Litlaa Skrevet 24. april 2012 Del Skrevet 24. april 2012 Jeg ble utsatt for løsepengeviruset som dekrypterer alle filene på pcen og endrer filnavnet til .EnCiPhErEd. I tillegg la den et tekstdokument i alle infiserte mapper med navnet "HOW TO DECRYPT FILES". Dette poppet opp ved oppstart i tillegg til at windows gir meg beskjed om at jeg har "filer som venter på å bli brent på platen". Det ser ut til å være tekstdokumentet. Jeg fikk en dekrypteringskode av dr web som fungerte til å dekryptere filene. (Før jeg prøvde denne koden hadde jeg prøvt å kjøre en del virusprogrammer som fjernet en del trusler på maskinen, men vet ikke om det fjernet dette viruset) Etterpå kjørte jeg combofix og deretter en scan med Malwarebytes Anti-malware. Den fant ingenting etterpå. Men jeg kjørte en virusscan med superAntispyware som fant 39 trusler. De tror jeg at jeg fikk til å slette for da jeg kjørte en scan igjen fant den ingenting. Men jeg legger ved loggen i tilfelle det har noe betydning. Jeg har ikke peiling Det ser ut til at combofix slettet en del av de ubrukelige .EnCiPhErEd-filene. Men hvis jeg søker ".EnCiPhErEd" i søkefeltet, kommer det fremdeles opp mange i søkeresultatet. I tillegg popper fremdeles teksfilen opp ved oppstart og beskjeden om filer som venter på å bli brent. Tekstfilen ligger fremdeles i flere andre mapper. Pcen er i tillegg veldig treg. Jeg vet heller ikke om den fikk slettet selve viruset. Jeg har ikke så mye peiling på data så det hadde vært supert om noen kan se på loggene mine. Det er verdt å merke seg at jeg fikk opp en melding om at Microsoft Security Essentials var på og at jeg måtte skru den av før jeg trykte ok. Den trodde jeg at jeg hadde fått til å skru av før jeg startet combofix, men tydeligvis ikke. Jeg gikk derfor inn og tok vekk haken "slå på sanntidsbeskyttelse" etter å ha sett på forumer at det var slik man skrudde den av. I mellomtiden hadde combofix begynt uten at jeg enda hadde trykket på ok. Vet ikke om det har noe å si for hvordan den jobbet. Men jeg fikk da gjort det før den begynte scannen...Anyways, her er loggene: Combofix-loggen: ComboFix 12-04-19.01 - Eier 24.04.2012 2:15.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2045.1594 [GMT 2:00] Kjører fra: c:\users\Eier\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\HBLiteSA c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar c:\users\Eier\AppData\Local\Microsoft\Windows\Temporary Internet Files\HOW TO DECRYPT FILES.txt c:\users\Eier\AppData\Roaming\HBLite c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\2010 Facebook.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\7a.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\85-96 m pensumliste.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\allergi.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING BAD SEASON 2_UNCENSORED.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Breaking Bad.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Breaking.Bad.S03E04.REPACK.DVDRip.XviD-aAF.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E05-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E06-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E07-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E08-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E09-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E10-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E12-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\BREAKING_BAD_S2_E13-1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Emne 1.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Facebook.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Forelesninger.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Forprøve Ikon (2011).lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Generelt om faget.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\HOW TO DECRYPT FILES.txt c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\INSTALL NOTES.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Menneskerettigheter.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\PENSUM SAMFUNNSFAG 1 HØST2010 (2) (2).lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Pensum.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\POLITISK DELTAKING10.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\RÅD TIL EKSAMENSOPPGAVER.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Samfunnsfag 1 Forelesning 11.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Samfunnsfag 1 Forelesning 9.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Samfunnskunnskapsgrupper 2010.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\Samfunnskunnskapsundersøkelser.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\UTVIKLINGSTREKK I NORSK POLITIKK.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\vacation.lnk.EnCiPhErEd c:\users\Eier\AppData\Roaming\Microsoft\Windows\Recent\VELKOMMEN TIL SAMFUNNSFAG 1.lnk.EnCiPhErEd c:\users\Eier\te94decrypt.exe c:\windows\IsUn0414.exe c:\windows\System32\Desktop_.ini . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-03-24 til 2012-04-24 ))))))))))))))))))))))))))))))))) . . 2012-04-24 00:28 . 2012-04-24 00:34 -------- d-----w- c:\users\Eier\AppData\Local\temp 2012-04-24 00:28 . 2012-04-24 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-22 17:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59965264-A4C1-4CC1-AE86-0F51DE5834DC}\mpengine.dll 2012-04-20 17:26 . 2012-04-23 21:43 -------- d-----w- c:\users\Eier\AppData\Local\Spotify 2012-04-20 17:23 . 2012-04-23 21:28 -------- d-----w- c:\users\Eier\AppData\Roaming\Spotify 2012-04-20 03:12 . 2012-04-23 02:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-20 00:19 . 2012-04-20 00:19 -------- d-----w- c:\program files\Uniblue 2012-04-19 23:07 . 2012-04-19 23:07 -------- d-----w- c:\users\Eier\AppData\Roaming\SUPERAntiSpyware.com 2012-04-19 23:06 . 2012-04-19 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-19 23:06 . 2012-04-19 23:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-04-19 03:24 . 2012-04-19 03:24 -------- d-----w- c:\users\Eier\AppData\Roaming\Malwarebytes 2012-04-19 03:24 . 2012-04-19 03:24 -------- d-----w- c:\programdata\Malwarebytes 2012-04-19 03:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-13 11:30 . 2012-04-19 03:32 -------- d-----w- c:\users\Eier\AppData\Roaming\Biep 2012-04-13 11:30 . 2012-04-13 12:11 -------- d-----w- c:\users\Eier\AppData\Roaming\Ceikeha 2012-04-12 01:16 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 01:16 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 01:16 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 01:16 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 01:14 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 01:14 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 19:24 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-04-10 12:55 . 2012-04-10 12:55 453904 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-04-09 15:45 . 1999-09-28 11:40 41472 ----a-w- c:\windows\system32\ShockWav.ILX 2012-03-29 18:20 . 2012-04-22 03:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-26 01:20 . 2012-03-26 01:21 -------- d-----w- c:\program files\GUM2665.tmp 2012-03-26 01:20 . 2012-03-26 01:20 3993600 ----a-w- c:\program files\GUT2675.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-22 03:16 . 2011-05-30 14:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 07:36 . 2011-04-15 13:53 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-14 15:45 . 2012-03-13 20:54 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-13 20:54 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-13 20:54 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-13 20:54 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-13 20:54 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-11 18:23 . 2012-02-11 18:25 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC8D84A-7545-49E5-A894-E82BC3656BDE}\gapaengine.dll 2012-02-09 00:11 . 2012-02-09 00:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-02 15:16 . 2012-03-13 20:54 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2011-04-14 11:01 237072 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5766C3D5-7B12-4003-B09F-1B9E74C32299}] 2011-11-10 20:04 102912 ----a-w- c:\program files\Infinite Loop AS\KickBack Plugin\KickBackIEPlugin.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-16 39408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Spotify"="c:\users\Eier\AppData\Roaming\Spotify\Spotify.exe" [2012-04-20 4011184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-17 845360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2008-06-12 525592] "WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-10-30 58648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\users\Eier\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Eier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HOW TO DECRYPT FILES.txt [2009-4-11 784] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BOOKcase 4.0.lnk - c:\program files\TEXTware\BOOKcase40\BC40CASE.exe [2012-4-9 405548] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 adbaihku;adbaihku;c:\windows\system32\drivers\adbaihku.sys [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 03:16] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 00:53] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 00:53] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 . - - - - TOMME PEKERE FJERNET - - - - . HKLM-Run-AirCardEnabler - (no file) AddRemove-BOOKcase 4.0 - c:\windows\IsUn0414.exe AddRemove-Fokus 2000 - c:\windows\IsUn0414.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-24 02:34 Windows 6.0.6002 Service Pack 2 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2012-04-24 02:38:06 ComboFix-quarantined-files.txt 2012-04-24 00:37 . Pre-Run: 18 063 376 384 byte ledig Post-Run: 19 136 442 368 byte ledig . - - End Of File - - 041D10E44E21F054F12BBB711A6303AE SuperAntispyware-loggen (før den slettet de 39 truslene): SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/24/2012 at 03:21 AM Application Version : 5.0.1146 Core Rules Database Version : 8500 Trace Rules Database Version: 6312 Scan type : Quick Scan Total Scan Time : 00:13:06 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC Off - Administrator Memory items scanned : 368 Memory threats detected : 0 Registry items scanned : 27354 Registry threats detected : 0 File items scanned : 6746 File threats detected : 39 Adware.Tracking Cookie C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\XFKRMP18.txt [ /ads.vg.no ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\VYKYW063.txt [ /specificclick.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\6UVWNF5U.txt [ /adformdsp.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\304XWQMS.txt [ /www.googleadservices.com ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\FLUQUA4H.txt [ /tradedoubler.com ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\PVNHD3WF.txt [ /adtech.de ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\EY8V1KSQ.txt [ /xiti.com ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\YE0RNFGK.txt [ /ru4.com ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\18ETV07B.txt [ /adviva.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\BA8VY3QM.txt [ /revsci.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\XEZ8VAND.txt [ /adform.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\KOI8VNP8.txt [ /doubleclick.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\73OJOU4B.txt [ /server.adformdsp.net ] C:\Users\Eier\AppData\Roaming\Microsoft\Windows\Cookies\1GPCITM4.txt [ /track.adform.net ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\872G100C.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\K8881ELB.txt [ Cookie:[email protected]/argos/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZFJD9M1.txt [ Cookie:[email protected]/pagead/conversion/1056057987/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\YO54H3S8.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\JF7TH0QV.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\APA81OWW.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I4JV3K37.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROJRFAQS.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\E46FZE16.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\E067B01L.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2IU5PAL.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\CL2HLS5L.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALX3FK55.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\X137MZ4Y.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\AppData\Roaming\Microsoft\Windows\Cookies\Low\09TKZ39E.txt [ Cookie:[email protected]/pagead/conversion/988171372/ ] C:\USERS\EIER\Cookies\VYKYW063.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\6UVWNF5U.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\304XWQMS.txt [ Cookie:[email protected]/pagead/conversion/1066687460/ ] C:\USERS\EIER\Cookies\FLUQUA4H.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\PVNHD3WF.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\BA8VY3QM.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\XEZ8VAND.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\KOI8VNP8.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\73OJOU4B.txt [ Cookie:[email protected]/ ] C:\USERS\EIER\Cookies\1GPCITM4.txt [ Cookie:[email protected]/ ] Håper noen kan hjelpe ei frustrert jente Lenke til kommentar
Mr. A Skrevet 24. april 2012 Del Skrevet 24. april 2012 Jeg er ikke kjent med loggene, så jeg kan ikke si noe om det men det jeg ville ha gjort var å ta backup av det viktige og reinstallere operativsystemet helt. 1 Lenke til kommentar
Dr.Geek Skrevet 24. april 2012 Del Skrevet 24. april 2012 (endret) Hai, du har en fortsatt aktiv rootkit. Kjør TDSS Killer: http://support.kaspe.../?qid=208280684 Post log (Ikke fjern noe enda) Gå til: https://www.virustotal.com/ og kopier in følgende file: (Choose file - kopier inn filen under: "filnavn", trykk "åpne". Post loggen. c:\windows\system32\drivers\adbaihku.sys _______________________________________ SuperAntiSpyware fant bare cookies som ikke utgjør noe direkte trusler Endret 24. april 2012 av TheGenius Lenke til kommentar
Litlaa Skrevet 25. april 2012 Forfatter Del Skrevet 25. april 2012 Hai, du har en fortsatt aktiv rootkit. Kjør TDSS Killer: http://support.kaspe.../?qid=208280684 Post log (Ikke fjern noe enda) Gå til: https://www.virustotal.com/ og kopier in følgende file: (Choose file - kopier inn filen under: "filnavn", trykk "åpne". Post loggen. c:\windows\system32\drivers\adbaihku.sys _______________________________________ SuperAntiSpyware fant bare cookies som ikke utgjør noe direkte trusler Jeg kjørte TDSS Killer. Den fant ingenting. Her er loggen: 03:13:40.0740 2404 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34 03:13:40.0997 2404 ============================================================ 03:13:40.0997 2404 Current date / time: 2012/04/25 03:13:40.0997 03:13:40.0998 2404 SystemInfo: 03:13:40.0998 2404 03:13:40.0999 2404 OS Version: 6.0.6002 ServicePack: 2.0 03:13:40.0999 2404 Product type: Workstation 03:13:40.0999 2404 ComputerName: EIER-PC 03:13:40.0999 2404 UserName: Eier 03:13:40.0999 2404 Windows directory: C:\Windows 03:13:40.0999 2404 System windows directory: C:\Windows 03:13:40.0999 2404 Processor architecture: Intel x86 03:13:40.0999 2404 Number of processors: 2 03:13:40.0999 2404 Page size: 0x1000 03:13:40.0999 2404 Boot type: Normal boot 03:13:41.0000 2404 ============================================================ 03:13:42.0988 2404 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 03:13:43.0465 2404 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:13:43.0467 2404 ============================================================ 03:13:43.0467 2404 \Device\Harddisk0\DR0: 03:13:43.0467 2404 MBR partitions: 03:13:43.0467 2404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x8B8C000 03:13:43.0467 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F11000, BlocksNum 0x8B08000 03:13:43.0467 2404 \Device\Harddisk1\DR2: 03:13:43.0468 2404 MBR partitions: 03:13:43.0468 2404 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 03:13:43.0468 2404 ============================================================ 03:13:43.0505 2404 C: <-> \Device\Harddisk0\DR0\Partition0 03:13:43.0547 2404 D: <-> \Device\Harddisk0\DR0\Partition1 03:13:43.0580 2404 H: <-> \Device\Harddisk1\DR2\Partition0 03:13:43.0580 2404 ============================================================ 03:13:43.0580 2404 Initialize success 03:13:43.0580 2404 ============================================================ 03:18:27.0173 5012 ============================================================ 03:18:27.0173 5012 Scan started 03:18:27.0173 5012 Mode: Manual; 03:18:27.0173 5012 ============================================================ 03:18:28.0328 5012 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 03:18:28.0328 5012 !SASCORE - ok 03:18:28.0780 5012 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 03:18:28.0796 5012 ACPI - ok 03:18:28.0842 5012 adbaihku - ok 03:18:28.0936 5012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 03:18:28.0936 5012 AdobeARMservice - ok 03:18:29.0045 5012 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 03:18:29.0076 5012 AdobeFlashPlayerUpdateSvc - ok 03:18:29.0170 5012 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 03:18:29.0264 5012 adp94xx - ok 03:18:29.0310 5012 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 03:18:29.0357 5012 adpahci - ok 03:18:29.0373 5012 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 03:18:29.0388 5012 adpu160m - ok 03:18:29.0435 5012 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 03:18:29.0451 5012 adpu320 - ok 03:18:29.0498 5012 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 03:18:29.0498 5012 AeLookupSvc - ok 03:18:29.0576 5012 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 03:18:29.0622 5012 AFD - ok 03:18:29.0685 5012 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 03:18:29.0685 5012 agp440 - ok 03:18:29.0732 5012 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 03:18:29.0732 5012 aic78xx - ok 03:18:29.0778 5012 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 03:18:29.0778 5012 ALG - ok 03:18:29.0825 5012 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 03:18:29.0825 5012 aliide - ok 03:18:29.0841 5012 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 03:18:29.0856 5012 amdagp - ok 03:18:29.0872 5012 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 03:18:29.0872 5012 amdide - ok 03:18:29.0903 5012 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 03:18:29.0903 5012 AmdK7 - ok 03:18:29.0919 5012 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 03:18:29.0934 5012 AmdK8 - ok 03:18:29.0981 5012 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 03:18:29.0981 5012 Appinfo - ok 03:18:30.0402 5012 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 03:18:30.0402 5012 Apple Mobile Device - ok 03:18:30.0465 5012 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 03:18:30.0465 5012 arc - ok 03:18:30.0496 5012 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 03:18:30.0512 5012 arcsas - ok 03:18:30.0605 5012 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 03:18:30.0621 5012 aspnet_state - ok 03:18:30.0668 5012 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 03:18:30.0683 5012 AsyncMac - ok 03:18:30.0714 5012 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 03:18:30.0714 5012 atapi - ok 03:18:30.0792 5012 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 03:18:30.0839 5012 AudioEndpointBuilder - ok 03:18:30.0855 5012 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 03:18:30.0855 5012 Audiosrv - ok 03:18:30.0933 5012 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys 03:18:30.0948 5012 b57nd60x - ok 03:18:31.0229 5012 BCM43XV (c052c0b184fa6801c43cee12145c397a) C:\Windows\system32\DRIVERS\bcmwl6.sys 03:18:31.0276 5012 BCM43XV - ok 03:18:31.0323 5012 BCM43XX (c052c0b184fa6801c43cee12145c397a) C:\Windows\system32\DRIVERS\bcmwl6.sys 03:18:31.0323 5012 BCM43XX - ok 03:18:31.0401 5012 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 03:18:31.0401 5012 Beep - ok 03:18:31.0463 5012 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 03:18:31.0494 5012 BFE - ok 03:18:31.0682 5012 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 03:18:31.0744 5012 BITS - ok 03:18:31.0791 5012 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 03:18:31.0806 5012 blbdrive - ok 03:18:31.0838 5012 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 03:18:31.0838 5012 bowser - ok 03:18:31.0884 5012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 03:18:31.0884 5012 BrFiltLo - ok 03:18:31.0900 5012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 03:18:31.0900 5012 BrFiltUp - ok 03:18:31.0947 5012 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 03:18:31.0947 5012 Browser - ok 03:18:31.0994 5012 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 03:18:31.0994 5012 Brserid - ok 03:18:32.0025 5012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 03:18:32.0025 5012 BrSerWdm - ok 03:18:32.0040 5012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 03:18:32.0040 5012 BrUsbMdm - ok 03:18:32.0056 5012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 03:18:32.0056 5012 BrUsbSer - ok 03:18:32.0087 5012 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 03:18:32.0087 5012 BTHMODEM - ok 03:18:32.0321 5012 Cam5607 (8a70000d37b4d6bf420477741e49b502) C:\Windows\system32\Drivers\BisonC07.sys 03:18:32.0415 5012 Cam5607 - ok 03:18:32.0540 5012 catchme - ok 03:18:32.0602 5012 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 03:18:32.0602 5012 cdfs - ok 03:18:32.0664 5012 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 03:18:32.0664 5012 cdrom - ok 03:18:32.0711 5012 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 03:18:32.0727 5012 CertPropSvc - ok 03:18:32.0774 5012 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 03:18:32.0774 5012 circlass - ok 03:18:32.0820 5012 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 03:18:32.0867 5012 CLFS - ok 03:18:33.0195 5012 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:18:33.0210 5012 clr_optimization_v2.0.50727_32 - ok 03:18:33.0288 5012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:18:33.0304 5012 clr_optimization_v4.0.30319_32 - ok 03:18:33.0382 5012 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 03:18:33.0382 5012 CmBatt - ok 03:18:33.0413 5012 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 03:18:33.0413 5012 cmdide - ok 03:18:33.0429 5012 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 03:18:33.0444 5012 Compbatt - ok 03:18:33.0444 5012 COMSysApp - ok 03:18:33.0491 5012 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 03:18:33.0491 5012 crcdisk - ok 03:18:33.0522 5012 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 03:18:33.0522 5012 Crusoe - ok 03:18:33.0616 5012 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 03:18:33.0616 5012 CryptSvc - ok 03:18:33.0678 5012 cxbu0wdm (0a33faf49af96d5b220d86ac784d0869) C:\Windows\system32\DRIVERS\cxbu0wdm.sys 03:18:33.0678 5012 cxbu0wdm - ok 03:18:33.0772 5012 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 03:18:33.0788 5012 DcomLaunch - ok 03:18:33.0834 5012 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 03:18:33.0834 5012 DfsC - ok 03:18:34.0146 5012 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 03:18:34.0302 5012 DFSR - ok 03:18:34.0474 5012 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 03:18:34.0521 5012 Dhcp - ok 03:18:34.0614 5012 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 03:18:34.0630 5012 disk - ok 03:18:34.0708 5012 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 03:18:34.0708 5012 Dnscache - ok 03:18:34.0755 5012 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 03:18:34.0755 5012 dot3svc - ok 03:18:34.0833 5012 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 03:18:34.0848 5012 DPS - ok 03:18:34.0880 5012 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 03:18:34.0880 5012 drmkaud - ok 03:18:34.0958 5012 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 03:18:34.0973 5012 dtsoftbus01 - ok 03:18:35.0051 5012 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 03:18:35.0067 5012 DXGKrnl - ok 03:18:35.0114 5012 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 03:18:35.0114 5012 E1G60 - ok 03:18:35.0160 5012 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 03:18:35.0176 5012 EapHost - ok 03:18:35.0207 5012 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 03:18:35.0223 5012 Ecache - ok 03:18:35.0301 5012 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 03:18:35.0363 5012 ehRecvr - ok 03:18:35.0379 5012 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 03:18:35.0394 5012 ehSched - ok 03:18:35.0426 5012 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 03:18:35.0426 5012 ehstart - ok 03:18:35.0472 5012 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 03:18:35.0504 5012 elxstor - ok 03:18:35.0597 5012 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 03:18:35.0644 5012 EMDMgmt - ok 03:18:35.0691 5012 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys 03:18:35.0691 5012 enecir - ok 03:18:35.0738 5012 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys 03:18:35.0738 5012 ErrDev - ok 03:18:35.0800 5012 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 03:18:35.0800 5012 EventSystem - ok 03:18:35.0831 5012 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 03:18:35.0847 5012 exfat - ok 03:18:35.0894 5012 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 03:18:35.0894 5012 fastfat - ok 03:18:35.0940 5012 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 03:18:35.0940 5012 fdc - ok 03:18:35.0987 5012 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 03:18:35.0987 5012 fdPHost - ok 03:18:36.0003 5012 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 03:18:36.0003 5012 FDResPub - ok 03:18:36.0034 5012 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 03:18:36.0034 5012 FileInfo - ok 03:18:36.0065 5012 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 03:18:36.0065 5012 Filetrace - ok 03:18:36.0081 5012 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 03:18:36.0081 5012 flpydisk - ok 03:18:36.0112 5012 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 03:18:36.0112 5012 FltMgr - ok 03:18:36.0252 5012 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 03:18:36.0315 5012 FontCache - ok 03:18:36.0393 5012 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 03:18:36.0408 5012 FontCache3.0.0.0 - ok 03:18:36.0455 5012 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 03:18:36.0455 5012 Fs_Rec - ok 03:18:36.0502 5012 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 03:18:36.0502 5012 gagp30kx - ok 03:18:36.0549 5012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 03:18:36.0549 5012 GEARAspiWDM - ok 03:18:36.0658 5012 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 03:18:36.0705 5012 gpsvc - ok 03:18:36.0939 5012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 03:18:36.0939 5012 gupdate - ok 03:18:37.0001 5012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 03:18:37.0001 5012 gupdatem - ok 03:18:37.0048 5012 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 03:18:37.0048 5012 gusvc - ok 03:18:37.0142 5012 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 03:18:37.0157 5012 HdAudAddService - ok 03:18:37.0235 5012 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 03:18:37.0266 5012 HDAudBus - ok 03:18:37.0282 5012 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 03:18:37.0298 5012 HidBth - ok 03:18:37.0329 5012 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 03:18:37.0344 5012 HidIr - ok 03:18:37.0360 5012 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 03:18:37.0360 5012 hidserv - ok 03:18:37.0391 5012 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 03:18:37.0391 5012 HidUsb - ok 03:18:37.0438 5012 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 03:18:37.0438 5012 hkmsvc - ok 03:18:37.0485 5012 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys 03:18:37.0485 5012 HpCISSs - ok 03:18:37.0563 5012 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 03:18:37.0563 5012 HSFHWAZL - ok 03:18:37.0719 5012 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 03:18:37.0781 5012 HSF_DPV - ok 03:18:37.0828 5012 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 03:18:37.0828 5012 HSXHWAZL - ok 03:18:37.0906 5012 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 03:18:37.0922 5012 HTTP - ok 03:18:38.0000 5012 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 03:18:38.0000 5012 i2omp - ok 03:18:38.0062 5012 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 03:18:38.0062 5012 i8042prt - ok 03:18:38.0140 5012 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys 03:18:38.0156 5012 iaStor - ok 03:18:38.0530 5012 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 03:18:38.0530 5012 IAStorDataMgrSvc - ok 03:18:38.0577 5012 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 03:18:38.0624 5012 iaStorV - ok 03:18:38.0858 5012 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 03:18:38.0920 5012 idsvc - ok 03:18:38.0951 5012 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 03:18:38.0967 5012 iirsp - ok 03:18:39.0060 5012 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 03:18:39.0092 5012 IKEEXT - ok 03:18:39.0606 5012 IntcAzAudAddService (bfcd7edc663f513e7c4a0b9400e58c70) C:\Windows\system32\drivers\RTKVHDA.sys 03:18:39.0731 5012 IntcAzAudAddService - ok 03:18:39.0887 5012 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 03:18:39.0887 5012 intelide - ok 03:18:39.0903 5012 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 03:18:39.0903 5012 intelppm - ok 03:18:39.0950 5012 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 03:18:39.0950 5012 IPBusEnum - ok 03:18:39.0965 5012 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 03:18:39.0965 5012 IpFilterDriver - ok 03:18:40.0028 5012 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 03:18:40.0043 5012 iphlpsvc - ok 03:18:40.0043 5012 IpInIp - ok 03:18:40.0090 5012 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys 03:18:40.0090 5012 IPMIDRV - ok 03:18:40.0121 5012 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 03:18:40.0121 5012 IPNAT - ok 03:18:40.0277 5012 iPod Service (82b9bf8f3cb7f443fbb7fecd5350665b) C:\Program Files\iPod\bin\iPodService.exe 03:18:40.0308 5012 iPod Service - ok 03:18:40.0340 5012 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 03:18:40.0340 5012 IRENUM - ok 03:18:40.0355 5012 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 03:18:40.0355 5012 isapnp - ok 03:18:40.0402 5012 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 03:18:40.0418 5012 iScsiPrt - ok 03:18:40.0433 5012 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 03:18:40.0433 5012 iteatapi - ok 03:18:40.0449 5012 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 03:18:40.0464 5012 iteraid - ok 03:18:40.0480 5012 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 03:18:40.0496 5012 kbdclass - ok 03:18:40.0511 5012 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 03:18:40.0511 5012 kbdhid - ok 03:18:40.0558 5012 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 03:18:40.0558 5012 KeyIso - ok 03:18:40.0574 5012 kommfphv - ok 03:18:40.0667 5012 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 03:18:40.0683 5012 KSecDD - ok 03:18:40.0745 5012 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 03:18:40.0761 5012 KtmRm - ok 03:18:40.0808 5012 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 03:18:40.0808 5012 LanmanServer - ok 03:18:40.0854 5012 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 03:18:40.0886 5012 LanmanWorkstation - ok 03:18:40.0932 5012 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 03:18:40.0932 5012 lltdio - ok 03:18:40.0979 5012 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 03:18:41.0010 5012 lltdsvc - ok 03:18:41.0042 5012 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 03:18:41.0042 5012 lmhosts - ok 03:18:41.0073 5012 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 03:18:41.0073 5012 LSI_FC - ok 03:18:41.0104 5012 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 03:18:41.0120 5012 LSI_SAS - ok 03:18:41.0151 5012 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 03:18:41.0151 5012 LSI_SCSI - ok 03:18:41.0182 5012 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 03:18:41.0182 5012 luafv - ok 03:18:41.0229 5012 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 03:18:41.0229 5012 MBAMProtector - ok 03:18:41.0354 5012 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Users\Eier\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe 03:18:41.0369 5012 MBAMService - ok 03:18:41.0400 5012 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 03:18:41.0416 5012 Mcx2Svc - ok 03:18:41.0463 5012 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 03:18:41.0463 5012 mdmxsdk - ok 03:18:41.0494 5012 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 03:18:41.0510 5012 megasas - ok 03:18:41.0556 5012 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 03:18:41.0572 5012 MegaSR - ok 03:18:41.0697 5012 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 03:18:41.0712 5012 Microsoft Office Groove Audit Service - ok 03:18:41.0744 5012 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 03:18:41.0759 5012 MMCSS - ok 03:18:41.0775 5012 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 03:18:41.0775 5012 Modem - ok 03:18:41.0790 5012 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 03:18:41.0790 5012 monitor - ok 03:18:41.0806 5012 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 03:18:41.0822 5012 mouclass - ok 03:18:41.0837 5012 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 03:18:41.0837 5012 mouhid - ok 03:18:41.0853 5012 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 03:18:41.0853 5012 MountMgr - ok 03:18:41.0946 5012 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 03:18:41.0962 5012 MpFilter - ok 03:18:42.0009 5012 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys 03:18:42.0009 5012 mpio - ok 03:18:42.0056 5012 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 03:18:42.0071 5012 MpNWMon - ok 03:18:42.0087 5012 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 03:18:42.0087 5012 mpsdrv - ok 03:18:42.0165 5012 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 03:18:42.0180 5012 MpsSvc - ok 03:18:42.0212 5012 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 03:18:42.0212 5012 Mraid35x - ok 03:18:42.0243 5012 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 03:18:42.0243 5012 MRxDAV - ok 03:18:42.0305 5012 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 03:18:42.0305 5012 mrxsmb - ok 03:18:42.0336 5012 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 03:18:42.0352 5012 mrxsmb10 - ok 03:18:42.0383 5012 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 03:18:42.0383 5012 mrxsmb20 - ok 03:18:42.0414 5012 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 03:18:42.0414 5012 msahci - ok 03:18:42.0446 5012 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys 03:18:42.0446 5012 msdsm - ok 03:18:42.0477 5012 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 03:18:42.0492 5012 MSDTC - ok 03:18:42.0524 5012 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 03:18:42.0539 5012 Msfs - ok 03:18:42.0570 5012 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 03:18:42.0570 5012 msisadrv - ok 03:18:42.0617 5012 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 03:18:42.0617 5012 MSiSCSI - ok 03:18:42.0633 5012 msiserver - ok 03:18:42.0680 5012 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 03:18:42.0680 5012 MSKSSRV - ok 03:18:42.0804 5012 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 03:18:42.0804 5012 MsMpSvc - ok 03:18:42.0820 5012 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 03:18:42.0820 5012 MSPCLOCK - ok 03:18:42.0836 5012 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 03:18:42.0836 5012 MSPQM - ok 03:18:42.0867 5012 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 03:18:42.0882 5012 MsRPC - ok 03:18:42.0914 5012 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 03:18:42.0914 5012 mssmbios - ok 03:18:42.0929 5012 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 03:18:42.0929 5012 MSTEE - ok 03:18:42.0945 5012 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 03:18:42.0945 5012 Mup - ok 03:18:43.0007 5012 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 03:18:43.0023 5012 napagent - ok 03:18:43.0054 5012 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 03:18:43.0070 5012 NativeWifiP - ok 03:18:43.0148 5012 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 03:18:43.0163 5012 NDIS - ok 03:18:43.0179 5012 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 03:18:43.0179 5012 NdisTapi - ok 03:18:43.0194 5012 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 03:18:43.0194 5012 Ndisuio - ok 03:18:43.0241 5012 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 03:18:43.0241 5012 NdisWan - ok 03:18:43.0272 5012 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 03:18:43.0272 5012 NDProxy - ok 03:18:43.0288 5012 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 03:18:43.0288 5012 NetBIOS - ok 03:18:43.0319 5012 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 03:18:43.0335 5012 netbt - ok 03:18:43.0382 5012 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 03:18:43.0382 5012 Netlogon - ok 03:18:43.0428 5012 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 03:18:43.0460 5012 Netman - ok 03:18:43.0538 5012 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 03:18:43.0569 5012 NetMsmqActivator - ok 03:18:43.0584 5012 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 03:18:43.0584 5012 NetPipeActivator - ok 03:18:43.0647 5012 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 03:18:43.0662 5012 netprofm - ok 03:18:43.0662 5012 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 03:18:43.0678 5012 NetTcpActivator - ok 03:18:43.0678 5012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 03:18:43.0694 5012 NetTcpPortSharing - ok 03:18:43.0725 5012 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 03:18:43.0725 5012 nfrd960 - ok 03:18:43.0787 5012 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 03:18:43.0803 5012 NisDrv - ok 03:18:43.0943 5012 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 03:18:43.0959 5012 NisSrv - ok 03:18:43.0990 5012 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 03:18:44.0006 5012 NlaSvc - ok 03:18:44.0021 5012 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 03:18:44.0021 5012 Npfs - ok 03:18:44.0037 5012 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 03:18:44.0052 5012 nsi - ok 03:18:44.0052 5012 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 03:18:44.0052 5012 nsiproxy - ok 03:18:44.0177 5012 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 03:18:44.0208 5012 Ntfs - ok 03:18:44.0224 5012 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 03:18:44.0240 5012 ntrigdigi - ok 03:18:44.0255 5012 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 03:18:44.0255 5012 Null - ok 03:18:45.0254 5012 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 03:18:45.0581 5012 nvlddmkm - ok 03:18:45.0737 5012 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 03:18:45.0737 5012 nvraid - ok 03:18:45.0768 5012 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 03:18:45.0768 5012 nvstor - ok 03:18:45.0878 5012 NVSvc (538a52e480c816d1990579a8faaffa20) C:\Windows\system32\nvvsvc.exe 03:18:45.0893 5012 NVSvc - ok 03:18:45.0924 5012 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 03:18:45.0924 5012 nv_agp - ok 03:18:45.0940 5012 NwlnkFlt - ok 03:18:45.0956 5012 NwlnkFwd - ok 03:18:46.0127 5012 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 03:18:46.0143 5012 odserv - ok 03:18:46.0190 5012 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 03:18:46.0190 5012 ohci1394 - ok 03:18:46.0252 5012 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 03:18:46.0268 5012 ose - ok 03:18:46.0361 5012 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 03:18:46.0392 5012 p2pimsvc - ok 03:18:46.0408 5012 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 03:18:46.0424 5012 p2psvc - ok 03:18:46.0470 5012 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 03:18:46.0470 5012 Parport - ok 03:18:46.0502 5012 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 03:18:46.0502 5012 partmgr - ok 03:18:46.0517 5012 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 03:18:46.0517 5012 Parvdm - ok 03:18:46.0533 5012 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 03:18:46.0548 5012 PcaSvc - ok 03:18:46.0564 5012 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 03:18:46.0564 5012 pci - ok 03:18:46.0595 5012 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys 03:18:46.0595 5012 pciide - ok 03:18:46.0626 5012 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 03:18:46.0642 5012 pcmcia - ok 03:18:46.0767 5012 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 03:18:46.0798 5012 PEAUTH - ok 03:18:46.0985 5012 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 03:18:47.0048 5012 pla - ok 03:18:47.0188 5012 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 03:18:47.0219 5012 PlugPlay - ok 03:18:47.0282 5012 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 03:18:47.0297 5012 PNRPAutoReg - ok 03:18:47.0313 5012 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 03:18:47.0328 5012 PNRPsvc - ok 03:18:47.0391 5012 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 03:18:47.0422 5012 PolicyAgent - ok 03:18:47.0469 5012 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 03:18:47.0469 5012 PptpMiniport - ok 03:18:47.0500 5012 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 03:18:47.0516 5012 Processor - ok 03:18:47.0547 5012 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 03:18:47.0562 5012 ProfSvc - ok 03:18:47.0609 5012 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 03:18:47.0609 5012 ProtectedStorage - ok 03:18:47.0640 5012 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 03:18:47.0640 5012 PSched - ok 03:18:47.0781 5012 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 03:18:47.0828 5012 ql2300 - ok 03:18:47.0859 5012 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 03:18:47.0859 5012 ql40xx - ok 03:18:47.0921 5012 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 03:18:47.0937 5012 QWAVE - ok 03:18:47.0952 5012 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 03:18:47.0952 5012 QWAVEdrv - ok 03:18:47.0968 5012 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 03:18:47.0984 5012 RasAcd - ok 03:18:47.0999 5012 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 03:18:48.0015 5012 RasAuto - ok 03:18:48.0046 5012 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 03:18:48.0046 5012 Rasl2tp - ok 03:18:48.0077 5012 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 03:18:48.0093 5012 RasMan - ok 03:18:48.0124 5012 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 03:18:48.0124 5012 RasPppoe - ok 03:18:48.0140 5012 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 03:18:48.0140 5012 RasSstp - ok 03:18:48.0186 5012 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 03:18:48.0202 5012 rdbss - ok 03:18:48.0218 5012 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 03:18:48.0218 5012 RDPCDD - ok 03:18:48.0264 5012 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys 03:18:48.0280 5012 rdpdr - ok 03:18:48.0296 5012 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 03:18:48.0296 5012 RDPENCDD - ok 03:18:48.0358 5012 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 03:18:48.0374 5012 RDPWD - ok 03:18:48.0420 5012 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 03:18:48.0420 5012 RemoteAccess - ok 03:18:48.0452 5012 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 03:18:48.0467 5012 RemoteRegistry - ok 03:18:48.0514 5012 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 03:18:48.0514 5012 rimmptsk - ok 03:18:48.0545 5012 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 03:18:48.0545 5012 rimsptsk - ok 03:18:48.0576 5012 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 03:18:48.0592 5012 rismxdp - ok 03:18:48.0623 5012 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 03:18:48.0623 5012 ROOTMODEM - ok 03:18:48.0639 5012 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 03:18:48.0654 5012 RpcLocator - ok 03:18:48.0732 5012 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 03:18:48.0748 5012 RpcSs - ok 03:18:48.0764 5012 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 03:18:48.0764 5012 rspndr - ok 03:18:48.0826 5012 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 03:18:48.0826 5012 SamSs - ok 03:18:48.0935 5012 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 03:18:48.0935 5012 SASDIFSV - ok 03:18:48.0966 5012 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 03:18:48.0966 5012 SASKUTIL - ok 03:18:48.0998 5012 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 03:18:48.0998 5012 sbp2port - ok 03:18:49.0029 5012 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 03:18:49.0044 5012 SCardSvr - ok 03:18:49.0122 5012 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 03:18:49.0138 5012 Schedule - ok 03:18:49.0185 5012 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 03:18:49.0185 5012 SCPolicySvc - ok 03:18:49.0232 5012 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 03:18:49.0247 5012 sdbus - ok 03:18:49.0263 5012 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 03:18:49.0278 5012 SDRSVC - ok 03:18:49.0310 5012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 03:18:49.0310 5012 secdrv - ok 03:18:49.0341 5012 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 03:18:49.0341 5012 seclogon - ok 03:18:49.0356 5012 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 03:18:49.0372 5012 SENS - ok 03:18:49.0388 5012 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 03:18:49.0403 5012 Serenum - ok 03:18:49.0419 5012 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 03:18:49.0419 5012 Serial - ok 03:18:49.0450 5012 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 03:18:49.0450 5012 sermouse - ok 03:18:49.0497 5012 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 03:18:49.0512 5012 SessionEnv - ok 03:18:49.0528 5012 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 03:18:49.0528 5012 sffdisk - ok 03:18:49.0559 5012 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys 03:18:49.0559 5012 sffp_mmc - ok 03:18:49.0590 5012 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 03:18:49.0590 5012 sffp_sd - ok 03:18:49.0622 5012 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 03:18:49.0622 5012 sfloppy - ok 03:18:49.0684 5012 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 03:18:49.0715 5012 SharedAccess - ok 03:18:49.0778 5012 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 03:18:49.0793 5012 ShellHWDetection - ok 03:18:49.0824 5012 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 03:18:49.0824 5012 sisagp - ok 03:18:49.0856 5012 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 03:18:49.0856 5012 SiSRaid2 - ok 03:18:49.0871 5012 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 03:18:49.0887 5012 SiSRaid4 - ok 03:18:50.0246 5012 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 03:18:50.0370 5012 slsvc - ok 03:18:50.0495 5012 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 03:18:50.0495 5012 SLUINotify - ok 03:18:50.0542 5012 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 03:18:50.0542 5012 Smb - ok 03:18:50.0573 5012 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 03:18:50.0573 5012 SNMPTRAP - ok 03:18:50.0604 5012 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 03:18:50.0604 5012 spldr - ok 03:18:50.0651 5012 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 03:18:50.0682 5012 Spooler - ok 03:18:50.0745 5012 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 03:18:50.0760 5012 srv - ok 03:18:50.0807 5012 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 03:18:50.0823 5012 srv2 - ok 03:18:50.0885 5012 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 03:18:50.0885 5012 srvnet - ok 03:18:50.0916 5012 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 03:18:50.0932 5012 SSDPSRV - ok 03:18:50.0963 5012 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 03:18:51.0010 5012 SstpSvc - ok 03:18:51.0072 5012 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 03:18:51.0104 5012 stisvc - ok 03:18:51.0135 5012 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 03:18:51.0135 5012 swenum - ok 03:18:51.0197 5012 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys 03:18:51.0197 5012 swivsp - ok 03:18:51.0244 5012 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys 03:18:51.0306 5012 swmsflt - ok 03:18:51.0338 5012 SWNC8U80 (7ae593fe3d78195987505da0a7e91542) C:\Windows\system32\DRIVERS\swnc8u80.sys 03:18:51.0353 5012 SWNC8U80 - ok 03:18:51.0400 5012 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 03:18:51.0431 5012 swprv - ok 03:18:51.0431 5012 SWUMX20 - ok 03:18:51.0478 5012 SWUMX80 (3076a3bb7c340bbf851075dd2ebad03f) C:\Windows\system32\DRIVERS\swumx80.sys 03:18:51.0494 5012 SWUMX80 - ok 03:18:51.0525 5012 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 03:18:51.0525 5012 Symc8xx - ok 03:18:51.0556 5012 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 03:18:51.0556 5012 Sym_hi - ok 03:18:51.0587 5012 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 03:18:51.0587 5012 Sym_u3 - ok 03:18:51.0650 5012 SynTP (8a321f644c0f2d403b867481065e7ec2) C:\Windows\system32\DRIVERS\SynTP.sys 03:18:51.0665 5012 SynTP - ok 03:18:51.0743 5012 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 03:18:51.0759 5012 SysMain - ok 03:18:51.0790 5012 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 03:18:51.0790 5012 TabletInputService - ok 03:18:51.0837 5012 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 03:18:51.0852 5012 TapiSrv - ok 03:18:51.0884 5012 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 03:18:51.0884 5012 TBS - ok 03:18:52.0008 5012 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys 03:18:52.0055 5012 Tcpip - ok 03:18:52.0071 5012 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys 03:18:52.0086 5012 Tcpip6 - ok 03:18:52.0133 5012 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys 03:18:52.0133 5012 tcpipreg - ok 03:18:52.0164 5012 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 03:18:52.0180 5012 TDPIPE - ok 03:18:52.0196 5012 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 03:18:52.0211 5012 TDTCP - ok 03:18:52.0227 5012 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 03:18:52.0242 5012 tdx - ok 03:18:52.0258 5012 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 03:18:52.0258 5012 TermDD - ok 03:18:52.0320 5012 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 03:18:52.0336 5012 TermService - ok 03:18:52.0414 5012 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 03:18:52.0414 5012 Themes - ok 03:18:52.0461 5012 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 03:18:52.0461 5012 THREADORDER - ok 03:18:52.0492 5012 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 03:18:52.0492 5012 TrkWks - ok 03:18:52.0539 5012 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 03:18:52.0539 5012 TrustedInstaller - ok 03:18:52.0570 5012 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 03:18:52.0570 5012 tssecsrv - ok 03:18:52.0601 5012 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 03:18:52.0601 5012 tunmp - ok 03:18:52.0632 5012 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 03:18:52.0632 5012 tunnel - ok 03:18:52.0664 5012 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 03:18:52.0664 5012 uagp35 - ok 03:18:52.0726 5012 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 03:18:52.0726 5012 udfs - ok 03:18:52.0757 5012 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 03:18:52.0773 5012 UI0Detect - ok 03:18:52.0773 5012 UIUSys - ok 03:18:52.0820 5012 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 03:18:52.0820 5012 uliagpkx - ok 03:18:52.0851 5012 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 03:18:52.0882 5012 uliahci - ok 03:18:52.0898 5012 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 03:18:52.0898 5012 UlSata - ok 03:18:52.0929 5012 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 03:18:52.0944 5012 ulsata2 - ok 03:18:52.0960 5012 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 03:18:52.0976 5012 umbus - ok 03:18:53.0007 5012 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 03:18:53.0022 5012 upnphost - ok 03:18:53.0069 5012 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 03:18:53.0085 5012 usbccgp - ok 03:18:53.0132 5012 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys 03:18:53.0132 5012 USBCCID - ok 03:18:53.0163 5012 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 03:18:53.0163 5012 usbcir - ok 03:18:53.0210 5012 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 03:18:53.0210 5012 usbehci - ok 03:18:53.0241 5012 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 03:18:53.0256 5012 usbhub - ok 03:18:53.0272 5012 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 03:18:53.0272 5012 usbohci - ok 03:18:53.0319 5012 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 03:18:53.0319 5012 usbprint - ok 03:18:53.0381 5012 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 03:18:53.0397 5012 usbscan - ok 03:18:53.0428 5012 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 03:18:53.0428 5012 USBSTOR - ok 03:18:53.0459 5012 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 03:18:53.0459 5012 usbuhci - ok 03:18:53.0506 5012 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 03:18:53.0522 5012 usbvideo - ok 03:18:53.0553 5012 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 03:18:53.0568 5012 UxSms - ok 03:18:53.0615 5012 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 03:18:53.0631 5012 vds - ok 03:18:53.0662 5012 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 03:18:53.0662 5012 vga - ok 03:18:53.0693 5012 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 03:18:53.0693 5012 VgaSave - ok 03:18:53.0709 5012 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 03:18:53.0724 5012 viaagp - ok 03:18:53.0740 5012 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 03:18:53.0756 5012 ViaC7 - ok 03:18:53.0771 5012 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 03:18:53.0771 5012 viaide - ok 03:18:53.0787 5012 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 03:18:53.0787 5012 volmgr - ok 03:18:53.0849 5012 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 03:18:53.0865 5012 volmgrx - ok 03:18:53.0896 5012 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 03:18:53.0896 5012 volsnap - ok 03:18:53.0927 5012 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 03:18:53.0943 5012 vsmraid - ok 03:18:54.0083 5012 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 03:18:54.0130 5012 VSS - ok 03:18:54.0177 5012 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 03:18:54.0192 5012 W32Time - ok 03:18:54.0239 5012 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 03:18:54.0255 5012 WacomPen - ok 03:18:54.0286 5012 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 03:18:54.0286 5012 Wanarp - ok 03:18:54.0302 5012 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 03:18:54.0302 5012 Wanarpv6 - ok 03:18:54.0348 5012 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 03:18:54.0364 5012 wcncsvc - ok 03:18:54.0380 5012 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 03:18:54.0395 5012 WcsPlugInService - ok 03:18:54.0411 5012 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 03:18:54.0411 5012 Wd - ok 03:18:54.0489 5012 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 03:18:54.0504 5012 Wdf01000 - ok 03:18:54.0536 5012 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 03:18:54.0551 5012 WdiServiceHost - ok 03:18:54.0551 5012 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 03:18:54.0567 5012 WdiSystemHost - ok 03:18:54.0598 5012 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 03:18:54.0614 5012 WebClient - ok 03:18:54.0660 5012 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 03:18:54.0676 5012 Wecsvc - ok 03:18:54.0707 5012 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 03:18:54.0707 5012 wercplsupport - ok 03:18:54.0754 5012 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 03:18:54.0770 5012 WerSvc - ok 03:18:54.0863 5012 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 03:18:54.0894 5012 winachsf - ok 03:18:54.0988 5012 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 03:18:55.0019 5012 WinDefend - ok 03:18:55.0035 5012 WinHttpAutoProxySvc - ok 03:18:55.0113 5012 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 03:18:55.0128 5012 Winmgmt - ok 03:18:55.0269 5012 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 03:18:55.0331 5012 WinRM - ok 03:18:55.0409 5012 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 03:18:55.0440 5012 Wlansvc - ok 03:18:55.0503 5012 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 03:18:55.0518 5012 WmiAcpi - ok 03:18:55.0596 5012 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 03:18:55.0596 5012 wmiApSrv - ok 03:18:55.0784 5012 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 03:18:55.0830 5012 WMPNetworkSvc - ok 03:18:55.0877 5012 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 03:18:55.0893 5012 WPCSvc - ok 03:18:55.0924 5012 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 03:18:55.0940 5012 WPDBusEnum - ok 03:18:56.0127 5012 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 03:18:56.0158 5012 WPFFontCache_v0400 - ok 03:18:56.0236 5012 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 03:18:56.0236 5012 ws2ifsl - ok 03:18:56.0267 5012 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 03:18:56.0283 5012 wscsvc - ok 03:18:56.0283 5012 WSearch - ok 03:18:56.0501 5012 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 03:18:56.0579 5012 wuauserv - ok 03:18:56.0673 5012 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 03:18:56.0688 5012 WUDFRd - ok 03:18:56.0704 5012 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 03:18:56.0735 5012 wudfsvc - ok 03:18:56.0766 5012 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 03:18:56.0782 5012 XAudio - ok 03:18:56.0829 5012 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe 03:18:56.0844 5012 XAudioService - ok 03:18:56.0907 5012 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 03:18:56.0969 5012 \Device\Harddisk0\DR0 - ok 03:18:57.0406 5012 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2 03:18:57.0406 5012 \Device\Harddisk1\DR2 - ok 03:18:57.0422 5012 Boot (0x1200) (36a70e1e120adf38cc7f2cdf2ea160b2) \Device\Harddisk0\DR0\Partition0 03:18:57.0422 5012 \Device\Harddisk0\DR0\Partition0 - ok 03:18:57.0468 5012 Boot (0x1200) (5cf6281681c3a1ebcee0200572ed72d5) \Device\Harddisk0\DR0\Partition1 03:18:57.0468 5012 \Device\Harddisk0\DR0\Partition1 - ok 03:18:57.0484 5012 Boot (0x1200) (b0064340a88a1e920f2ce598df82c9ba) \Device\Harddisk1\DR2\Partition0 03:18:57.0484 5012 \Device\Harddisk1\DR2\Partition0 - ok 03:18:57.0484 5012 ============================================================ 03:18:57.0484 5012 Scan finished 03:18:57.0484 5012 ============================================================ 03:18:57.0515 5004 Detected object count: 0 03:18:57.0515 5004 Actual detected object count: 0 -------- Jeg gikk derretter til Virus Total, men jeg fikk opp beskjeden at den ikke fant filen adbaihku.sys da jeg prøvde å kopiere inn c:\windows\system32\drivers\adbaihku.sys... Lenke til kommentar
Dr.Geek Skrevet 25. april 2012 Del Skrevet 25. april 2012 Du har to alternativer her. 1. Reinstallere Windows eller bruke "recovery option" (sette Windows tilabake på utleveringstilstand. Sjekk i din PC håndbok om PCen har dette installert.) 2. Renske PCen. Dette vil ta litt tid og du må poste en del logs. valget er ditt. Hvis du vil renske starter vi med en combofix script: Last ned combofix på nytt til ditt Desktop. Åpne Notepad (Start, skriv inn "Notepad") Kopier inn følgende text inn i det tomme textdokumente: File: :c:\windows\system32\drivers\adbaihku.sys c:\users\Eier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt Lagre dette som "CFScript.txt" på ditt desktop. Deaktiver alle Antivirus-programmer, lukk alle programmer. Klick på textdokumente "CFScript.txt" og trekk det med musepilen rett over Combofix symbolet hvor du slipper det. Combofix vil starte. Vent til den har lagre et log til deg. Post det. Post meg en OTL Log: (Bare OTL.txt) http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ Post helst alle logs i "Spoiler" Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå