
| | Problem mit Rootkit BOO/TDss.O Falls ich nichts fundamental missverstehe, kann ich das doch über die Datenträgerverwaltung, das entsprechende Volume auswählen und dann Rechtsklick -->Formatieren. Ansonsten sollte es doch aber auch über die Installations-CD funktionieren, oder (über Benutzerdefiniert)? |
|
05.05.2012, 20:52
| #8 |
| | Problem mit Rootkit BOO/TDss.O So, habe alles entsprechend deinen Anweisungen durchgeführt, System ist neu aufgesetzt (Festplattenpartitionen dabei formatiert) , Windows 7 Service Pack 1 ist installiert, ebenso alle Gerätetreiber. Weiterhin habe ich die von dir empfohlenen Programme ebenfalls installiert (Avast, Malwarebytes, Secunia PSI, FileHippo, Paragon) und die entsprechenden Systemeinstellungen zum besseren Schutz vorgenommen. |
|
06.05.2012, 19:22
| #9 |
| /// Malware-holic | Problem mit Rootkit BOO/TDss.O hi, sehr gut. und sorry, eintrag vom ersten mai übersehen. ich möchte erst mal anhand einer checkliste prüfen ob du alles hast. - instalieren von optionalen und wichtigen updates. - konfigurieren von windows updates. - dep für alle prozesse aktivieren. - sehop aktivieren. - chrome instalieren. - sandboxie instalieren. - autorun deaktivieren. - panda vaccine instalieren. - secunia instalieren. - file hippo instalieren. beachte: secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch. - backup software instalieren, backup und rettungsdvd erstellen. hier ne kurze anleitung: Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT - wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Problem mit Rootkit BOO/TDss.O |
| antivirus, avira de-cleaner, combofix, dateisystem, defender, desktop, document, dxgkrnl, explorer, fontcache, google, heuristiks/extra, heuristiks/shuriken, internet, internet explorer, lanmanworkstation, logfile, nicht starten, notification, nvidia update, policyagent, popups, problem, realtek, rootkit, rootkit.boot.sst.a, rootkit.tdss, rootkit.tdss.64, security, server, spyware, starten, super, trustedinstaller, tunnel, updates, windows 7 home, wlansvc, wsearch |
Linear-Darstellung
