| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt durch BundespolizeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2012, 16:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Computer gesperrt durch BundespolizeiCode:
ATTFilter Computer Name: ZANKIT-SERVER
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2012, 16:47
| #17 |
 | Computer gesperrt durch Bundespolizei nja, als ich den Rechner gekauft hab, damals..., wollte ich ein Heimnetzwerk einrichten und hab mir gedacht "Server" wäre ein guter Name,.. allerdings bin ich kläglich gescheitert.
__________________Dementsprechend wird das Teil einfach nur als Destop-PC genutzt. |
|
27.09.2012, 16:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
[2009.10.01 12:35:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.10 12:58:19 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011.04.06 11:26:55 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.07 12:08:34 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007.02.08 05:09:56 | 000,000,235 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\Shell\AutoRun\command - "" = I:\DVD-WRITER.exe
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell - "" = AutoRun
O33 - MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
:Files
C:\ProgramData\deahgmifjhzytbh
C:\ProgramData\eqqivvaivoarqqp
C:\Program Files\iMesh Applications\MediaBar
C:\Users\All Users\deahgmifjhzytbh
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
27.09.2012, 17:10
| #19 |
| | Computer gesperrt durch BundespolizeiCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4186664120-1864476494-1613251376-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "hxxp://search.myheritage.com/" removed from browser.startup.homepage
Prefs.js: 2 removed from network.proxy.type
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\zankit\AppData\Roaming\mozilla\Firefox\Profiles\m914852j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4186664120-1864476494-1613251376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTORUN.INF moved successfully.
File move failed. I:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{015344e4-d855-11e0-8831-001d9296f183}\ not found.
File I:\DVD-WRITER.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0574db31-6074-11dd-b0ac-001d9296f183}\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23ffc017-32f6-11de-91ef-001d9296f183}\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
========== FILES ==========
C:\ProgramData\deahgmifjhzytbh folder moved successfully.
C:\ProgramData\eqqivvaivoarqqp moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar folder moved successfully.
File\Folder C:\Users\All Users\deahgmifjhzytbh not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\zankit\Desktop\cmd.bat deleted successfully.
C:\Users\zankit\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 579558 bytes
->Temporary Internet Files folder emptied: 7419879 bytes
->Flash cache emptied: 559 bytes
User: kaba
->Temp folder emptied: 1691884 bytes
->Temporary Internet Files folder emptied: 34603772 bytes
->Flash cache emptied: 956 bytes
User: Public
User: zankit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 411298707 bytes
->Java cache emptied: 7358203 bytes
->FireFox cache emptied: 29193674 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1927837 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 350652910 bytes
RecycleBin emptied: 262144 bytes
Total Files Cleaned = 806,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09272012_175817
Files\Folders moved on Reboot...
File move failed. I:\Autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\explorer.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
27.09.2012, 20:18
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 08:38
| #21 |
| | Computer gesperrt durch BundespolizeiCode:
ATTFilter 09:33:33.0518 4768 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:33:33.0565 4768 ============================================================
09:33:33.0565 4768 Current date / time: 2012/09/28 09:33:33.0565
09:33:33.0565 4768 SystemInfo:
09:33:33.0565 4768
09:33:33.0565 4768 OS Version: 6.0.6002 ServicePack: 2.0
09:33:33.0565 4768 Product type: Workstation
09:33:33.0565 4768 ComputerName: ZANKIT-SERVER
09:33:33.0565 4768 UserName: zankit
09:33:33.0565 4768 Windows directory: C:\Windows
09:33:33.0565 4768 System windows directory: C:\Windows
09:33:33.0566 4768 Processor architecture: Intel x86
09:33:33.0566 4768 Number of processors: 4
09:33:33.0566 4768 Page size: 0x1000
09:33:33.0566 4768 Boot type: Normal boot
09:33:33.0566 4768 ============================================================
09:33:34.0006 4768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:33:34.0041 4768 ============================================================
09:33:34.0041 4768 \Device\Harddisk0\DR0:
09:33:34.0041 4768 MBR partitions:
09:33:34.0041 4768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
09:33:34.0062 4768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
09:33:34.0062 4768 ============================================================
09:33:34.0112 4768 C: <-> \Device\Harddisk0\DR0\Partition1
09:33:34.0130 4768 D: <-> \Device\Harddisk0\DR0\Partition2
09:33:34.0130 4768 ============================================================
09:33:34.0130 4768 Initialize success
09:33:34.0130 4768 ============================================================
09:34:23.0083 4324 ============================================================
09:34:23.0083 4324 Scan started
09:34:23.0083 4324 Mode: Manual; SigCheck; TDLFS;
09:34:23.0083 4324 ============================================================
09:34:23.0756 4324 ================ Scan system memory ========================
09:34:23.0756 4324 System memory - ok
09:34:23.0757 4324 ================ Scan services =============================
09:34:23.0912 4324 [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys
09:34:24.0182 4324 3xHybrid - ok
09:34:24.0247 4324 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:34:24.0274 4324 ACPI - ok
09:34:24.0368 4324 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:34:24.0389 4324 AdobeFlashPlayerUpdateSvc - ok
09:34:24.0465 4324 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:34:24.0497 4324 adp94xx - ok
09:34:24.0530 4324 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:34:24.0555 4324 adpahci - ok
09:34:24.0575 4324 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:34:24.0602 4324 adpu160m - ok
09:34:24.0631 4324 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:34:24.0652 4324 adpu320 - ok
09:34:24.0685 4324 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:34:24.0754 4324 AeLookupSvc - ok
09:34:24.0794 4324 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:34:24.0877 4324 AFD - ok
09:34:24.0912 4324 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:34:24.0932 4324 agp440 - ok
09:34:24.0969 4324 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:34:24.0989 4324 aic78xx - ok
09:34:25.0020 4324 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:34:25.0156 4324 ALG - ok
09:34:25.0177 4324 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:34:25.0196 4324 aliide - ok
09:34:25.0237 4324 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:34:25.0257 4324 amdagp - ok
09:34:25.0279 4324 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:34:25.0298 4324 amdide - ok
09:34:25.0346 4324 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:34:25.0399 4324 AmdK7 - ok
09:34:25.0440 4324 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:34:25.0476 4324 AmdK8 - ok
09:34:25.0573 4324 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:34:25.0635 4324 Appinfo - ok
09:34:25.0749 4324 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:34:25.0767 4324 Apple Mobile Device - ok
09:34:25.0791 4324 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:34:25.0812 4324 arc - ok
09:34:25.0850 4324 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:34:25.0870 4324 arcsas - ok
09:34:25.0920 4324 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:25.0958 4324 AsyncMac - ok
09:34:26.0004 4324 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
09:34:26.0023 4324 atapi - ok
09:34:26.0083 4324 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:34:26.0127 4324 AudioEndpointBuilder - ok
09:34:26.0149 4324 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:34:26.0179 4324 Audiosrv - ok
09:34:26.0236 4324 [ D5FB1AB93FD6C42B0EA1929995E9DE51 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
09:34:26.0278 4324 avc3 - ok
09:34:26.0317 4324 [ 04FE75E4ECBE2C964735F7F4503F40D2 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
09:34:26.0369 4324 avckf - ok
09:34:26.0418 4324 [ 8D4EFC5C378BFFE34C298C92F37D3B14 ] bdfm C:\Windows\system32\DRIVERS\bdfm.sys
09:34:26.0439 4324 bdfm - ok
09:34:26.0483 4324 [ 817FC12BC93A70B0449EBEFAA4D6F4D2 ] Bdfndisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
09:34:26.0501 4324 Bdfndisf - ok
09:34:26.0524 4324 [ C3E025D46368E3D18085EEF26EF6F6A1 ] bdfsfltr C:\Windows\system32\DRIVERS\bdfsfltr.sys
09:34:26.0550 4324 bdfsfltr - ok
09:34:26.0554 4324 [ C23A8547D5EA6D0C3589961BFB7FF6D3 ] Bdftdif C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
09:34:26.0574 4324 Bdftdif - ok
09:34:26.0630 4324 [ 2DAA9E807C11B4677CAFC1E43A98F8CE ] bdselfpr C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
09:34:26.0650 4324 bdselfpr - ok
09:34:26.0678 4324 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:34:26.0742 4324 Beep - ok
09:34:26.0831 4324 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:34:26.0890 4324 BFE - ok
09:34:26.0959 4324 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
09:34:27.0058 4324 BITS - ok
09:34:27.0097 4324 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:34:27.0129 4324 blbdrive - ok
09:34:27.0190 4324 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:34:27.0213 4324 Bonjour Service - ok
09:34:27.0236 4324 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:34:27.0275 4324 bowser - ok
09:34:27.0319 4324 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:34:27.0362 4324 BrFiltLo - ok
09:34:27.0381 4324 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:34:27.0445 4324 BrFiltUp - ok
09:34:27.0472 4324 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:34:27.0519 4324 Browser - ok
09:34:27.0559 4324 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:34:27.0721 4324 Brserid - ok
09:34:27.0760 4324 [ 56F59A4011F503149AE4DE826982CA4F ] BrSerIf C:\Windows\system32\Drivers\BrSerIf.sys
09:34:27.0793 4324 BrSerIf - ok
09:34:27.0846 4324 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:34:27.0894 4324 BrSerWdm - ok
09:34:27.0912 4324 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:34:27.0974 4324 BrUsbMdm - ok
09:34:27.0991 4324 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
09:34:28.0010 4324 BrUsbSer - ok
09:34:28.0047 4324 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:34:28.0125 4324 BTHMODEM - ok
09:34:28.0161 4324 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:34:28.0201 4324 cdfs - ok
09:34:28.0242 4324 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:34:28.0285 4324 cdrom - ok
09:34:28.0345 4324 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:34:28.0397 4324 CertPropSvc - ok
09:34:28.0417 4324 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:34:28.0455 4324 circlass - ok
09:34:28.0484 4324 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:34:28.0509 4324 CLFS - ok
09:34:28.0581 4324 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:34:28.0601 4324 clr_optimization_v2.0.50727_32 - ok
09:34:28.0699 4324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:34:28.0776 4324 clr_optimization_v4.0.30319_32 - ok
09:34:28.0811 4324 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:34:28.0830 4324 cmdide - ok
09:34:28.0848 4324 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:34:28.0868 4324 Compbatt - ok
09:34:28.0871 4324 COMSysApp - ok
09:34:28.0887 4324 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:34:28.0907 4324 crcdisk - ok
09:34:28.0931 4324 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:34:28.0964 4324 Crusoe - ok
09:34:28.0999 4324 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:34:29.0052 4324 CryptSvc - ok
09:34:29.0093 4324 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:34:29.0173 4324 DcomLaunch - ok
09:34:29.0202 4324 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:34:29.0251 4324 DfsC - ok
09:34:29.0344 4324 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:34:29.0497 4324 DFSR - ok
09:34:29.0551 4324 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:34:29.0596 4324 Dhcp - ok
09:34:29.0650 4324 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:34:29.0671 4324 disk - ok
09:34:29.0744 4324 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:34:29.0782 4324 Dnscache - ok
09:34:29.0808 4324 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:34:29.0852 4324 dot3svc - ok
09:34:29.0908 4324 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:34:29.0941 4324 DPS - ok
09:34:29.0992 4324 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:34:30.0044 4324 drmkaud - ok
09:34:30.0087 4324 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:34:30.0134 4324 DXGKrnl - ok
09:34:30.0192 4324 [ 2DB565612E74E0C01780670270A6FD7F ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
09:34:30.0214 4324 e1express - ok
09:34:30.0255 4324 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:34:30.0321 4324 E1G60 - ok
09:34:30.0354 4324 EagleXNt - ok
09:34:30.0383 4324 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:34:30.0425 4324 EapHost - ok
09:34:30.0488 4324 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:34:30.0510 4324 Ecache - ok
09:34:30.0551 4324 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:34:30.0618 4324 ehRecvr - ok
09:34:30.0636 4324 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:34:30.0664 4324 ehSched - ok
09:34:30.0674 4324 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:34:30.0702 4324 ehstart - ok
09:34:30.0743 4324 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:34:30.0771 4324 elxstor - ok
09:34:30.0844 4324 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:34:30.0957 4324 EMDMgmt - ok
09:34:30.0998 4324 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:34:31.0044 4324 ErrDev - ok
09:34:31.0078 4324 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:34:31.0120 4324 EventSystem - ok
09:34:31.0170 4324 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:34:31.0244 4324 exfat - ok
09:34:31.0280 4324 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:34:31.0323 4324 fastfat - ok
09:34:31.0360 4324 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:34:31.0406 4324 fdc - ok
09:34:31.0417 4324 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:34:31.0449 4324 fdPHost - ok
09:34:31.0460 4324 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:34:31.0522 4324 FDResPub - ok
09:34:31.0547 4324 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:34:31.0567 4324 FileInfo - ok
09:34:31.0609 4324 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:34:31.0643 4324 Filetrace - ok
09:34:31.0800 4324 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe
09:34:31.0908 4324 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
09:34:31.0908 4324 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
09:34:31.0927 4324 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:31.0996 4324 flpydisk - ok
09:34:32.0027 4324 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:34:32.0050 4324 FltMgr - ok
09:34:32.0134 4324 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:34:32.0210 4324 FontCache - ok
09:34:32.0289 4324 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:34:32.0326 4324 FontCache3.0.0.0 - ok
09:34:32.0348 4324 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:34:32.0387 4324 Fs_Rec - ok
09:34:32.0405 4324 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:34:32.0425 4324 gagp30kx - ok
09:34:32.0478 4324 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:34:32.0495 4324 GEARAspiWDM - ok
09:34:32.0558 4324 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
09:34:32.0574 4324 getPlusHelper - ok
09:34:32.0720 4324 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:34:32.0737 4324 GoogleDesktopManager-051210-111108 - ok
09:34:32.0771 4324 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:34:32.0851 4324 gpsvc - ok
09:34:32.0907 4324 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:34:32.0924 4324 gupdate - ok
09:34:32.0940 4324 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:34:32.0957 4324 gupdatem - ok
09:34:33.0001 4324 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:34:33.0022 4324 gusvc - ok
09:34:33.0079 4324 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:34:33.0139 4324 HdAudAddService - ok
09:34:33.0169 4324 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:34:33.0219 4324 HDAudBus - ok
09:34:33.0236 4324 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:34:33.0298 4324 HidBth - ok
09:34:33.0315 4324 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:34:33.0379 4324 HidIr - ok
09:34:33.0403 4324 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
09:34:33.0455 4324 hidserv - ok
09:34:33.0472 4324 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:34:33.0513 4324 HidUsb - ok
09:34:33.0547 4324 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:34:33.0580 4324 hkmsvc - ok
09:34:33.0594 4324 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:34:33.0614 4324 HpCISSs - ok
09:34:33.0654 4324 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:34:33.0747 4324 HTTP - ok
09:34:33.0776 4324 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:34:33.0796 4324 i2omp - ok
09:34:33.0834 4324 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:33.0874 4324 i8042prt - ok
09:34:33.0974 4324 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:34:34.0000 4324 IAANTMON - ok
09:34:34.0044 4324 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:34:34.0065 4324 iaStor - ok
09:34:34.0086 4324 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:34:34.0110 4324 iaStorV - ok
09:34:34.0196 4324 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:34:34.0207 4324 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:34:34.0207 4324 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:34:34.0275 4324 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:34:34.0321 4324 idsvc - ok
09:34:34.0350 4324 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:34:34.0368 4324 iirsp - ok
09:34:34.0426 4324 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:34:34.0488 4324 IKEEXT - ok
09:34:34.0553 4324 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:34:34.0638 4324 IntcAzAudAddService - ok
09:34:34.0712 4324 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:34:34.0731 4324 intelide - ok
09:34:34.0746 4324 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:34:34.0782 4324 intelppm - ok
09:34:34.0806 4324 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:34:34.0852 4324 IPBusEnum - ok
09:34:34.0870 4324 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:34.0908 4324 IpFilterDriver - ok
09:34:34.0932 4324 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:34:34.0973 4324 iphlpsvc - ok
09:34:34.0976 4324 IpInIp - ok
09:34:34.0996 4324 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:34:35.0028 4324 IPMIDRV - ok
09:34:35.0040 4324 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:34:35.0085 4324 IPNAT - ok
09:34:35.0125 4324 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:34:35.0170 4324 iPod Service - ok
09:34:35.0209 4324 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:34:35.0240 4324 IRENUM - ok
09:34:35.0259 4324 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:34:35.0279 4324 isapnp - ok
09:34:35.0318 4324 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:35.0341 4324 iScsiPrt - ok
09:34:35.0359 4324 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:34:35.0379 4324 iteatapi - ok
09:34:35.0493 4324 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:34:35.0511 4324 iteraid - ok
09:34:35.0527 4324 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:35.0547 4324 kbdclass - ok
09:34:35.0621 4324 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:35.0670 4324 kbdhid - ok
09:34:35.0706 4324 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:34:35.0762 4324 KeyIso - ok
09:34:35.0804 4324 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:34:35.0836 4324 KSecDD - ok
09:34:35.0914 4324 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:34:35.0987 4324 KtmRm - ok
09:34:36.0010 4324 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
09:34:36.0042 4324 LanmanServer - ok
09:34:36.0064 4324 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:34:36.0113 4324 LanmanWorkstation - ok
09:34:36.0144 4324 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:34:36.0204 4324 lltdio - ok
09:34:36.0245 4324 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:34:36.0301 4324 lltdsvc - ok
09:34:36.0317 4324 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:34:36.0365 4324 lmhosts - ok
09:34:36.0381 4324 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:34:36.0402 4324 LSI_FC - ok
09:34:36.0419 4324 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:34:36.0440 4324 LSI_SAS - ok
09:34:36.0453 4324 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:34:36.0474 4324 LSI_SCSI - ok
09:34:36.0479 4324 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:34:36.0522 4324 luafv - ok
09:34:36.0576 4324 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:34:36.0594 4324 LVPr2Mon - ok
09:34:36.0670 4324 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:34:36.0689 4324 LVPrcSrv - ok
09:34:36.0707 4324 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
09:34:36.0729 4324 LVRS - ok
09:34:36.0744 4324 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
09:34:36.0762 4324 LVUSBSta - ok
09:34:36.0781 4324 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:34:36.0819 4324 Mcx2Svc - ok
09:34:36.0851 4324 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:34:36.0871 4324 megasas - ok
09:34:36.0889 4324 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:34:36.0918 4324 MegaSR - ok
09:34:36.0951 4324 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:34:36.0993 4324 MMCSS - ok
09:34:37.0015 4324 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:34:37.0062 4324 Modem - ok
09:34:37.0099 4324 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:34:37.0131 4324 monitor - ok
09:34:37.0162 4324 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:34:37.0181 4324 mouclass - ok
09:34:37.0201 4324 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:34:37.0232 4324 mouhid - ok
09:34:37.0261 4324 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:34:37.0281 4324 MountMgr - ok
09:34:37.0323 4324 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:34:37.0345 4324 mpio - ok
09:34:37.0365 4324 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:34:37.0403 4324 mpsdrv - ok
09:34:37.0433 4324 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:34:37.0493 4324 MpsSvc - ok
09:34:37.0529 4324 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:34:37.0547 4324 Mraid35x - ok
09:34:37.0575 4324 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:34:37.0609 4324 MRxDAV - ok
09:34:37.0646 4324 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:37.0705 4324 mrxsmb - ok
09:34:37.0741 4324 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:37.0773 4324 mrxsmb10 - ok
09:34:37.0778 4324 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:37.0800 4324 mrxsmb20 - ok
09:34:37.0835 4324 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
09:34:37.0854 4324 msahci - ok
09:34:37.0874 4324 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:34:37.0895 4324 msdsm - ok
09:34:37.0922 4324 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:34:37.0971 4324 MSDTC - ok
09:34:37.0991 4324 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:34:38.0023 4324 Msfs - ok
09:34:38.0041 4324 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:34:38.0060 4324 msisadrv - ok
09:34:38.0115 4324 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:34:38.0155 4324 MSiSCSI - ok
09:34:38.0159 4324 msiserver - ok
09:34:38.0199 4324 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:34:38.0256 4324 MSKSSRV - ok
09:34:38.0304 4324 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:38.0335 4324 MSPCLOCK - ok
09:34:38.0354 4324 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:34:38.0385 4324 MSPQM - ok
09:34:38.0404 4324 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:34:38.0426 4324 MsRPC - ok
09:34:38.0440 4324 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:38.0458 4324 mssmbios - ok
09:34:38.0471 4324 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:34:38.0511 4324 MSTEE - ok
09:34:38.0516 4324 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:34:38.0536 4324 Mup - ok
09:34:38.0570 4324 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:34:38.0643 4324 napagent - ok
09:34:38.0689 4324 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:34:38.0714 4324 NativeWifiP - ok
09:34:38.0770 4324 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:34:38.0801 4324 NDIS - ok
09:34:38.0816 4324 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:38.0857 4324 NdisTapi - ok
09:34:38.0876 4324 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:38.0907 4324 Ndisuio - ok
09:34:38.0931 4324 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:38.0970 4324 NdisWan - ok
09:34:38.0975 4324 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:34:39.0002 4324 NDProxy - ok
09:34:39.0099 4324 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
09:34:39.0169 4324 Nero BackItUp Scheduler 3 - ok
09:34:39.0184 4324 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:34:39.0216 4324 NetBIOS - ok
09:34:39.0245 4324 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:34:39.0287 4324 netbt - ok
09:34:39.0300 4324 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:34:39.0322 4324 Netlogon - ok
09:34:39.0352 4324 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:34:39.0400 4324 Netman - ok
09:34:39.0421 4324 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:34:39.0458 4324 netprofm - ok
09:34:39.0493 4324 [ DF938648626332E830A9BD153110AA75 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
09:34:39.0550 4324 netr28u - ok
09:34:39.0574 4324 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:34:39.0594 4324 NetTcpPortSharing - ok
09:34:39.0626 4324 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:34:39.0644 4324 nfrd960 - ok
09:34:39.0664 4324 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:34:39.0709 4324 NlaSvc - ok
09:34:39.0769 4324 [ 37A39E3271842BAE754540FE004D9CB5 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:34:39.0794 4324 NMIndexingService - ok
09:34:39.0829 4324 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:34:39.0856 4324 Npfs - ok
09:34:39.0912 4324 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
09:34:39.0922 4324 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
09:34:39.0922 4324 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
09:34:39.0937 4324 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:34:39.0984 4324 nsi - ok
09:34:39.0994 4324 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:34:40.0025 4324 nsiproxy - ok
09:34:40.0057 4324 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:34:40.0096 4324 Ntfs - ok
09:34:40.0125 4324 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:34:40.0172 4324 ntrigdigi - ok
09:34:40.0176 4324 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:34:40.0229 4324 Null - ok
09:34:40.0526 4324 [ C8CB6135884CBC2A10225C4C3CEF0F95 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:34:40.0942 4324 nvlddmkm - ok
09:34:41.0001 4324 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:34:41.0022 4324 nvraid - ok
09:34:41.0035 4324 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:34:41.0054 4324 nvstor - ok
09:34:41.0074 4324 [ C1303870D5F9EAD4BEB68559AAB7A87B ] nvsvc C:\Windows\system32\nvvsvc.exe
09:34:41.0095 4324 nvsvc - ok
09:34:41.0112 4324 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:34:41.0134 4324 nv_agp - ok
09:34:41.0138 4324 NwlnkFlt - ok
09:34:41.0142 4324 NwlnkFwd - ok
09:34:41.0265 4324 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:34:41.0295 4324 odserv - ok
09:34:41.0337 4324 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:34:41.0371 4324 ohci1394 - ok
09:34:41.0399 4324 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:34:41.0419 4324 ose - ok
09:34:41.0458 4324 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:34:41.0545 4324 p2pimsvc - ok
09:34:41.0555 4324 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:34:41.0586 4324 p2psvc - ok
09:34:41.0607 4324 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:34:41.0656 4324 Parport - ok
09:34:41.0678 4324 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:34:41.0698 4324 partmgr - ok
09:34:41.0713 4324 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:34:41.0786 4324 Parvdm - ok
09:34:41.0808 4324 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:34:41.0858 4324 PcaSvc - ok
09:34:41.0903 4324 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:34:41.0952 4324 pccsmcfd - ok
09:34:41.0981 4324 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:34:42.0004 4324 pci - ok
09:34:42.0016 4324 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
09:34:42.0036 4324 pciide - ok
09:34:42.0053 4324 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:34:42.0074 4324 pcmcia - ok
09:34:42.0129 4324 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:34:42.0204 4324 PEAUTH - ok
09:34:42.0282 4324 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
09:34:42.0300 4324 pepifilter - ok
09:34:42.0383 4324 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
09:34:42.0512 4324 PID_PEPI - ok
09:34:42.0585 4324 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:34:42.0675 4324 pla - ok
09:34:42.0717 4324 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
09:34:42.0748 4324 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
09:34:42.0748 4324 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
09:34:42.0776 4324 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:34:42.0826 4324 PlugPlay - ok
09:34:42.0867 4324 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:34:42.0898 4324 PNRPAutoReg - ok
09:34:42.0945 4324 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:34:42.0975 4324 PNRPsvc - ok
09:34:43.0025 4324 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:34:43.0102 4324 PolicyAgent - ok
09:34:43.0149 4324 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:34:43.0191 4324 PptpMiniport - ok
09:34:43.0211 4324 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:34:43.0262 4324 Processor - ok
09:34:43.0290 4324 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:34:43.0321 4324 ProfSvc - ok
09:34:43.0327 4324 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:34:43.0349 4324 ProtectedStorage - ok
09:34:43.0373 4324 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:34:43.0417 4324 PSched - ok
09:34:43.0482 4324 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:34:43.0547 4324 ql2300 - ok
09:34:43.0582 4324 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:34:43.0603 4324 ql40xx - ok
09:34:43.0656 4324 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:34:43.0692 4324 QWAVE - ok
09:34:43.0710 4324 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:34:43.0733 4324 QWAVEdrv - ok
09:34:43.0864 4324 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
09:34:43.0888 4324 RapportCerberus_42020 - ok
09:34:43.0953 4324 [ 224C195B31F19CC67DFCDDA6FFE403AE ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:34:43.0972 4324 RapportEI - ok
09:34:44.0041 4324 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
09:34:44.0060 4324 RapportIaso - ok
09:34:44.0095 4324 [ BEF9A6B068C2D0882D88A9B688457726 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
09:34:44.0115 4324 RapportKELL - ok
09:34:44.0167 4324 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:34:44.0214 4324 RapportMgmtService - ok
09:34:44.0307 4324 [ C8FD0209314FB599AB305584873F5915 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:34:44.0328 4324 RapportPG - ok
09:34:44.0343 4324 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:34:44.0385 4324 RasAcd - ok
09:34:44.0398 4324 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:34:44.0441 4324 RasAuto - ok
09:34:44.0459 4324 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:44.0501 4324 Rasl2tp - ok
09:34:44.0531 4324 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:34:44.0574 4324 RasMan - ok
09:34:44.0615 4324 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:44.0651 4324 RasPppoe - ok
09:34:44.0667 4324 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:34:44.0690 4324 RasSstp - ok
09:34:44.0718 4324 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:34:44.0749 4324 rdbss - ok
09:34:44.0761 4324 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:44.0799 4324 RDPCDD - ok
09:34:44.0822 4324 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:34:44.0858 4324 rdpdr - ok
09:34:44.0863 4324 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:34:44.0898 4324 RDPENCDD - ok
09:34:44.0940 4324 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:34:44.0976 4324 RDPWD - ok
09:34:45.0028 4324 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:34:45.0083 4324 RemoteAccess - ok
09:34:45.0110 4324 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:34:45.0156 4324 RemoteRegistry - ok
09:34:45.0227 4324 [ BCE6C43C6FA11FA3C3A8DDCADC426587 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:34:45.0251 4324 RichVideo ( UnsignedFile.Multi.Generic ) - warning
09:34:45.0251 4324 RichVideo - detected UnsignedFile.Multi.Generic (1)
09:34:45.0289 4324 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:34:45.0311 4324 RpcLocator - ok
09:34:45.0345 4324 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:34:45.0379 4324 RpcSs - ok
09:34:45.0392 4324 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:34:45.0437 4324 rspndr - ok
09:34:45.0442 4324 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:34:45.0463 4324 SamSs - ok
09:34:45.0490 4324 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:34:45.0509 4324 sbp2port - ok
09:34:45.0549 4324 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:34:45.0578 4324 SCardSvr - ok
09:34:45.0623 4324 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:34:45.0715 4324 Schedule - ok
09:34:45.0740 4324 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:34:45.0768 4324 SCPolicySvc - ok
09:34:45.0805 4324 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:34:45.0853 4324 SDRSVC - ok
09:34:45.0863 4324 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:34:45.0910 4324 secdrv - ok
09:34:45.0919 4324 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:34:45.0965 4324 seclogon - ok
09:34:45.0983 4324 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
09:34:46.0030 4324 SENS - ok
09:34:46.0050 4324 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:34:46.0082 4324 Serenum - ok
09:34:46.0097 4324 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:34:46.0145 4324 Serial - ok
09:34:46.0160 4324 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:34:46.0192 4324 sermouse - ok
09:34:46.0277 4324 [ D0D2FF6132DB177A5192891A8CC9578C ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:34:46.0315 4324 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
09:34:46.0315 4324 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
09:34:46.0359 4324 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:34:46.0392 4324 SessionEnv - ok
09:34:46.0414 4324 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:34:46.0442 4324 sffdisk - ok
09:34:46.0458 4324 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:34:46.0491 4324 sffp_mmc - ok
09:34:46.0502 4324 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:34:46.0542 4324 sffp_sd - ok
09:34:46.0560 4324 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:34:46.0621 4324 sfloppy - ok
09:34:46.0653 4324 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:34:46.0690 4324 SharedAccess - ok
09:34:46.0725 4324 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:34:46.0770 4324 ShellHWDetection - ok
09:34:46.0803 4324 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:34:46.0823 4324 sisagp - ok
09:34:46.0844 4324 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:34:46.0864 4324 SiSRaid2 - ok
09:34:46.0917 4324 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:34:46.0938 4324 SiSRaid4 - ok
09:34:47.0002 4324 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:34:47.0021 4324 SkypeUpdate - ok
09:34:47.0119 4324 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:34:47.0257 4324 slsvc - ok
09:34:47.0319 4324 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:34:47.0358 4324 SLUINotify - ok
09:34:47.0384 4324 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:34:47.0434 4324 Smb - ok
09:34:47.0464 4324 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:34:47.0486 4324 SNMPTRAP - ok
09:34:47.0493 4324 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:34:47.0512 4324 spldr - ok
09:34:47.0535 4324 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:34:47.0588 4324 Spooler - ok
09:34:47.0654 4324 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:34:47.0705 4324 srv - ok
09:34:47.0730 4324 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:34:47.0786 4324 srv2 - ok
09:34:47.0819 4324 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:34:47.0849 4324 srvnet - ok
09:34:47.0865 4324 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:34:47.0913 4324 SSDPSRV - ok
09:34:47.0954 4324 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:34:47.0978 4324 SstpSvc - ok
09:34:48.0038 4324 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:34:48.0103 4324 stisvc - ok
09:34:48.0122 4324 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:34:48.0142 4324 swenum - ok
09:34:48.0172 4324 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:34:48.0217 4324 swprv - ok
09:34:48.0233 4324 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:34:48.0252 4324 Symc8xx - ok
09:34:48.0283 4324 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:34:48.0302 4324 Sym_hi - ok
09:34:48.0332 4324 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:34:48.0352 4324 Sym_u3 - ok
09:34:48.0392 4324 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:34:48.0486 4324 SysMain - ok
09:34:48.0513 4324 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:34:48.0554 4324 TabletInputService - ok
09:34:48.0596 4324 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:34:48.0628 4324 TapiSrv - ok
09:34:48.0662 4324 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:34:48.0706 4324 TBS - ok
09:34:48.0750 4324 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:34:48.0813 4324 Tcpip - ok
09:34:48.0843 4324 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:34:48.0888 4324 Tcpip6 - ok
09:34:48.0918 4324 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:34:48.0951 4324 tcpipreg - ok
09:34:48.0969 4324 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:34:49.0015 4324 TDPIPE - ok
09:34:49.0037 4324 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:34:49.0069 4324 TDTCP - ok
09:34:49.0087 4324 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:34:49.0115 4324 tdx - ok
09:34:49.0126 4324 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:34:49.0147 4324 TermDD - ok
09:34:49.0167 4324 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:34:49.0226 4324 TermService - ok
09:34:49.0255 4324 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:34:49.0280 4324 Themes - ok
09:34:49.0288 4324 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:34:49.0321 4324 THREADORDER - ok
09:34:49.0342 4324 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:34:49.0394 4324 TrkWks - ok
09:34:49.0427 4324 [ A919775C03303D0E0690B315D26A5E1D ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
09:34:49.0455 4324 Trufos ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0455 4324 Trufos - detected UnsignedFile.Multi.Generic (1)
09:34:49.0492 4324 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:34:49.0518 4324 TrustedInstaller - ok
09:34:49.0535 4324 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:49.0574 4324 tssecsrv - ok
09:34:49.0618 4324 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:34:49.0649 4324 tunmp - ok
09:34:49.0677 4324 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:34:49.0699 4324 tunnel - ok
09:34:49.0802 4324 [ 2E5D83D83E7CAEF75755DF8A129B55FC ] TVECapSvc C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
09:34:49.0818 4324 TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0818 4324 TVECapSvc - detected UnsignedFile.Multi.Generic (1)
09:34:49.0831 4324 [ 138C9116607D98F52C7B1729D22B5B90 ] TVESched C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
09:34:49.0844 4324 TVESched ( UnsignedFile.Multi.Generic ) - warning
09:34:49.0844 4324 TVESched - detected UnsignedFile.Multi.Generic (1)
09:34:49.0891 4324 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:34:49.0911 4324 uagp35 - ok
09:34:49.0939 4324 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:34:49.0969 4324 udfs - ok
09:34:49.0995 4324 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:34:50.0032 4324 UI0Detect - ok
09:34:50.0041 4324 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:34:50.0062 4324 uliagpkx - ok
09:34:50.0084 4324 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:34:50.0109 4324 uliahci - ok
09:34:50.0131 4324 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:34:50.0151 4324 UlSata - ok
09:34:50.0178 4324 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:34:50.0199 4324 ulsata2 - ok
09:34:50.0219 4324 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:34:50.0251 4324 umbus - ok
09:34:50.0322 4324 [ 97AF0BFAC3AB8343E37E19C551E7D9FA ] Update Server C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
09:34:50.0347 4324 Update Server - ok
09:34:50.0408 4324 [ 170CA3CFF192F21062776DEF52047FC4 ] Updatesrv C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
09:34:50.0426 4324 Updatesrv - ok
09:34:50.0441 4324 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:34:50.0484 4324 upnphost - ok
09:34:50.0521 4324 upperdev - ok
09:34:50.0575 4324 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:34:50.0610 4324 USBAAPL - ok
09:34:50.0673 4324 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:34:50.0719 4324 usbaudio - ok
09:34:50.0749 4324 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:50.0789 4324 usbccgp - ok
09:34:50.0815 4324 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:34:50.0875 4324 usbcir - ok
09:34:50.0929 4324 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:34:50.0965 4324 usbehci - ok
09:34:50.0993 4324 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:34:51.0023 4324 usbhub - ok
09:34:51.0040 4324 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:34:51.0094 4324 usbohci - ok
09:34:51.0124 4324 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:34:51.0156 4324 usbprint - ok
09:34:51.0174 4324 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:34:51.0222 4324 usbscan - ok
09:34:51.0276 4324 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
09:34:51.0304 4324 usbser - ok
09:34:51.0308 4324 UsbserFilt - ok
09:34:51.0341 4324 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:51.0370 4324 USBSTOR - ok
09:34:51.0383 4324 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:34:51.0424 4324 usbuhci - ok
09:34:51.0452 4324 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:34:51.0493 4324 UxSms - ok
09:34:51.0530 4324 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:34:51.0607 4324 vds - ok
09:34:51.0628 4324 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:51.0679 4324 vga - ok
09:34:51.0698 4324 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:34:51.0743 4324 VgaSave - ok
09:34:51.0764 4324 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:34:51.0784 4324 viaagp - ok
09:34:51.0797 4324 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:34:51.0830 4324 ViaC7 - ok
09:34:51.0843 4324 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:34:51.0862 4324 viaide - ok
09:34:51.0868 4324 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:34:51.0888 4324 volmgr - ok
09:34:51.0921 4324 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:34:51.0947 4324 volmgrx - ok
09:34:51.0983 4324 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:34:52.0007 4324 volsnap - ok
09:34:52.0045 4324 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:34:52.0067 4324 vsmraid - ok
09:34:52.0118 4324 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:34:52.0214 4324 VSS - ok
09:34:52.0218 4324 VSSERV - ok
09:34:52.0247 4324 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:34:52.0280 4324 W32Time - ok
09:34:52.0314 4324 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:34:52.0374 4324 WacomPen - ok
09:34:52.0385 4324 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:34:52.0417 4324 Wanarp - ok
09:34:52.0421 4324 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:34:52.0449 4324 Wanarpv6 - ok
09:34:52.0478 4324 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:34:52.0510 4324 wcncsvc - ok
09:34:52.0536 4324 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:34:52.0565 4324 WcsPlugInService - ok
09:34:52.0605 4324 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:34:52.0626 4324 Wd - ok
09:34:52.0660 4324 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:34:52.0714 4324 Wdf01000 - ok
09:34:52.0746 4324 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:34:52.0826 4324 WdiServiceHost - ok
09:34:52.0831 4324 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:34:52.0865 4324 WdiSystemHost - ok
09:34:52.0918 4324 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:34:52.0958 4324 WebClient - ok
09:34:52.0994 4324 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:34:53.0031 4324 Wecsvc - ok
09:34:53.0046 4324 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:34:53.0075 4324 wercplsupport - ok
09:34:53.0110 4324 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:34:53.0140 4324 WerSvc - ok
09:34:53.0190 4324 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:34:53.0215 4324 WinDefend - ok
09:34:53.0222 4324 WinHttpAutoProxySvc - ok
09:34:53.0259 4324 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:34:53.0288 4324 Winmgmt - ok
09:34:53.0344 4324 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:34:53.0455 4324 WinRM - ok
09:34:53.0494 4324 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:34:53.0565 4324 Wlansvc - ok
09:34:53.0630 4324 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:34:53.0668 4324 WmiAcpi - ok
09:34:53.0700 4324 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:34:53.0758 4324 wmiApSrv - ok
09:34:53.0795 4324 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:34:53.0847 4324 WMPNetworkSvc - ok
09:34:53.0876 4324 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:34:53.0913 4324 WPCSvc - ok
09:34:53.0941 4324 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:34:53.0985 4324 WPDBusEnum - ok
09:34:54.0029 4324 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:34:54.0052 4324 WpdUsb - ok
09:34:54.0146 4324 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:34:54.0230 4324 WPFFontCache_v0400 - ok
09:34:54.0288 4324 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:34:54.0338 4324 ws2ifsl - ok
09:34:54.0398 4324 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
09:34:54.0428 4324 wscsvc - ok
09:34:54.0433 4324 WSearch - ok
09:34:54.0501 4324 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:34:54.0589 4324 wuauserv - ok
09:34:54.0628 4324 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:54.0661 4324 WUDFRd - ok
09:34:54.0722 4324 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:34:54.0755 4324 wudfsvc - ok
09:34:54.0802 4324 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
09:34:54.0821 4324 X10Hid - ok
09:34:54.0877 4324 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
09:34:54.0887 4324 x10nets ( UnsignedFile.Multi.Generic ) - warning
09:34:54.0887 4324 x10nets - detected UnsignedFile.Multi.Generic (1)
09:34:54.0935 4324 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
09:34:54.0953 4324 XUIF - ok
09:34:54.0959 4324 ================ Scan global ===============================
09:34:54.0981 4324 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:34:55.0013 4324 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:34:55.0036 4324 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:34:55.0061 4324 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:34:55.0066 4324 [Global] - ok
09:34:55.0066 4324 ================ Scan MBR ==================================
09:34:55.0082 4324 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:34:55.0488 4324 \Device\Harddisk0\DR0 - ok
09:34:55.0488 4324 ================ Scan VBR ==================================
09:34:55.0517 4324 [ D4652EC56796BFA8B6C4C3904E3FB926 ] \Device\Harddisk0\DR0\Partition1
09:34:55.0519 4324 \Device\Harddisk0\DR0\Partition1 - ok
09:34:55.0548 4324 [ 1C5DE1D592E9DD1F0B6DAD3DBB2B77AD ] \Device\Harddisk0\DR0\Partition2
09:34:55.0549 4324 \Device\Harddisk0\DR0\Partition2 - ok
09:34:55.0550 4324 ============================================================
09:34:55.0550 4324 Scan finished
09:34:55.0550 4324 ============================================================
09:34:55.0559 2104 Detected object count: 10
09:34:55.0559 2104 Actual detected object count: 10
09:35:34.0386 2104 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0386 2104 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0387 2104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0387 2104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0389 2104 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0389 2104 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0390 2104 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0390 2104 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0391 2104 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0391 2104 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0392 2104 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0392 2104 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0393 2104 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0393 2104 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0394 2104 TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0394 2104 TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0395 2104 TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0395 2104 TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:35:34.0395 2104 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
09:35:34.0396 2104 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.09.2012, 13:13
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 17:15
| #23 |
| | Computer gesperrt durch Bundespolizei hmm scheint irgendwie zu hängen der cf... läuft seit 3Stunden und zeigt an Fertiggestellt Stufe_45 und cursor blinkt... soll ich nochmal starten oder warten? oder was? also es läuft noch,... jetzt isser bei Stufe_47 zu Beginn des Scans meinte dasProgramm, dass im Normalfall der Scan so 10min. dauert, in stark verseuchten Fällen auch mal doppelt so lange,... lol,.. was isn dann bei 4 Stunden mit meinem Rechner los,.. hehe,.. Brutstätte  |
|
01.10.2012, 16:52
| #24 |
| | Computer gesperrt durch Bundespolizei also er hing dann stundenlang bei stufe48, cursor blinkte aber es ging nix weiter. ich hab den rechner dann runtergefahren und das ganze prozedere heute nochmal probiert... mit exakt dem gleichen ergebnis. nach stunden war er bei stufe 48 angelangt, wo er jetzt auch schon wieder seit 2 stunden hängt,...  Was soll ich machen? Tips? Anregungen? WOW! Was lange wärt wird endlich gut. Das Baby ist die Nacht durchgerattert und eben tatsächlich zum Ende gelangt. Jetzt gibt es auch die heiss ersehnte log-datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-30.01 - zankit 01.10.2012 10:12:18.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3069.1861 [GMT 2:00]
ausgeführt von:: c:\users\zankit\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WindowsUpdate.log . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-02 bis 2012-10-02 ))))))))))))))))))))))))))))))
.
.
2012-10-02 08:50 . 2012-10-02 09:03 -------- d-----w- c:\users\zankit\AppData\Local\temp
2012-10-02 08:50 . 2012-10-02 08:50 -------- d-----w- c:\users\kaba\AppData\Local\temp
2012-09-27 15:58 . 2012-09-27 15:58 -------- d-----w- C:\_OTL
2012-09-26 16:11 . 2008-03-17 13:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2012-09-20 08:13 . 2012-09-20 08:13 -------- d-----w- c:\users\zankit\AppData\Roaming\Malwarebytes
2012-09-20 08:13 . 2012-09-20 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 08:13 . 2012-09-20 08:13 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 08:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 14:27 . 2012-09-13 14:26 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 09:07 . 2012-09-07 09:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-09-03 17:32 . 2012-09-04 12:50 -------- d-----w- c:\users\zankit\AppData\Roaming\Ahnenblatt
2012-09-03 17:32 . 2012-09-03 17:32 -------- d-----w- c:\program files\Ahnenblatt
2012-09-03 17:29 . 2000-05-22 14:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-09-03 17:29 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\msmapi32.ocx
2012-09-03 17:29 . 2012-09-04 08:50 -------- d-----w- c:\program files\MyHeritage
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 16:20 . 2012-05-22 06:56 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-26 16:20 . 2011-11-30 10:18 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 14:26 . 2011-08-29 07:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:02 . 2012-08-17 06:45 2047488 ----a-w- c:\windows\system32\win32k.sys
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-08-12 06:13 . 2011-08-26 09:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-14 08:41 . 2010-02-09 12:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-02 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-11 1451928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
.
c:\users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-14 08:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
bdx REG_MULTI_SZ sysagent
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 16:20]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:53]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\zankit\AppData\Roaming\Mozilla\Firefox\Profiles\m914852j.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-02 11:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5524)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\BROWSEUI.dll
c:\users\zankit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\dbghelp.dll
c:\program files\BitDefender\BitDefender 2011\pchook32.dll
c:\windows\system32\timedate.cpl
c:\windows\System32\NaturalLanguage6.dll
c:\windows\system32\stobject.dll
c:\windows\System32\npmproxy.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\srchadmin.dll
c:\windows\system32\wscntfy.dll
c:\windows\system32\WSCAPI.dll
c:\windows\System32\QAgent.dll
c:\windows\System32\davclnt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\BitDefender\BitDefender 2011\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
c:\windows\system32\CLWatson.exe
c:\program files\BitDefender\BitDefender 2011\updatesrv.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
c:\windows\system32\CLWatson.exe
c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-02 11:13:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-02 09:13
.
Vor Suchlauf: 8 Verzeichnis(se), 319.389.745.152 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 321.821.179.904 Bytes frei
.
- - End Of File - - 43E3829B56E68A5C8C666183B7D71D33
|
|
02.10.2012, 13:04
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 20:45
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Warum im Anhang? Du sollst doch alle Logs nach Möglichkeit direkt posten und in CODE-Tags
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 11:32
| #28 |
| | Computer gesperrt durch Bundespolizei sorry, dachte wenn du die *.txt Datei haben willst, möchtest du einen Anhang,.. hier also als Code tags: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:38:25 on 02.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 11.64 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avc3" (avc3) - "BitDefender" - C:\Windows\System32\DRIVERS\avc3.sys "avckf" (avckf) - "BitDefender" - C:\Windows\System32\DRIVERS\avckf.sys "BDFM" (bdfm) - "BitDefender S.R.L. Bucharest, ROMANIA" - C:\Windows\System32\DRIVERS\bdfm.sys "bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys "bdftdif" (Bdftdif) - "BitDefender LLC" - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys "bdselfpr" (bdselfpr) - "BitDefender LLC" - C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys "catchme" (catchme) - ? - C:\Users\zankit\AppData\Local\Temp\catchme.sys (File not found) "EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwddauog" (kwddauog) - ? - C:\Users\zankit\AppData\Local\Temp\kwddauog.sys (Hidden registry entry, rootkit activity | File not found) "mbr" (mbr) - ? - C:\Users\zankit\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys "RapportCerberus_42020" (RapportCerberus_42020) - ? - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys (File found, but it contains no detailed information) "RapportEI" (RapportEI) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys "RapportIaso" (RapportIaso) - "Trusteer Ltd." - c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys "RapportKELL" (RapportKELL) - "Trusteer Ltd." - C:\Windows\System32\Drivers\RapportKELL.sys "RapportPG" (RapportPG) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys "Trufos" (Trufos) - "BitDefender S.R.L." - C:\Windows\System32\DRIVERS\Trufos.sys "upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys (File not found) "UsbserFilt" (UsbserFilt) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_278.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? - (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {381FFDE8-2394-4F90-B10D-FC6124A40F8C} "Bitdefender Toolbar" - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\zankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\zankit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "BDAgent" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" "BitDefender Antiphishing Helper" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide "NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "BitDefender Desktop Update Service" (Updatesrv) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe "BitDefender Update Server v2" (Update Server) - "BitDefender" - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe "BitDefender Virus Shield" (VSSERV) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "Rapport Management Service" (RapportMgmtService) - "Trusteer Ltd." - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe "TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 18:40:24
-----------------------------
18:40:24.864 OS Version: Windows 6.0.6002 Service Pack 2
18:40:24.864 Number of processors: 4 586 0xF0B
18:40:24.866 ComputerName: ZANKIT-SERVER UserName: zankit
18:40:28.435 Initialize success
18:42:20.423 AVAST engine defs: 12100200
18:42:43.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:42:43.194 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:42:43.374 Disk 0 MBR read successfully
18:42:43.376 Disk 0 MBR scan
18:42:43.383 Disk 0 Windows VISTA default MBR code
18:42:43.488 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456454 MB offset 2048
18:42:43.495 Disk 0 Partition - 00 0F Extended LBA 20482 MB offset 934819840
18:42:43.625 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20482 MB offset 934819903
18:42:43.745 Disk 0 scanning sectors +976768065
18:42:44.248 Disk 0 scanning C:\Windows\system32\drivers
18:44:28.334 Service scanning
18:44:52.664 Modules scanning
18:46:22.838 Disk 0 trace - called modules:
18:46:22.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:46:22.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x891e4208]
18:46:22.900 3 CLASSPNP.SYS[8d9b28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x88599028]
18:46:23.996 AVAST engine scan C:\Windows
18:49:11.567 AVAST engine scan C:\Windows\system32
19:03:56.260 AVAST engine scan C:\Windows\system32\drivers
19:08:35.499 AVAST engine scan C:\Users\zankit
20:12:11.224 AVAST engine scan C:\ProgramData
20:34:23.050 Disk 0 MBR has been saved successfully to "C:\Users\zankit\Desktop\MBR.dat"
20:34:23.083 The log file has been saved successfully to "C:\Users\zankit\Desktop\aswMBR.txt"
|
|
03.10.2012, 18:54
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer gesperrt durch Bundespolizei Zu große Logs kann man zippen und dann anhängen Das aber wirklich nur dann machen wenn die Logs zu große sind
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2012, 09:59
| #30 |
| | Computer gesperrt durch Bundespolizei ahja zip, genau, gute idee |
|
| Themen zu Computer gesperrt durch Bundespolizei |
| abgesicherten, ahnung, bereit, bundestrojaner, computer, datei, eingefangen, freunde, gefangen, gen, gesperrt, gmer, hoffe, interne, kein update, kopieren, laptop, malware update, modus, rechner, rules.ref, schlecht, schonmal, stick, trojaner, update, vista, wirklich, zwecks |
Linear-Darstellung
