| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei/BKA Trojaner 2.07 - nicht abzuschüttelnWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.09.2012, 15:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.09.2012, 15:51
| #17 |
 | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschüttelnCode:
ATTFilter 16:48:43.0677 6320 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:48:43.0704 6320 wudfsvc - ok
16:48:43.0709 6320 ================ Scan global ===============================
16:48:43.0767 6320 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:48:43.0848 6320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0911 6320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0956 6320 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:48:43.0960 6320 [Global] - ok
16:48:43.0960 6320 ================ Scan MBR ==================================
16:48:43.0970 6320 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:48:44.0193 6320 \Device\Harddisk0\DR0 - ok
16:48:44.0698 6320 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:48:44.0768 6320 \Device\Harddisk1\DR1 - ok
16:48:44.0773 6320 [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk2\DR2
16:48:45.0254 6320 \Device\Harddisk2\DR2 - ok
16:48:45.0257 6320 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
16:48:45.0696 6320 \Device\Harddisk3\DR3 - ok
16:48:45.0701 6320 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
16:48:46.0001 6320 \Device\Harddisk7\DR7 - ok
16:48:46.0001 6320 ================ Scan VBR ==================================
16:48:46.0015 6320 [ 00FE51FB04665998467DD841A0F91AA6 ] \Device\Harddisk0\DR0\Partition1
16:48:46.0016 6320 \Device\Harddisk0\DR0\Partition1 - ok
16:48:46.0022 6320 [ 8FFD48703247813319D7E8627F5AA7AC ] \Device\Harddisk0\DR0\Partition2
16:48:46.0023 6320 \Device\Harddisk0\DR0\Partition2 - ok
16:48:46.0025 6320 [ C2145BA030F4A2050396FE6E25E3D395 ] \Device\Harddisk1\DR1\Partition1
16:48:46.0026 6320 \Device\Harddisk1\DR1\Partition1 - ok
16:48:46.0045 6320 [ 354C6CF087204D414CB8CE98F9FDD041 ] \Device\Harddisk1\DR1\Partition2
16:48:46.0046 6320 \Device\Harddisk1\DR1\Partition2 - ok
16:48:46.0061 6320 [ 81726D43935D6F3C9450FBFA30FA015A ] \Device\Harddisk1\DR1\Partition3
16:48:46.0062 6320 \Device\Harddisk1\DR1\Partition3 - ok
16:48:46.0064 6320 [ 9F93C106FE13C4459EE092CF682D76F7 ] \Device\Harddisk2\DR2\Partition1
16:48:46.0066 6320 \Device\Harddisk2\DR2\Partition1 - ok
16:48:46.0068 6320 [ B2EBB3BA489B111223846B246BC9CCB6 ] \Device\Harddisk3\DR3\Partition1
16:48:46.0070 6320 \Device\Harddisk3\DR3\Partition1 - ok
16:48:46.0074 6320 [ 5BA2922A37A604B41C964CA63B32B008 ] \Device\Harddisk7\DR7\Partition1
16:48:46.0076 6320 \Device\Harddisk7\DR7\Partition1 - ok
16:48:46.0077 6320 ============================================================
16:48:46.0077 6320 Scan finished
16:48:46.0077 6320 ============================================================
16:48:46.0082 2152 Detected object count: 6
16:48:46.0082 2152 Actual detected object count: 6
16:49:32.0786 2152 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0787 2152 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0788 2152 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0788 2152 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0789 2152 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0789 2152 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0790 2152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0790 2152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.09.2012, 19:38
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Log ist leider unvollständig
__________________
__________________ |
|
22.09.2012, 20:00
| #19 |
| | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Hier das vollständige Logfile... Code:
ATTFilter 16:46:54.0539 8040 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:46:54.0772 8040 ============================================================
16:46:54.0772 8040 Current date / time: 2012/09/22 16:46:54.0772
16:46:54.0772 8040 SystemInfo:
16:46:54.0772 8040
16:46:54.0772 8040 OS Version: 6.0.6002 ServicePack: 2.0
16:46:54.0772 8040 Product type: Workstation
16:46:54.0772 8040 ComputerName: MIRJAUNDOLIV-PC
16:46:54.0772 8040 UserName: Mirja und Oliver
16:46:54.0772 8040 Windows directory: C:\Windows
16:46:54.0772 8040 System windows directory: C:\Windows
16:46:54.0772 8040 Processor architecture: Intel x86
16:46:54.0772 8040 Number of processors: 2
16:46:54.0772 8040 Page size: 0x1000
16:46:54.0772 8040 Boot type: Normal boot
16:46:54.0772 8040 ============================================================
16:47:07.0229 8040 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:07.0729 8040 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:07.0731 8040 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x400, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:08.0109 8040 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:09.0795 8040 Drive \Device\Harddisk7\DR7 - Size: 0x1D9E00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:09.0799 8040 ============================================================
16:47:09.0799 8040 \Device\Harddisk0\DR0:
16:47:09.0819 8040 MBR partitions:
16:47:09.0819 8040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
16:47:09.0819 8040 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x38F66000
16:47:09.0819 8040 \Device\Harddisk1\DR1:
16:47:09.0820 8040 MBR partitions:
16:47:09.0821 8040 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12347505
16:47:09.0821 8040 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12347544, BlocksNum 0x1C7C71F5
16:47:09.0821 8040 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x2EB0E739, BlocksNum 0x1BD48788
16:47:09.0821 8040 \Device\Harddisk2\DR2:
16:47:09.0821 8040 MBR partitions:
16:47:09.0821 8040 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:47:09.0821 8040 \Device\Harddisk3\DR3:
16:47:09.0822 8040 MBR partitions:
16:47:09.0822 8040 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:47:09.0822 8040 \Device\Harddisk7\DR7:
16:47:09.0824 8040 MBR partitions:
16:47:09.0824 8040 \Device\Harddisk7\DR7\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECD000
16:47:09.0824 8040 ============================================================
16:47:09.0846 8040 C: <-> \Device\Harddisk0\DR0\Partition2
16:47:09.0879 8040 D: <-> \Device\Harddisk0\DR0\Partition1
16:47:09.0889 8040 E: <-> \Device\Harddisk1\DR1\Partition1
16:47:09.0915 8040 F: <-> \Device\Harddisk3\DR3\Partition1
16:47:09.0978 8040 G: <-> \Device\Harddisk2\DR2\Partition1
16:47:10.0000 8040 L: <-> \Device\Harddisk1\DR1\Partition2
16:47:10.0030 8040 M: <-> \Device\Harddisk1\DR1\Partition3
16:47:10.0030 8040 ============================================================
16:47:10.0030 8040 Initialize success
16:47:10.0030 8040 ============================================================
16:48:10.0552 6320 ============================================================
16:48:10.0552 6320 Scan started
16:48:10.0552 6320 Mode: Manual; SigCheck; TDLFS;
16:48:10.0552 6320 ============================================================
16:48:13.0764 6320 ================ Scan system memory ========================
16:48:13.0764 6320 System memory - ok
16:48:13.0765 6320 ================ Scan services =============================
16:48:14.0729 6320 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:48:14.0830 6320 ACPI - ok
16:48:14.0962 6320 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:14.0996 6320 AdobeARMservice - ok
16:48:15.0043 6320 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:48:15.0089 6320 adp94xx - ok
16:48:15.0117 6320 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:48:15.0132 6320 adpahci - ok
16:48:15.0142 6320 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:48:15.0154 6320 adpu160m - ok
16:48:15.0170 6320 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:48:15.0182 6320 adpu320 - ok
16:48:15.0213 6320 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:48:15.0267 6320 AeLookupSvc - ok
16:48:15.0303 6320 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:48:15.0379 6320 AFD - ok
16:48:15.0408 6320 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:48:15.0418 6320 agp440 - ok
16:48:15.0449 6320 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:48:15.0471 6320 aic78xx - ok
16:48:15.0499 6320 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:48:15.0605 6320 ALG - ok
16:48:15.0634 6320 [ E32A92E1574A467F7C762922F6162D76 ] aliide C:\Windows\system32\drivers\aliide.sys
16:48:15.0645 6320 aliide - ok
16:48:15.0664 6320 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:48:15.0674 6320 amdagp - ok
16:48:15.0678 6320 [ B52B576CB0099A62F87214F371031561 ] amdide C:\Windows\system32\drivers\amdide.sys
16:48:15.0688 6320 amdide - ok
16:48:15.0713 6320 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:48:15.0836 6320 AmdK7 - ok
16:48:15.0849 6320 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:48:15.0897 6320 AmdK8 - ok
16:48:15.0965 6320 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:48:15.0992 6320 AnyDVD - ok
16:48:16.0013 6320 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:48:16.0071 6320 Appinfo - ok
16:48:16.0149 6320 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:16.0158 6320 Apple Mobile Device - ok
16:48:16.0210 6320 [ 7141E281D840699D9D79B18F4062DD58 ] AR9271 C:\Windows\system32\DRIVERS\athuw.sys
16:48:16.0399 6320 AR9271 - ok
16:48:16.0410 6320 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:48:16.0421 6320 arc - ok
16:48:16.0458 6320 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:48:16.0469 6320 arcsas - ok
16:48:16.0492 6320 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:16.0525 6320 AsyncMac - ok
16:48:16.0590 6320 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:48:16.0600 6320 atapi - ok
16:48:16.0875 6320 [ A98B419C1537457C12C5D42317550079 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
16:48:17.0032 6320 Ati External Event Utility - ok
16:48:17.0485 6320 [ 63FC6A312BB0FBBBF355CB5D4A1C7764 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:17.0811 6320 atikmdag - ok
16:48:17.0997 6320 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:18.0094 6320 AudioEndpointBuilder - ok
16:48:18.0148 6320 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:48:18.0166 6320 Audiosrv - ok
16:48:18.0814 6320 [ FCC4933F96883FEC83D17697B75B0FDE ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
16:48:18.0900 6320 AVKProxy - ok
16:48:19.0115 6320 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
16:48:19.0141 6320 AVKService - ok
16:48:19.0198 6320 [ C9B91C1F845C44B6D2BB65DF0E98EF5E ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
16:48:19.0264 6320 AVKWCtl - ok
16:48:19.0318 6320 [ E3D7BC2DD538C9029E3849B129062AA2 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:48:19.0414 6320 BCM43XX - ok
16:48:19.0449 6320 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:48:19.0479 6320 Beep - ok
16:48:19.0549 6320 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:48:19.0619 6320 BFE - ok
16:48:19.0687 6320 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:48:19.0815 6320 BITS - ok
16:48:19.0874 6320 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\Windows\system32\drivers\bizVSerialNT.sys
16:48:19.0886 6320 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
16:48:19.0886 6320 bizVSerial - detected UnsignedFile.Multi.Generic (1)
16:48:19.0889 6320 blbdrive - ok
16:48:19.0993 6320 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:48:20.0009 6320 Bonjour Service - ok
16:48:20.0052 6320 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:48:20.0110 6320 bowser - ok
16:48:20.0130 6320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:48:20.0151 6320 BrFiltLo - ok
16:48:20.0190 6320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:48:20.0218 6320 BrFiltUp - ok
16:48:20.0250 6320 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:48:20.0269 6320 Browser - ok
16:48:20.0287 6320 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:48:20.0322 6320 Brserid - ok
16:48:20.0338 6320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:48:20.0386 6320 BrSerWdm - ok
16:48:20.0401 6320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:48:20.0450 6320 BrUsbMdm - ok
16:48:20.0470 6320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:48:20.0517 6320 BrUsbSer - ok
16:48:20.0551 6320 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:48:20.0585 6320 BTHMODEM - ok
16:48:20.0627 6320 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:48:20.0654 6320 cdfs - ok
16:48:20.0685 6320 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:48:20.0707 6320 cdrom - ok
16:48:20.0743 6320 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:48:20.0772 6320 CertPropSvc - ok
16:48:20.0794 6320 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:48:20.0848 6320 circlass - ok
16:48:20.0887 6320 [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc C:\Windows\system32\cjpcsc.exe
16:48:20.0944 6320 cjpcsc - ok
16:48:20.0982 6320 [ B0DFC4ADB1FF150AC466F3DAD323196A ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
16:48:20.0991 6320 cjusb - ok
16:48:20.0999 6320 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:48:21.0015 6320 CLFS - ok
16:48:21.0064 6320 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:21.0075 6320 clr_optimization_v2.0.50727_32 - ok
16:48:21.0148 6320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:21.0194 6320 clr_optimization_v4.0.30319_32 - ok
16:48:21.0236 6320 [ C177DD90B5DC1DCAA96CCECE752E6F0F ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:48:21.0246 6320 cmdide - ok
16:48:21.0278 6320 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:48:21.0289 6320 Compbatt - ok
16:48:21.0306 6320 COMSysApp - ok
16:48:21.0324 6320 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:48:21.0333 6320 crcdisk - ok
16:48:21.0348 6320 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:48:21.0395 6320 Crusoe - ok
16:48:21.0430 6320 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:48:21.0481 6320 CryptSvc - ok
16:48:21.0512 6320 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:48:21.0589 6320 DcomLaunch - ok
16:48:21.0619 6320 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:48:21.0665 6320 DfsC - ok
16:48:21.0729 6320 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:48:21.0883 6320 DFSR - ok
16:48:21.0916 6320 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:48:21.0935 6320 Dhcp - ok
16:48:21.0948 6320 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:48:21.0960 6320 disk - ok
16:48:22.0002 6320 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:48:22.0037 6320 Dnscache - ok
16:48:22.0057 6320 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:48:22.0083 6320 dot3svc - ok
16:48:22.0124 6320 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:48:22.0158 6320 Dot4 - ok
16:48:22.0194 6320 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:48:22.0213 6320 Dot4Print - ok
16:48:22.0227 6320 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:48:22.0265 6320 dot4usb - ok
16:48:22.0294 6320 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:48:22.0325 6320 DPS - ok
16:48:22.0341 6320 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:48:22.0367 6320 drmkaud - ok
16:48:22.0414 6320 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:48:22.0487 6320 DXGKrnl - ok
16:48:22.0539 6320 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
16:48:22.0552 6320 e1express - ok
16:48:22.0579 6320 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:48:22.0624 6320 E1G60 - ok
16:48:22.0667 6320 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:48:22.0683 6320 EapHost - ok
16:48:22.0719 6320 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:48:22.0732 6320 Ecache - ok
16:48:22.0776 6320 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:48:22.0826 6320 ehRecvr - ok
16:48:22.0845 6320 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:48:22.0913 6320 ehSched - ok
16:48:22.0921 6320 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:48:22.0938 6320 ehstart - ok
16:48:22.0976 6320 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:48:22.0985 6320 ElbyCDIO - ok
16:48:23.0029 6320 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:48:23.0044 6320 elxstor - ok
16:48:23.0077 6320 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:48:23.0168 6320 EMDMgmt - ok
16:48:23.0271 6320 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:48:23.0303 6320 EventSystem - ok
16:48:23.0315 6320 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:48:23.0370 6320 exfat - ok
16:48:23.0461 6320 Fabs - ok
16:48:23.0490 6320 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:48:23.0516 6320 fastfat - ok
16:48:23.0550 6320 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:48:23.0572 6320 fdc - ok
16:48:23.0595 6320 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:48:23.0625 6320 fdPHost - ok
16:48:23.0654 6320 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:48:23.0698 6320 FDResPub - ok
16:48:23.0701 6320 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:48:23.0713 6320 FileInfo - ok
16:48:23.0731 6320 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:48:23.0751 6320 Filetrace - ok
16:48:23.0827 6320 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:48:23.0987 6320 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0987 6320 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:48:24.0010 6320 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:24.0053 6320 flpydisk - ok
16:48:24.0077 6320 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:48:24.0092 6320 FltMgr - ok
16:48:24.0157 6320 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:48:24.0278 6320 FontCache - ok
16:48:24.0339 6320 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:24.0349 6320 FontCache3.0.0.0 - ok
16:48:24.0368 6320 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:48:24.0416 6320 Fs_Rec - ok
16:48:24.0451 6320 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:48:24.0461 6320 gagp30kx - ok
16:48:24.0511 6320 [ 7094E1D622491D2FD34558ADAC80321C ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
16:48:24.0520 6320 GDBehave - ok
16:48:24.0619 6320 [ EB4D63C618555024DAC54F619859AD92 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
16:48:24.0721 6320 GDFwSvc - ok
16:48:24.0756 6320 [ 08204492943D2CFAE0D9F1FDAB5D38AE ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
16:48:24.0774 6320 GDMnIcpt - ok
16:48:24.0804 6320 [ BA3C7729FF3E55AD2DBBC7AC01A19465 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
16:48:24.0815 6320 GDPkIcpt - ok
16:48:24.0834 6320 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
16:48:24.0852 6320 GDScan - ok
16:48:24.0865 6320 [ 0C2BC101D1D696E9ACB75C505EA23185 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
16:48:24.0874 6320 gdwfpcd - ok
16:48:24.0924 6320 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:24.0932 6320 GEARAspiWDM - ok
16:48:24.0979 6320 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16:48:24.0987 6320 GoToAssist - ok
16:48:25.0026 6320 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:48:25.0103 6320 gpsvc - ok
16:48:25.0126 6320 [ 6D92D51B56A893D72786C9E260B36DA2 ] GRD C:\Windows\system32\drivers\GRD.sys
16:48:25.0135 6320 GRD - ok
16:48:25.0189 6320 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:48:25.0200 6320 gusvc - ok
16:48:25.0255 6320 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:25.0334 6320 HDAudBus - ok
16:48:25.0398 6320 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:48:25.0447 6320 HidBth - ok
16:48:25.0479 6320 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:48:25.0519 6320 HidIr - ok
16:48:25.0554 6320 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:48:25.0592 6320 hidserv - ok
16:48:25.0624 6320 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:48:25.0641 6320 HidUsb - ok
16:48:25.0681 6320 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:48:25.0707 6320 hkmsvc - ok
16:48:25.0742 6320 [ A3D1EE9B310ED1FE6136FEC4E0DEA366 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
16:48:25.0751 6320 HookCentre - ok
16:48:25.0781 6320 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:48:25.0791 6320 HpCISSs - ok
16:48:26.0011 6320 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:48:26.0037 6320 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:48:26.0037 6320 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:48:26.0078 6320 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:48:26.0084 6320 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:48:26.0084 6320 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:48:26.0109 6320 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:48:26.0222 6320 HTTP - ok
16:48:26.0252 6320 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:48:26.0262 6320 i2omp - ok
16:48:26.0297 6320 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:26.0324 6320 i8042prt - ok
16:48:26.0367 6320 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:48:26.0382 6320 iaStor - ok
16:48:26.0405 6320 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:48:26.0418 6320 iaStorV - ok
16:48:26.0522 6320 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:26.0567 6320 idsvc - ok
16:48:26.0595 6320 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:48:26.0605 6320 iirsp - ok
16:48:26.0665 6320 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:48:26.0734 6320 IKEEXT - ok
16:48:26.0795 6320 [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:48:26.0895 6320 IntcAzAudAddService - ok
16:48:26.0941 6320 [ 59B00EFB24EAD979BECF413703BB1FAC ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:48:26.0952 6320 intelide - ok
16:48:26.0981 6320 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:48:27.0012 6320 intelppm - ok
16:48:27.0044 6320 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:48:27.0076 6320 IPBusEnum - ok
16:48:27.0106 6320 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:27.0126 6320 IpFilterDriver - ok
16:48:27.0146 6320 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:48:27.0198 6320 iphlpsvc - ok
16:48:27.0201 6320 IpInIp - ok
16:48:27.0238 6320 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:48:27.0285 6320 IPMIDRV - ok
16:48:27.0301 6320 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:48:27.0338 6320 IPNAT - ok
16:48:27.0380 6320 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:48:27.0412 6320 iPod Service - ok
16:48:27.0452 6320 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:48:27.0471 6320 IRENUM - ok
16:48:27.0516 6320 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:48:27.0526 6320 isapnp - ok
16:48:27.0566 6320 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:48:27.0581 6320 iScsiPrt - ok
16:48:27.0593 6320 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:48:27.0603 6320 iteatapi - ok
16:48:27.0619 6320 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:48:27.0629 6320 iteraid - ok
16:48:27.0668 6320 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:27.0679 6320 kbdclass - ok
16:48:27.0716 6320 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:27.0741 6320 kbdhid - ok
16:48:27.0788 6320 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:48:27.0838 6320 KeyIso - ok
16:48:27.0870 6320 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:48:27.0890 6320 KSecDD - ok
16:48:27.0947 6320 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:48:27.0987 6320 KtmRm - ok
16:48:28.0026 6320 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:48:28.0068 6320 LanmanServer - ok
16:48:28.0101 6320 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:28.0134 6320 LanmanWorkstation - ok
16:48:28.0170 6320 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:48:28.0201 6320 lltdio - ok
16:48:28.0224 6320 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:48:28.0247 6320 lltdsvc - ok
16:48:28.0276 6320 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:48:28.0325 6320 lmhosts - ok
16:48:28.0365 6320 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:48:28.0414 6320 LSI_FC - ok
16:48:28.0441 6320 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:48:28.0452 6320 LSI_SAS - ok
16:48:28.0462 6320 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:48:28.0473 6320 LSI_SCSI - ok
16:48:28.0503 6320 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:48:28.0535 6320 luafv - ok
16:48:28.0559 6320 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:48:28.0569 6320 MBAMProtector - ok
16:48:28.0618 6320 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:48:28.0634 6320 MBAMScheduler - ok
16:48:28.0671 6320 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:48:28.0692 6320 MBAMService - ok
16:48:28.0730 6320 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:48:28.0758 6320 Mcx2Svc - ok
16:48:28.0820 6320 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:48:28.0835 6320 MDM - ok
16:48:28.0868 6320 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:48:28.0896 6320 megasas - ok
16:48:28.0927 6320 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:48:28.0957 6320 MMCSS - ok
16:48:28.0979 6320 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:48:29.0014 6320 Modem - ok
16:48:29.0046 6320 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:48:29.0080 6320 monitor - ok
16:48:29.0111 6320 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:48:29.0122 6320 mouclass - ok
16:48:29.0160 6320 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:48:29.0179 6320 mouhid - ok
16:48:29.0218 6320 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:48:29.0230 6320 MountMgr - ok
16:48:29.0249 6320 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:48:29.0260 6320 mpio - ok
16:48:29.0293 6320 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:48:29.0310 6320 mpsdrv - ok
16:48:29.0353 6320 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:48:29.0389 6320 MpsSvc - ok
16:48:29.0427 6320 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:48:29.0437 6320 Mraid35x - ok
16:48:29.0444 6320 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:48:29.0466 6320 MRxDAV - ok
16:48:29.0482 6320 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:29.0541 6320 mrxsmb - ok
16:48:29.0562 6320 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:29.0590 6320 mrxsmb10 - ok
16:48:29.0619 6320 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:29.0641 6320 mrxsmb20 - ok
16:48:29.0666 6320 [ 2681302B63B318CBEA6C82902AC5428C ] msahci C:\Windows\system32\drivers\msahci.sys
16:48:29.0677 6320 msahci - ok
16:48:29.0695 6320 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:48:29.0706 6320 msdsm - ok
16:48:29.0734 6320 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:48:29.0771 6320 MSDTC - ok
16:48:29.0795 6320 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:48:29.0827 6320 Msfs - ok
16:48:29.0856 6320 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:48:29.0866 6320 msisadrv - ok
16:48:29.0898 6320 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:48:29.0930 6320 MSiSCSI - ok
16:48:29.0933 6320 msiserver - ok
16:48:29.0963 6320 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:48:29.0997 6320 MSKSSRV - ok
16:48:30.0000 6320 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:30.0029 6320 MSPCLOCK - ok
16:48:30.0046 6320 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:48:30.0082 6320 MSPQM - ok
16:48:30.0118 6320 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:48:30.0132 6320 MsRPC - ok
16:48:30.0139 6320 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:30.0149 6320 mssmbios - ok
16:48:30.0169 6320 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:48:30.0202 6320 MSTEE - ok
16:48:30.0232 6320 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:48:30.0244 6320 Mup - ok
16:48:30.0292 6320 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:48:30.0321 6320 napagent - ok
16:48:30.0359 6320 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:48:30.0373 6320 NativeWifiP - ok
16:48:30.0413 6320 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:48:30.0436 6320 NDIS - ok
16:48:30.0472 6320 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:30.0500 6320 NdisTapi - ok
16:48:30.0535 6320 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:30.0567 6320 Ndisuio - ok
16:48:30.0583 6320 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:30.0600 6320 NdisWan - ok
16:48:30.0603 6320 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:48:30.0632 6320 NDProxy - ok
16:48:30.0650 6320 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:48:30.0659 6320 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:48:30.0659 6320 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:48:30.0683 6320 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:48:30.0702 6320 NetBIOS - ok
16:48:30.0731 6320 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:48:30.0754 6320 netbt - ok
16:48:30.0770 6320 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:48:30.0782 6320 Netlogon - ok
16:48:30.0800 6320 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:48:30.0833 6320 Netman - ok
16:48:30.0849 6320 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:48:30.0885 6320 netprofm - ok
16:48:30.0913 6320 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:30.0924 6320 NetTcpPortSharing - ok
16:48:30.0944 6320 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:48:30.0954 6320 nfrd960 - ok
16:48:30.0966 6320 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:48:30.0989 6320 NlaSvc - ok
16:48:31.0013 6320 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:48:31.0028 6320 Npfs - ok
16:48:31.0067 6320 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:48:31.0096 6320 nsi - ok
16:48:31.0106 6320 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:48:31.0133 6320 nsiproxy - ok
16:48:31.0164 6320 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:48:31.0214 6320 Ntfs - ok
16:48:31.0229 6320 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:48:31.0272 6320 ntrigdigi - ok
16:48:31.0284 6320 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:48:31.0304 6320 Null - ok
16:48:31.0529 6320 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:31.0996 6320 nvlddmkm - ok
16:48:32.0010 6320 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:48:32.0021 6320 nvraid - ok
16:48:32.0035 6320 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:48:32.0045 6320 nvstor - ok
16:48:32.0080 6320 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:48:32.0113 6320 nvsvc - ok
16:48:32.0205 6320 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:48:32.0254 6320 nvUpdatusService - ok
16:48:32.0291 6320 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:48:32.0302 6320 nv_agp - ok
16:48:32.0305 6320 NwlnkFlt - ok
16:48:32.0308 6320 NwlnkFwd - ok
16:48:32.0407 6320 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:48:32.0425 6320 odserv - ok
16:48:32.0465 6320 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:32.0495 6320 ohci1394 - ok
16:48:32.0573 6320 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:32.0584 6320 ose - ok
16:48:32.0621 6320 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:48:32.0669 6320 p2pimsvc - ok
16:48:32.0721 6320 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:48:32.0740 6320 p2psvc - ok
16:48:32.0775 6320 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:48:32.0851 6320 Parport - ok
16:48:32.0885 6320 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:48:32.0897 6320 partmgr - ok
16:48:32.0905 6320 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:48:32.0944 6320 Parvdm - ok
16:48:32.0977 6320 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:48:33.0031 6320 PcaSvc - ok
16:48:33.0047 6320 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:48:33.0060 6320 pci - ok
16:48:33.0093 6320 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:48:33.0104 6320 pciide - ok
16:48:33.0124 6320 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:48:33.0136 6320 pcmcia - ok
16:48:33.0168 6320 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:48:33.0239 6320 PEAUTH - ok
16:48:33.0299 6320 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:48:33.0377 6320 pla - ok
16:48:33.0439 6320 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:48:33.0493 6320 PlugPlay - ok
16:48:33.0519 6320 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:48:33.0534 6320 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:48:33.0534 6320 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:48:33.0554 6320 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:48:33.0574 6320 PNRPAutoReg - ok
16:48:33.0620 6320 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:48:33.0641 6320 PNRPsvc - ok
16:48:33.0688 6320 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:48:33.0711 6320 PolicyAgent - ok
16:48:33.0750 6320 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:48:33.0779 6320 PptpMiniport - ok
16:48:33.0813 6320 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:48:33.0863 6320 Processor - ok
16:48:33.0899 6320 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:48:33.0927 6320 ProfSvc - ok
16:48:33.0935 6320 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:33.0946 6320 ProtectedStorage - ok
16:48:33.0985 6320 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:48:34.0013 6320 PSched - ok
16:48:34.0029 6320 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:48:34.0038 6320 PxHelp20 - ok
16:48:34.0071 6320 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:48:34.0118 6320 ql2300 - ok
16:48:34.0139 6320 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:48:34.0150 6320 ql40xx - ok
16:48:34.0176 6320 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:48:34.0203 6320 QWAVE - ok
16:48:34.0238 6320 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:48:34.0257 6320 QWAVEdrv - ok
16:48:34.0334 6320 [ 63FC6A312BB0FBBBF355CB5D4A1C7764 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:34.0391 6320 R300 - ok
16:48:34.0429 6320 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:48:34.0449 6320 RasAcd - ok
16:48:34.0460 6320 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:48:34.0491 6320 RasAuto - ok
16:48:34.0507 6320 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:34.0535 6320 Rasl2tp - ok
16:48:34.0578 6320 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:48:34.0602 6320 RasMan - ok
16:48:34.0606 6320 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:34.0632 6320 RasPppoe - ok
16:48:34.0649 6320 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:48:34.0672 6320 RasSstp - ok
16:48:34.0698 6320 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0724 6320 rdbss - ok
16:48:34.0759 6320 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:34.0778 6320 RDPCDD - ok
16:48:34.0810 6320 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:48:34.0849 6320 rdpdr - ok
16:48:34.0859 6320 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:48:34.0895 6320 RDPENCDD - ok
16:48:34.0925 6320 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:48:34.0974 6320 RDPWD - ok
16:48:35.0008 6320 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:48:35.0029 6320 RemoteAccess - ok
16:48:35.0040 6320 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:48:35.0064 6320 RemoteRegistry - ok
16:48:35.0081 6320 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:48:35.0092 6320 RpcLocator - ok
16:48:35.0138 6320 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:48:35.0174 6320 RpcSs - ok
16:48:35.0210 6320 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:48:35.0239 6320 rspndr - ok
16:48:35.0251 6320 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:48:35.0262 6320 SamSs - ok
16:48:35.0288 6320 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:48:35.0298 6320 sbp2port - ok
16:48:35.0328 6320 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:48:35.0357 6320 SCardSvr - ok
16:48:35.0406 6320 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:48:35.0554 6320 Schedule - ok
16:48:35.0585 6320 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:48:35.0600 6320 SCPolicySvc - ok
16:48:35.0638 6320 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:48:35.0714 6320 SDRSVC - ok
16:48:35.0735 6320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:48:35.0768 6320 secdrv - ok
16:48:35.0778 6320 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:48:35.0800 6320 seclogon - ok
16:48:35.0833 6320 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:48:35.0869 6320 SENS - ok
16:48:35.0888 6320 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:48:35.0922 6320 Serenum - ok
16:48:35.0941 6320 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:48:35.0977 6320 Serial - ok
16:48:35.0995 6320 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:48:36.0015 6320 sermouse - ok
16:48:36.0070 6320 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:48:36.0097 6320 SessionEnv - ok
16:48:36.0125 6320 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:48:36.0175 6320 sffdisk - ok
16:48:36.0187 6320 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:48:36.0208 6320 sffp_mmc - ok
16:48:36.0224 6320 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:48:36.0248 6320 sffp_sd - ok
16:48:36.0280 6320 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:48:36.0335 6320 sfloppy - ok
16:48:36.0357 6320 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:48:36.0384 6320 SharedAccess - ok
16:48:36.0434 6320 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:36.0483 6320 ShellHWDetection - ok
16:48:36.0513 6320 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:48:36.0524 6320 sisagp - ok
16:48:36.0542 6320 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:48:36.0556 6320 SiSRaid2 - ok
16:48:36.0585 6320 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:48:36.0596 6320 SiSRaid4 - ok
16:48:36.0698 6320 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:48:36.0897 6320 slsvc - ok
16:48:36.0934 6320 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:48:36.0958 6320 SLUINotify - ok
16:48:36.0973 6320 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:48:36.0997 6320 Smb - ok
16:48:37.0023 6320 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:48:37.0034 6320 SNMPTRAP - ok
16:48:37.0066 6320 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:48:37.0077 6320 spldr - ok
16:48:37.0112 6320 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:48:37.0168 6320 Spooler - ok
16:48:37.0199 6320 sprtsvc_dellsupportcenter - ok
16:48:37.0254 6320 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:48:37.0295 6320 srv - ok
16:48:37.0308 6320 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:48:37.0346 6320 srv2 - ok
16:48:37.0379 6320 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:48:37.0400 6320 srvnet - ok
16:48:37.0447 6320 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:48:37.0479 6320 SSDPSRV - ok
16:48:37.0501 6320 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:48:37.0526 6320 SstpSvc - ok
16:48:37.0567 6320 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:37.0584 6320 Stereo Service - ok
16:48:37.0627 6320 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:48:37.0648 6320 stisvc - ok
16:48:37.0723 6320 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:48:37.0734 6320 stllssvr - ok
16:48:37.0783 6320 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:48:37.0807 6320 swenum - ok
16:48:37.0835 6320 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:48:37.0856 6320 swprv - ok
16:48:37.0888 6320 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:48:37.0898 6320 Symc8xx - ok
16:48:37.0922 6320 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:48:37.0943 6320 Sym_hi - ok
16:48:37.0968 6320 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:48:37.0984 6320 Sym_u3 - ok
16:48:38.0001 6320 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:48:38.0035 6320 SysMain - ok
16:48:38.0063 6320 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:38.0090 6320 TabletInputService - ok
16:48:38.0128 6320 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:48:38.0154 6320 TapiSrv - ok
16:48:38.0185 6320 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:48:38.0217 6320 TBS - ok
16:48:38.0278 6320 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:48:38.0316 6320 Tcpip - ok
16:48:38.0378 6320 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:48:38.0402 6320 Tcpip6 - ok
16:48:38.0437 6320 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:48:38.0496 6320 tcpipreg - ok
16:48:38.0558 6320 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:48:38.0577 6320 TDPIPE - ok
16:48:38.0613 6320 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:48:38.0745 6320 TDTCP - ok
16:48:38.0783 6320 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:48:38.0806 6320 tdx - ok
16:48:38.0845 6320 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:48:38.0857 6320 TermDD - ok
16:48:38.0869 6320 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:48:38.0894 6320 TermService - ok
16:48:38.0924 6320 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:48:38.0938 6320 Themes - ok
16:48:38.0947 6320 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:48:38.0966 6320 THREADORDER - ok
16:48:39.0000 6320 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:48:39.0034 6320 TrkWks - ok
16:48:39.0086 6320 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:39.0102 6320 TrustedInstaller - ok
16:48:39.0136 6320 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:39.0174 6320 tssecsrv - ok
16:48:39.0275 6320 [ 876A1FE7A7CA957E84C3AF797F2E7FC5 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
16:48:39.0336 6320 TuneUp.UtilitiesSvc - ok
16:48:39.0387 6320 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
16:48:39.0395 6320 TuneUpUtilitiesDrv - ok
16:48:39.0414 6320 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:48:39.0437 6320 tunmp - ok
16:48:39.0440 6320 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:48:39.0451 6320 tunnel - ok
16:48:39.0475 6320 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:48:39.0485 6320 uagp35 - ok
16:48:39.0516 6320 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:48:39.0551 6320 udfs - ok
16:48:39.0607 6320 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:48:39.0628 6320 UI0Detect - ok
16:48:39.0654 6320 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:48:39.0664 6320 uliagpkx - ok
16:48:39.0691 6320 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:48:39.0705 6320 uliahci - ok
16:48:39.0729 6320 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:48:39.0741 6320 UlSata - ok
16:48:39.0760 6320 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:48:39.0771 6320 ulsata2 - ok
16:48:39.0794 6320 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:48:39.0814 6320 umbus - ok
16:48:39.0888 6320 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:48:39.0922 6320 upnphost - ok
16:48:39.0938 6320 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:48:39.0969 6320 USBAAPL - ok
16:48:39.0997 6320 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:40.0026 6320 usbccgp - ok
16:48:40.0071 6320 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:48:40.0116 6320 usbcir - ok
16:48:40.0134 6320 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:48:40.0151 6320 usbehci - ok
16:48:40.0173 6320 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:48:40.0192 6320 usbhub - ok
16:48:40.0209 6320 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:48:40.0255 6320 usbohci - ok
16:48:40.0288 6320 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:48:40.0318 6320 usbprint - ok
16:48:40.0357 6320 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:40.0374 6320 USBSTOR - ok
16:48:40.0408 6320 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:40.0423 6320 usbuhci - ok
16:48:40.0460 6320 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:48:40.0483 6320 UxSms - ok
16:48:40.0529 6320 [ 907C6BCE7A235B128A585040B5E7D319 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:48:40.0537 6320 UxTuneUp - ok
16:48:40.0570 6320 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:48:40.0600 6320 vds - ok
16:48:40.0658 6320 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:40.0708 6320 vga - ok
16:48:40.0739 6320 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:48:40.0766 6320 VgaSave - ok
16:48:40.0814 6320 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:48:40.0824 6320 viaagp - ok
16:48:40.0833 6320 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:48:40.0866 6320 ViaC7 - ok
16:48:40.0888 6320 [ 689547CE911998D1E0DA7A5992E025FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:48:40.0899 6320 viaide - ok
16:48:40.0925 6320 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:48:40.0936 6320 volmgr - ok
16:48:40.0953 6320 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:48:40.0970 6320 volmgrx - ok
16:48:40.0991 6320 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:48:41.0006 6320 volsnap - ok
16:48:41.0029 6320 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:48:41.0041 6320 vsmraid - ok
16:48:41.0089 6320 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:48:41.0157 6320 VSS - ok
16:48:41.0205 6320 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:48:41.0235 6320 W32Time - ok
16:48:41.0253 6320 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:48:41.0285 6320 WacomPen - ok
16:48:41.0315 6320 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0343 6320 Wanarp - ok
16:48:41.0346 6320 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0362 6320 Wanarpv6 - ok
16:48:41.0379 6320 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:48:41.0413 6320 wcncsvc - ok
16:48:41.0459 6320 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:41.0482 6320 WcsPlugInService - ok
16:48:41.0503 6320 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:48:41.0513 6320 Wd - ok
16:48:41.0550 6320 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:48:41.0579 6320 Wdf01000 - ok
16:48:41.0608 6320 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:48:41.0642 6320 WdiServiceHost - ok
16:48:41.0644 6320 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:48:41.0665 6320 WdiSystemHost - ok
16:48:41.0703 6320 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:48:41.0725 6320 WebClient - ok
16:48:41.0751 6320 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:48:41.0834 6320 Wecsvc - ok
16:48:41.0851 6320 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:48:41.0899 6320 wercplsupport - ok
16:48:41.0913 6320 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:48:41.0945 6320 WerSvc - ok
16:48:41.0992 6320 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:48:42.0007 6320 WinDefend - ok
16:48:42.0019 6320 WinHttpAutoProxySvc - ok
16:48:42.0079 6320 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:48:42.0099 6320 Winmgmt - ok
16:48:42.0147 6320 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:48:42.0210 6320 WinRM - ok
16:48:42.0287 6320 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:48:42.0338 6320 Wlansvc - ok
16:48:42.0432 6320 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:48:42.0443 6320 wlcrasvc - ok
16:48:42.0506 6320 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:42.0568 6320 wlidsvc - ok
16:48:42.0639 6320 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:48:42.0673 6320 WmiAcpi - ok
16:48:42.0705 6320 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:48:42.0723 6320 wmiApSrv - ok
16:48:42.0825 6320 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:48:42.0914 6320 WMPNetworkSvc - ok
16:48:42.0949 6320 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:48:43.0000 6320 WPCSvc - ok
16:48:43.0054 6320 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:48:43.0088 6320 WPDBusEnum - ok
16:48:43.0121 6320 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:48:43.0136 6320 WpdUsb - ok
16:48:43.0237 6320 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:48:43.0268 6320 WPFFontCache_v0400 - ok
16:48:43.0296 6320 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:48:43.0328 6320 ws2ifsl - ok
16:48:43.0383 6320 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:48:43.0407 6320 wscsvc - ok
16:48:43.0409 6320 WSearch - ok
16:48:43.0475 6320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:48:43.0557 6320 wuauserv - ok
16:48:43.0604 6320 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:43.0635 6320 WUDFRd - ok
16:48:43.0677 6320 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:48:43.0704 6320 wudfsvc - ok
16:48:43.0709 6320 ================ Scan global ===============================
16:48:43.0767 6320 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:48:43.0848 6320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0911 6320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0956 6320 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:48:43.0960 6320 [Global] - ok
16:48:43.0960 6320 ================ Scan MBR ==================================
16:48:43.0970 6320 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:48:44.0193 6320 \Device\Harddisk0\DR0 - ok
16:48:44.0698 6320 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:48:44.0768 6320 \Device\Harddisk1\DR1 - ok
16:48:44.0773 6320 [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk2\DR2
16:48:45.0254 6320 \Device\Harddisk2\DR2 - ok
16:48:45.0257 6320 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
16:48:45.0696 6320 \Device\Harddisk3\DR3 - ok
16:48:45.0701 6320 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
16:48:46.0001 6320 \Device\Harddisk7\DR7 - ok
16:48:46.0001 6320 ================ Scan VBR ==================================
16:48:46.0015 6320 [ 00FE51FB04665998467DD841A0F91AA6 ] \Device\Harddisk0\DR0\Partition1
16:48:46.0016 6320 \Device\Harddisk0\DR0\Partition1 - ok
16:48:46.0022 6320 [ 8FFD48703247813319D7E8627F5AA7AC ] \Device\Harddisk0\DR0\Partition2
16:48:46.0023 6320 \Device\Harddisk0\DR0\Partition2 - ok
16:48:46.0025 6320 [ C2145BA030F4A2050396FE6E25E3D395 ] \Device\Harddisk1\DR1\Partition1
16:48:46.0026 6320 \Device\Harddisk1\DR1\Partition1 - ok
16:48:46.0045 6320 [ 354C6CF087204D414CB8CE98F9FDD041 ] \Device\Harddisk1\DR1\Partition2
16:48:46.0046 6320 \Device\Harddisk1\DR1\Partition2 - ok
16:48:46.0061 6320 [ 81726D43935D6F3C9450FBFA30FA015A ] \Device\Harddisk1\DR1\Partition3
16:48:46.0062 6320 \Device\Harddisk1\DR1\Partition3 - ok
16:48:46.0064 6320 [ 9F93C106FE13C4459EE092CF682D76F7 ] \Device\Harddisk2\DR2\Partition1
16:48:46.0066 6320 \Device\Harddisk2\DR2\Partition1 - ok
16:48:46.0068 6320 [ B2EBB3BA489B111223846B246BC9CCB6 ] \Device\Harddisk3\DR3\Partition1
16:48:46.0070 6320 \Device\Harddisk3\DR3\Partition1 - ok
16:48:46.0074 6320 [ 5BA2922A37A604B41C964CA63B32B008 ] \Device\Harddisk7\DR7\Partition1
16:48:46.0076 6320 \Device\Harddisk7\DR7\Partition1 - ok
16:48:46.0077 6320 ============================================================
16:48:46.0077 6320 Scan finished
16:48:46.0077 6320 ============================================================
16:48:46.0082 2152 Detected object count: 6
16:48:46.0082 2152 Actual detected object count: 6
16:49:32.0786 2152 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0787 2152 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0788 2152 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0788 2152 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0789 2152 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0789 2152 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:32.0790 2152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0790 2152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:15.0743 7216 Deinitialize success
|
|
23.09.2012, 15:54
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 17:48
| #21 |
| | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Combofix Logfile: Code:
ATTFilter ComboFix 12-09-23.02 - Mirja und Oliver 23.09.2012 17:34:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.1739 [GMT 2:00]
ausgeführt von:: c:\users\Mirja und Oliver\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-23 bis 2012-09-23 ))))))))))))))))))))))))))))))
.
.
2012-09-23 16:18 . 2012-09-23 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 14:16 . 2012-09-22 14:16 -------- d-----w- c:\windows\Hewlett-Packard
2012-09-22 08:47 . 2012-09-22 08:47 -------- d-----w- c:\programdata\WEBREG
2012-09-22 08:42 . 2012-09-22 08:42 -------- d-----w- c:\programdata\HP Product Assistant
2012-09-22 08:41 . 2012-09-22 08:41 -------- d-----w- c:\program files\Common Files\HP
2012-09-22 08:40 . 2008-10-28 10:49 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2012-09-22 08:38 . 2008-10-28 10:49 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2012-09-22 08:37 . 2012-09-22 14:18 -------- d-----w- c:\program files\HP
2012-09-22 08:36 . 2012-09-22 08:44 -------- d-----w- c:\programdata\HP
2012-09-22 08:36 . 2008-10-30 22:23 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-09-22 08:36 . 2008-10-30 22:23 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-09-22 08:36 . 2008-10-30 22:23 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-09-21 20:07 . 2012-09-21 20:07 -------- d-----w- c:\programdata\SlySoft
2012-09-21 20:07 . 2012-09-21 20:07 -------- d-----w- c:\program files\SlySoft
2012-09-21 19:27 . 2012-09-21 19:27 -------- d-----w- C:\_OTL
2012-09-20 18:18 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 18:17 . 2012-09-20 18:17 -------- d-----w- c:\program files\iPod
2012-09-20 18:17 . 2012-09-20 18:18 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 18:17 . 2012-09-20 18:18 -------- d-----w- c:\program files\iTunes
2012-09-17 15:03 . 2012-09-17 15:03 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-09-14 20:51 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{630259E1-B650-4F6F-830F-F6AB55059D6B}\mpengine.dll
2012-09-14 19:01 . 2012-09-14 19:01 -------- d-----w- c:\program files\Mobipocket.com
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-13 10:20 . 2012-09-13 10:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-09-13 10:19 . 2012-09-13 10:20 -------- d-----w- c:\program files\QuickTime
2012-09-12 14:17 . 2012-09-12 14:17 -------- d-----w- c:\program files\7-Zip
2012-09-12 11:31 . 2012-09-12 11:38 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-12 10:54 . 2012-09-12 10:54 15600 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2012-09-12 10:54 . 2012-09-12 10:54 30416 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-09-12 06:50 . 2012-09-12 06:50 -------- d-----w- c:\programdata\CyberLink
2012-09-12 06:50 . 2012-09-12 06:50 -------- d-----w- c:\users\Public\CyberLink
2012-09-12 06:47 . 2012-09-12 06:47 -------- d-----w- c:\program files\Common Files\Nikon
2012-09-12 06:45 . 2012-09-12 06:45 -------- d-----w- c:\program files\CyberLink
2012-09-12 06:44 . 2012-09-12 06:44 -------- d-----w- c:\programdata\install_clap
2012-09-11 03:15 . 2012-09-11 03:15 -------- d-----w- c:\program files\StreamTransport
2012-09-11 03:15 . 2009-10-27 17:31 3982240 ----a-w- c:\windows\system32\Flash10d.ocx
2012-09-11 03:09 . 2012-09-11 03:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2012-09-11 03:09 . 2012-09-11 03:10 -------- d-----w- c:\program files\DVDVideoSoft
2012-09-11 02:59 . 2012-09-11 02:59 -------- d-----w- c:\program files\Youtube Downloader HD
2012-09-11 02:51 . 2012-09-11 02:51 -------- d-----w- c:\program files\Amazon
2012-09-07 11:40 . 2012-09-07 11:40 -------- d-----w- c:\program files\VideoLAN
2012-09-06 20:58 . 2012-09-06 20:58 -------- d-----w- c:\users\UpdatusUser
2012-09-06 20:56 . 2012-09-23 00:50 -------- d-----w- c:\programdata\NVIDIA
2012-09-06 20:55 . 2012-05-15 09:28 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-09-06 20:55 . 2012-05-15 09:28 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-09-06 20:55 . 2012-05-15 09:28 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-09-06 20:55 . 2012-05-15 09:27 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-09-06 20:55 . 2012-05-15 09:28 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-06 20:55 . 2012-05-15 09:28 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-06 20:53 . 2012-05-15 10:26 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-06 20:44 . 2012-05-15 10:26 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-09-06 20:44 . 2012-05-15 10:26 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-09-06 20:44 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-09-06 20:44 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-09-06 20:44 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-06 20:44 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-06 20:44 . 2012-05-15 10:26 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-09-06 20:44 . 2012-05-15 10:26 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-06 20:44 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-06 20:44 . 2012-05-15 10:26 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-09-06 20:44 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-06 20:42 . 2012-09-06 20:42 -------- d-----w- C:\NVIDIA
2012-09-06 15:32 . 2012-09-06 15:32 -------- d-----w- c:\program files\NewBlue
2012-09-06 15:29 . 2012-09-06 15:29 -------- d-----w- c:\program files\proDAD
2012-09-06 12:29 . 2012-09-06 12:29 -------- d-----w- c:\program files\MSXML 4.0
2012-09-06 10:04 . 2012-09-06 10:04 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2012-09-06 10:04 . 2003-03-18 19:20 1060864 ------w- c:\windows\system32\mfc71.dll
2012-09-06 10:04 . 2003-03-18 18:14 499712 ------w- c:\windows\system32\msvcp71.dll
2012-09-06 10:04 . 2003-02-21 02:42 348160 ------w- c:\windows\system32\msvcr71.dll
2012-09-06 10:04 . 2001-08-17 20:43 24576 ------w- c:\windows\system32\msxml3a.dll
2012-09-06 10:03 . 2012-09-06 10:04 -------- d-----w- c:\program files\Audible
2012-09-06 07:23 . 2012-09-06 12:33 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-09-06 06:45 . 2011-12-13 08:35 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-06 06:45 . 2011-12-13 08:29 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-09-06 06:45 . 2011-12-13 08:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-06 06:44 . 2012-09-06 06:48 -------- d-----w- c:\program files\TuneUp Utilities 2011
2012-09-06 06:44 . 2012-09-06 06:48 -------- d-----w- c:\programdata\TuneUp Software
2012-09-06 06:44 . 2012-09-06 06:44 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-09-06 06:13 . 2012-09-06 06:17 -------- d-----w- c:\programdata\Buhl Data Service GmbH
2012-09-06 06:13 . 2012-09-23 09:45 -------- d-----w- c:\program files\Buhl
2012-09-06 05:49 . 2012-09-06 05:52 -------- d-----w- c:\programdata\Roxio
2012-09-06 05:45 . 2012-09-06 05:45 -------- d-----w- c:\programdata\Fungusware
2012-09-06 05:40 . 2012-09-06 05:40 -------- d-----w- c:\program files\Glorylogic
2012-09-06 05:37 . 2012-09-06 05:37 -------- d-----w- c:\program files\XnConvert
2012-09-06 04:50 . 2012-09-06 04:50 -------- d-----w- c:\windows\de
2012-09-06 04:46 . 2012-09-06 04:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-06 04:42 . 2012-09-06 04:50 -------- d-----w- c:\program files\Windows Live
2012-09-06 04:41 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-09-06 04:41 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-09-06 04:41 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-09-06 04:41 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-09-06 04:40 . 2012-09-06 04:40 -------- d-----w- c:\program files\Common Files\Windows Live
2012-09-06 04:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-09-06 04:38 . 2012-09-06 04:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-06 04:18 . 2012-09-06 04:18 -------- d-----w- c:\program files\ipswDownloader
2012-09-06 04:12 . 2012-09-06 04:12 -------- d-----w- c:\program files\CRIMSON COW
2012-09-05 21:21 . 2012-09-05 21:21 -------- d-----w- c:\program files\Microsoft
2012-09-05 21:20 . 2012-09-06 08:59 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2012-09-05 21:18 . 2012-09-05 21:18 -------- d-----w- c:\program files\Common Files\xara
2012-09-05 21:06 . 2012-09-18 15:43 -------- d-----w- c:\programdata\MAGIX
2012-09-05 21:06 . 2012-09-06 15:38 -------- d-----w- c:\program files\MAGIX
2012-09-05 21:06 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2012-09-05 21:05 . 2012-09-06 15:25 -------- d-----w- c:\windows\system32\MAGIX
2012-09-05 21:05 . 2007-01-16 08:55 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2012-09-05 20:48 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-09-05 20:48 . 2009-02-27 01:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-09-05 20:47 . 2012-09-05 21:15 -------- d-----w- c:\program files\Microsoft Works
2012-09-05 20:46 . 2012-09-05 20:46 -------- d-----w- c:\windows\PCHEALTH
2012-09-05 20:43 . 2012-09-06 15:31 -------- d-----w- c:\programdata\Microsoft Help
2012-09-05 18:52 . 2012-09-05 18:52 -------- d-----w- c:\program files\PhotomatixPro4
2012-09-05 18:42 . 2012-09-05 18:42 -------- d-----w- c:\program files\Franzis
2012-09-02 04:42 . 2012-09-20 18:18 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-02 04:42 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-02 04:41 . 2012-09-02 04:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-09-02 04:24 . 2009-11-09 07:48 61952 ----a-w- c:\windows\system32\cjtpl.cpl
2012-09-02 04:15 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-09-02 04:15 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-09-02 04:15 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-09-02 04:15 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-09-02 04:15 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 04:42 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-01 15:11 . 2012-09-01 15:11 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-08-31 05:15 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-08-31 05:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-08-29 18:07 . 2012-08-29 18:07 45056 ----a-w- c:\windows\system32\drivers\de-DE\http.sys.mui
2012-08-29 05:08 . 2012-08-29 05:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-07-10 09:43 . 2012-07-10 09:43 759176 ----a-w- c:\windows\system32\DLLAV32.dll
2012-07-10 09:43 . 2012-07-10 09:43 226696 ----a-w- c:\windows\system32\DLLDEV32.dll
2012-07-10 09:43 . 2012-07-10 09:43 157064 ----a-w- c:\windows\system32\DLLCPY32.dll
2012-07-10 09:43 . 2012-07-10 09:43 99720 ----a-w- c:\windows\system32\DLLIO32.dll
2012-07-10 09:43 . 2012-07-10 09:43 95624 ----a-w- c:\windows\system32\DLLPRF32.dll
2012-07-10 09:43 . 2012-07-10 09:43 83336 ----a-w- c:\windows\system32\DLLPNT32.dll
2012-07-10 09:43 . 2012-07-10 09:43 218504 ----a-w- c:\windows\system32\DLLDRV32.dll
2012-07-10 09:43 . 2012-07-10 09:43 71048 ----a-w- c:\windows\system32\STRING32.dll
2012-07-10 09:43 . 2012-07-10 09:43 304520 ----a-w- c:\windows\system32\DLLRES32.dll
2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-05-24 985624]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe" [2008-08-07 90112]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-11 02:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080611
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-23 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\MIRJAU~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManagerDeluxe.9.alb"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-09-23 18:21:05
ComboFix-quarantined-files.txt 2012-09-23 16:21
.
Vor Suchlauf: 11 Verzeichnis(se), 371.154.554.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 371.344.936.960 Bytes frei
.
- - End Of File - - 9028209FE3202F8C2C933AB2F816057E
|
|
23.09.2012, 19:20
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 15:15
| #23 |
| | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-24 16:12:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500630AS rev.3.ADJ
Running: 0dockhvs.exe; Driver: C:\Users\MIRJAU~1\AppData\Local\Temp\aftyruow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7460B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745F73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7464CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:19:45 on 24.09.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Apple Inc. Safari 5.1.7 (7534.57.2) Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "cjtpl.cpl" - " REINER SCT" - C:\Windows\system32\cjtpl.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aftyruow" (aftyruow) - ? - C:\Users\MIRJAU~1\AppData\Local\Temp\aftyruow.sys (Hidden registry entry, rootkit activity | File not found) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "catchme" (catchme) - ? - C:\Users\MIRJAU~1\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "Franson VSerial" (bizVSerial) - "franson.biz" - C:\Windows\System32\drivers\bizVSerialNT.sys "G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys "G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys "GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys "GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys "GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys "HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {EBDF1F20-C829-11D1-8233-0020AF3E97A9} "Auslogics Products Context Menu Shell Extension" - "Auslogics" - C:\PROGRA~1\AUSLOG~1\AUSLOG~1\AUSSHE~1.DLL {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\Windows\Downloaded Program Files\A9.ocx / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/A9.ocx {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/hidinputmonitorx.ocx {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/wmvhdrating.ocx {7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? - (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe "GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "TrayServer" - "MAGIX AG" - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL Language Monitor" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l696.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\Windows\system32\cjpcsc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe "G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe "G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe "G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe "G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "G Data Software AG" - C:\Windows\system32\GdScrSv.scr -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-24 17:25:13
-----------------------------
17:25:13.431 OS Version: Windows 6.0.6002 Service Pack 2
17:25:13.431 Number of processors: 2 586 0x1706
17:25:13.433 ComputerName: MIRJAUNDOLIV-PC UserName:
17:25:14.916 Initialize success
17:25:24.573 AVAST engine defs: 12092400
17:25:30.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:25:30.595 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
17:25:30.606 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
17:25:30.609 Disk 1 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
17:25:30.708 Disk 0 MBR read successfully
17:25:30.717 Disk 0 MBR scan
17:25:30.746 Disk 0 Windows VISTA default MBR code
17:25:30.759 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:25:30.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
17:25:30.796 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466636 MB offset 21100544
17:25:30.826 Disk 0 scanning sectors +976771072
17:25:31.040 Disk 0 scanning C:\Windows\system32\drivers
17:26:09.737 Service scanning
17:26:31.152 Modules scanning
17:26:54.987 Disk 0 trace - called modules:
17:26:55.014 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:26:55.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86307828]
17:26:55.027 3 CLASSPNP.SYS[8afa78b3] -> nt!IofCallDriver -> [0x858b0e48]
17:26:55.033 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858d68a0]
17:26:55.771 AVAST engine scan C:\Windows
17:27:06.658 AVAST engine scan C:\Windows\system32
17:33:26.147 AVAST engine scan C:\Windows\system32\drivers
17:34:29.329 AVAST engine scan C:\Users\Mirja und Oliver
18:11:44.477 AVAST engine scan C:\ProgramData
18:25:44.529 Scan finished successfully
19:44:52.862 Disk 0 MBR has been saved successfully to "C:\Users\Mirja und Oliver\Desktop\MBR.dat"
19:44:52.868 The log file has been saved successfully to "C:\Users\Mirja und Oliver\Desktop\aswMBR.txt"
|
|
24.09.2012, 19:37
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 21:02
| #25 |
| | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschüttelnCode:
ATTFilter
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mirja und Oliver :: MIRJAUNDOLIV-PC [Administrator]
Schutz: Aktiviert
25.09.2012 16:06:06
mbam-log-2012-09-25 (16-06-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|L:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 659789
Laufzeit: 3 Stunde(n), 20 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/25/2012 at 09:18 PM
Application Version : 5.5.1022
Core Rules Database Version : 9288
Trace Rules Database Version: 7100
Scan type : Complete Scan
Total Scan Time : 01:47:42
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 676
Memory threats detected : 0
Registry items scanned : 37945
Registry threats detected : 0
File items scanned : 54380
File threats detected : 41
Adware.Tracking Cookie
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\1PUA5YXY.txt [ /amazon-adsystem.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\JYHSC7PO.txt [ /ad.yieldmanager.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\ROZCT52A.txt [ /atdmt.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\7CB9UK4X.txt [ /ads.creative-serving.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\1J9V1I1X.txt [ /ads.pubmatic.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\CR387SNM.txt [ /zanox-affiliate.de ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\X520SRZ0.txt [ /adtech.de ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\XYJTQJSU.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\BO70CK2E.txt [ /zanox.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\MT1K4JU3.txt [ /mediaplex.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WG0L3N80.txt [ /tomtailor.dyntracker.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\ARE2JWQA.txt [ /doubleclick.net ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\J8GL28UH.txt [ /invitemedia.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TRQFH0B1.txt [ /accounts.google.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TF30SE8E.txt [ /apmebf.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\BO1EFBFO.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\8HGT6T26.txt [ /revsci.net ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TYXLEFOY.txt [ /adfarm1.adition.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\YMQWX5OV.txt [ /track.effiliation.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\MJ5N3APR.txt [ /imrworldwide.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WOL1LPDD.txt [ /track.effiliation.com ]
C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WCLE5VYZ.txt [ /serving-sys.com ]
C:\USERS\MIRJA UND OLIVER\Cookies\1PUA5YXY.txt [ Cookie:mirja und oliver@amazon-adsystem.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\JYHSC7PO.txt [ Cookie:mirja und oliver@ad.yieldmanager.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\ROZCT52A.txt [ Cookie:mirja und oliver@atdmt.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\CR387SNM.txt [ Cookie:mirja und oliver@zanox-affiliate.de/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\X520SRZ0.txt [ Cookie:mirja und oliver@adtech.de/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\BO70CK2E.txt [ Cookie:mirja und oliver@zanox.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\MT1K4JU3.txt [ Cookie:mirja und oliver@mediaplex.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\WG0L3N80.txt [ Cookie:mirja und oliver@tomtailor.dyntracker.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\ARE2JWQA.txt [ Cookie:mirja und oliver@doubleclick.net/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\TRQFH0B1.txt [ Cookie:mirja und oliver@accounts.google.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\TF30SE8E.txt [ Cookie:mirja und oliver@apmebf.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\8HGT6T26.txt [ Cookie:mirja und oliver@revsci.net/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\TYXLEFOY.txt [ Cookie:mirja und oliver@adfarm1.adition.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\YMQWX5OV.txt [ Cookie:mirja und oliver@track.effiliation.com/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\MJ5N3APR.txt [ Cookie:mirja und oliver@imrworldwide.com/cgi-bin ]
C:\USERS\MIRJA UND OLIVER\Cookies\WOL1LPDD.txt [ Cookie:mirja und oliver@track.effiliation.com/servlet/ ]
C:\USERS\MIRJA UND OLIVER\Cookies\WCLE5VYZ.txt [ Cookie:mirja und oliver@serving-sys.com/ ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MIRJA_UND_OLIVER@ATDMT[2].TXT [ /ATDMT ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MIRJA_UND_OLIVER@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
|
|
26.09.2012, 13:23
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln |
| analyse, anderes, antimalware, beseitigen, desktop, ebenfalls, einfach, entfernt, fehler, file, gekauft, hochfahren, kaspersky, komplett, malwarebytes, malwarebytes antimalware, neu, nichts, probleme, programm, scan, scanner, sperrbildschirm, trojaner, version, virenscanner |
Linear-Darstellung
