| ![]() Polizeivirus Österreich Hallo, habe mir heute den Polizeivirus Österreich eingefangen. Leider hilft was caspersky windowsunlock tool nicht weiter. Ich kann auch nicht im savemode starten ohne, daß dier Desktop gesperrt wäre. Hab mir also mit der bootcd weitergeholfen. Anbei die olt-Logs, vielleicht kann mir jemand weiterhelfen. Danke, Gerhard |
hi
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O4 - Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) [2013/02/05 16:31:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Gerhard\7834578.exe [2013/02/05 17:58:12 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8754387.pad [2013/02/05 16:31:54 | 000,002,845 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8754387.js [2013/02/05 16:31:54 | 000,000,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\runctf.lnk :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
Vielen Dank!!!
__________________Ich habe inzwischen mit Linux gebootet und mit dem avg für Linux die Windows partition repariert (sorry, meine Ungeduld), leider aber die Files gleich gelöscht statt gemoved. Sorry, das feedback hält sich also in Grenzen. Files waren: 8754387.js 8754387.exe Ransomer.BOX und das .pad file Dennoch habe ich die verfügbaren files upgeloaded. Nun, das Windows bootet wieder einwandfrei, habe noch einen movedfiles.zip upgeloaded. Vielen Dank nochmal. PS: Vielleicht kann ich den Virus reproduzieren :-) ![]() |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizeivirus Österreich hi wenn du selbst arbeiten willst, sag bescheid, dann kann ich meine Zeit sinnvoller nutzen. wo hast du dir das eingefangen? falls du hier weitermachen willst: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten ps danke fürs hochladen
ps danke fürs hochladen
| ![]() Polizeivirus Österreich Gerne: Code:
ATTFilter 14:21:44.0218 4012 TDSS rootkit removing tool Oct 31 2012 21:47:35 14:21:44.0328 4012 ============================================================ 14:21:44.0328 4012 Current date / time: 2013/02/06 14:21:44.0328 14:21:44.0328 4012 SystemInfo: 14:21:44.0328 4012 14:21:44.0328 4012 OS Version: 5.1.2600 ServicePack: 3.0 14:21:44.0328 4012 Product type: Workstation 14:21:44.0328 4012 ComputerName: SERVER 14:21:44.0328 4012 UserName: Gerhard 14:21:44.0328 4012 Windows directory: C:\WINDOWS 14:21:44.0328 4012 System windows directory: C:\WINDOWS 14:21:44.0328 4012 Processor architecture: Intel x86 14:21:44.0328 4012 Number of processors: 2 14:21:44.0328 4012 Page size: 0x1000 14:21:44.0328 4012 Boot type: Normal boot 14:21:44.0328 4012 ============================================================ 14:21:47.0171 4012 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:21:47.0187 4012 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:21:47.0187 4012 ============================================================ 14:21:47.0187 4012 \Device\Harddisk0\DR0: 14:21:47.0187 4012 MBR partitions: 14:21:47.0187 4012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1 14:21:47.0187 4012 \Device\Harddisk1\DR1: 14:21:47.0187 4012 MBR partitions: 14:21:47.0187 4012 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x996055B, BlocksNum 0x13864026 14:21:47.0203 4012 ============================================================ 14:21:47.0218 4012 C: <-> \Device\Harddisk0\DR0\Partition1 14:21:47.0265 4012 F: <-> \Device\Harddisk1\DR1\Partition1 14:21:47.0265 4012 ============================================================ 14:21:47.0265 4012 Initialize success 14:21:47.0265 4012 ============================================================ 14:22:27.0218 1412 ============================================================ 14:22:27.0218 1412 Scan started 14:22:27.0218 1412 Mode: Manual; SigCheck; TDLFS; 14:22:27.0218 1412 ============================================================ 14:22:28.0625 1412 ================ Scan system memory ======================== 14:22:28.0625 1412 System memory - ok 14:22:28.0625 1412 ================ Scan services ============================= 14:22:28.0718 1412 Abiosdsk - ok 14:22:28.0718 1412 abp480n5 - ok 14:22:28.0750 1412 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:22:30.0296 1412 ACPI - ok 14:22:30.0328 1412 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 14:22:30.0531 1412 ACPIEC - ok 14:22:30.0593 1412 [ CAC0F76AB9A0C6F7E161D55D1F242393 ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe 14:22:30.0609 1412 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - warning 14:22:30.0609 1412 AcrSch2Svc - detected UnsignedFile.Multi.Generic (1) 14:22:30.0609 1412 adpu160m - ok 14:22:30.0640 1412 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 14:22:30.0812 1412 aec - ok 14:22:30.0828 1412 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 14:22:30.0921 1412 AFD - ok 14:22:30.0921 1412 Aha154x - ok 14:22:30.0937 1412 aic78u2 - ok 14:22:30.0937 1412 aic78xx - ok 14:22:30.0953 1412 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 14:22:31.0109 1412 Alerter - ok 14:22:31.0125 1412 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 14:22:31.0281 1412 ALG - ok 14:22:31.0296 1412 AliIde - ok 14:22:31.0296 1412 amsint - ok 14:22:31.0375 1412 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 14:22:31.0421 1412 AntiVirSchedulerService - ok 14:22:31.0453 1412 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 14:22:31.0468 1412 AntiVirService - ok 14:22:31.0500 1412 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:22:31.0531 1412 AntiVirWebService - ok 14:22:31.0687 1412 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:22:31.0703 1412 Apple Mobile Device - ok 14:22:31.0750 1412 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 14:22:31.0921 1412 AppMgmt - ok 14:22:31.0953 1412 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 14:22:32.0140 1412 Arp1394 - ok 14:22:32.0171 1412 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys 14:22:32.0203 1412 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning 14:22:32.0203 1412 ASAPIW2k - detected UnsignedFile.Multi.Generic (1) 14:22:32.0203 1412 asc - ok 14:22:32.0218 1412 asc3350p - ok 14:22:32.0218 1412 asc3550 - ok 14:22:32.0281 1412 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 14:22:32.0359 1412 aspnet_state - ok 14:22:32.0390 1412 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:22:32.0562 1412 AsyncMac - ok 14:22:32.0578 1412 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 14:22:32.0734 1412 atapi - ok 14:22:32.0734 1412 Atdisk - ok 14:22:32.0765 1412 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:22:32.0937 1412 Atmarpc - ok 14:22:32.0968 1412 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 14:22:33.0109 1412 AudioSrv - ok 14:22:33.0125 1412 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 14:22:33.0281 1412 audstub - ok 14:22:33.0296 1412 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 14:22:33.0406 1412 avgntflt - ok 14:22:33.0406 1412 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 14:22:33.0453 1412 avipbb - ok 14:22:33.0484 1412 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 14:22:33.0515 1412 avkmgr - ok 14:22:33.0562 1412 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 14:22:33.0562 1412 b57w2k ( UnsignedFile.Multi.Generic ) - warning 14:22:33.0578 1412 b57w2k - detected UnsignedFile.Multi.Generic (1) 14:22:33.0593 1412 [ 3D87B0484BE1093C6614062701F375C5 ] BASFND C:\Programme\Broadcom\BACS\BASFND.sys 14:22:33.0609 1412 BASFND ( UnsignedFile.Multi.Generic ) - warning 14:22:33.0609 1412 BASFND - detected UnsignedFile.Multi.Generic (1) 14:22:33.0640 1412 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 14:22:33.0812 1412 Beep - ok 14:22:33.0843 1412 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 14:22:34.0046 1412 BITS - ok 14:22:34.0109 1412 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 14:22:34.0140 1412 Bonjour Service - ok 14:22:34.0187 1412 [ 45E16CAAD017B3C0D820EB0C393A1DE2 ] BPowMon C:\Programme\Broadcom\BACS\BPowMon.exe 14:22:34.0187 1412 BPowMon ( UnsignedFile.Multi.Generic ) - warning 14:22:34.0187 1412 BPowMon - detected UnsignedFile.Multi.Generic (1) 14:22:34.0234 1412 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 14:22:34.0312 1412 Browser - ok 14:22:34.0390 1412 [ 0F5CA31BB3FDB5C1E63C170CFBECC93B ] CamDrL C:\WINDOWS\system32\DRIVERS\Camdrl.sys 14:22:34.0562 1412 CamDrL - ok 14:22:34.0609 1412 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 14:22:34.0781 1412 cbidf2k - ok 14:22:34.0828 1412 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 14:22:35.0000 1412 CCDECODE - ok 14:22:35.0015 1412 cd20xrnt - ok 14:22:35.0031 1412 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 14:22:35.0187 1412 Cdaudio - ok 14:22:35.0218 1412 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 14:22:35.0359 1412 Cdfs - ok 14:22:35.0375 1412 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:22:35.0531 1412 Cdrom - ok 14:22:35.0531 1412 Changer - ok 14:22:35.0578 1412 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 14:22:35.0765 1412 CiSvc - ok 14:22:35.0796 1412 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 14:22:35.0968 1412 ClipSrv - ok 14:22:35.0984 1412 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:22:36.0093 1412 clr_optimization_v2.0.50727_32 - ok 14:22:36.0109 1412 CmdIde - ok 14:22:36.0109 1412 COMSysApp - ok 14:22:36.0125 1412 Cpqarray - ok 14:22:36.0156 1412 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 14:22:36.0281 1412 CryptSvc - ok 14:22:36.0296 1412 dac2w2k - ok 14:22:36.0312 1412 dac960nt - ok 14:22:36.0328 1412 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 14:22:36.0375 1412 DcomLaunch - ok 14:22:36.0406 1412 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 14:22:36.0546 1412 Dhcp - ok 14:22:36.0562 1412 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 14:22:36.0734 1412 Disk - ok 14:22:36.0750 1412 dmadmin - ok 14:22:36.0812 1412 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 14:22:37.0109 1412 dmboot - ok 14:22:37.0140 1412 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 14:22:37.0312 1412 dmio - ok 14:22:37.0328 1412 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 14:22:37.0484 1412 dmload - ok 14:22:37.0515 1412 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 14:22:37.0640 1412 dmserver - ok 14:22:37.0656 1412 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 14:22:37.0812 1412 DMusic - ok 14:22:37.0843 1412 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 14:22:37.0921 1412 Dnscache - ok 14:22:37.0953 1412 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 14:22:38.0109 1412 Dot3svc - ok 14:22:38.0125 1412 dpti2o - ok 14:22:38.0140 1412 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 14:22:38.0296 1412 drmkaud - ok 14:22:38.0312 1412 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 14:22:38.0343 1412 dtsoftbus01 - ok 14:22:38.0375 1412 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 14:22:38.0531 1412 EapHost - ok 14:22:38.0562 1412 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 14:22:38.0625 1412 ElbyCDFL - ok 14:22:38.0640 1412 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 14:22:38.0687 1412 ElbyCDIO - ok 14:22:38.0718 1412 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 14:22:38.0859 1412 ERSvc - ok 14:22:38.0890 1412 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 14:22:38.0937 1412 Eventlog - ok 14:22:38.0984 1412 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll 14:22:39.0015 1412 EventSystem - ok 14:22:39.0046 1412 [ FBC0E085A5BECBA5DD3C401EEB6E45BB ] Ext2fs C:\WINDOWS\system32\DRIVERS\ext2fs.sys 14:22:39.0078 1412 Ext2fs ( UnsignedFile.Multi.Generic ) - warning 14:22:39.0078 1412 Ext2fs - detected UnsignedFile.Multi.Generic (1) 14:22:39.0125 1412 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 14:22:39.0296 1412 Fastfat - ok 14:22:39.0328 1412 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 14:22:39.0390 1412 FastUserSwitchingCompatibility - ok 14:22:39.0406 1412 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 14:22:39.0578 1412 Fdc - ok 14:22:39.0593 1412 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 14:22:39.0750 1412 Fips - ok 14:22:39.0765 1412 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 14:22:39.0906 1412 Flpydisk - ok 14:22:39.0937 1412 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 14:22:40.0078 1412 FltMgr - ok 14:22:40.0156 1412 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 14:22:40.0218 1412 FontCache3.0.0.0 - ok 14:22:40.0218 1412 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:22:40.0375 1412 Fs_Rec - ok 14:22:40.0390 1412 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:22:40.0546 1412 Ftdisk - ok 14:22:40.0593 1412 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 14:22:40.0640 1412 GEARAspiWDM - ok 14:22:40.0656 1412 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:22:40.0812 1412 Gpc - ok 14:22:40.0859 1412 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 14:22:40.0937 1412 gusvc - ok 14:22:41.0031 1412 [ 593FA686FC0A5993784271F8EF6DB596 ] HauppaugeTVServer C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe 14:22:41.0062 1412 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning 14:22:41.0062 1412 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1) 14:22:41.0109 1412 [ D5D7E646FD544E88FFAFB1C412C4D935 ] HCW88AUD C:\WINDOWS\system32\drivers\hcw88aud.sys 14:22:41.0203 1412 HCW88AUD - ok 14:22:41.0250 1412 [ 9B258D99FB13B47AEB74A45CFDCAA900 ] HCW88BDA C:\WINDOWS\system32\drivers\hcw88bda.sys 14:22:41.0359 1412 HCW88BDA - ok 14:22:41.0406 1412 [ 36ADEA382505758ADE5D0AAF1B04B9C5 ] hcw88rc5 C:\WINDOWS\system32\Drivers\hcw88rc5.sys 14:22:41.0500 1412 hcw88rc5 - ok 14:22:41.0562 1412 [ F087BA0417459F77640390366A090E8A ] HCW88TSE C:\WINDOWS\system32\drivers\hcw88tse.sys 14:22:41.0718 1412 HCW88TSE - ok 14:22:41.0734 1412 [ 65A48741BDA062B52D7E436BA985CD1C ] HCW88TUNE C:\WINDOWS\system32\drivers\hcw88tun.sys 14:22:41.0781 1412 HCW88TUNE - ok 14:22:41.0843 1412 [ 60DDBC46D61AA63406D3F88831D06184 ] hcw88vid C:\WINDOWS\system32\drivers\hcw88vid.sys 14:22:41.0968 1412 hcw88vid - ok 14:22:42.0000 1412 [ 0329F81C379ED71984CBF318150ACAF5 ] HCW88XBAR C:\WINDOWS\system32\drivers\HCW88BAR.sys 14:22:42.0046 1412 HCW88XBAR - ok 14:22:42.0109 1412 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:22:42.0234 1412 helpsvc - ok 14:22:42.0250 1412 HidServ - ok 14:22:42.0296 1412 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:22:42.0437 1412 HidUsb - ok 14:22:42.0453 1412 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 14:22:42.0609 1412 hkmsvc - ok 14:22:42.0625 1412 hpn - ok 14:22:42.0656 1412 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 14:22:42.0734 1412 HTTP - ok 14:22:42.0781 1412 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 14:22:42.0937 1412 HTTPFilter - ok 14:22:42.0953 1412 i2omgmt - ok 14:22:42.0953 1412 i2omp - ok 14:22:42.0984 1412 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:22:43.0125 1412 i8042prt - ok 14:22:43.0171 1412 [ 16F8DE7A7F9023AAC04DEC6A8A264441 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 14:22:43.0328 1412 ialm ( UnsignedFile.Multi.Generic ) - warning 14:22:43.0328 1412 ialm - detected UnsignedFile.Multi.Generic (1) 14:22:43.0468 1412 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:22:43.0765 1412 idsvc - ok 14:22:43.0796 1412 [ F3F825FCC70471FD967126E1871B2CDC ] IfsMount C:\WINDOWS\system32\DRIVERS\ifsmount.sys 14:22:43.0828 1412 IfsMount ( UnsignedFile.Multi.Generic ) - warning 14:22:43.0828 1412 IfsMount - detected UnsignedFile.Multi.Generic (1) 14:22:43.0843 1412 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 14:22:44.0000 1412 Imapi - ok 14:22:44.0031 1412 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe 14:22:44.0156 1412 ImapiService - ok 14:22:44.0171 1412 ini910u - ok 14:22:44.0171 1412 IntelIde - ok 14:22:44.0203 1412 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:22:44.0343 1412 intelppm - ok 14:22:44.0375 1412 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 14:22:44.0531 1412 ip6fw - ok 14:22:44.0578 1412 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:22:44.0750 1412 IpFilterDriver - ok 14:22:44.0796 1412 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:22:44.0953 1412 IpInIp - ok 14:22:44.0984 1412 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:22:45.0140 1412 IpNat - ok 14:22:45.0234 1412 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe 14:22:45.0296 1412 iPod Service - ok 14:22:45.0328 1412 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:22:45.0468 1412 IPSec - ok 14:22:45.0500 1412 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 14:22:45.0656 1412 IRENUM - ok 14:22:45.0687 1412 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:22:45.0843 1412 isapnp - ok 14:22:45.0890 1412 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 14:22:45.0906 1412 JavaQuickStarterService - ok 14:22:45.0921 1412 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:22:46.0078 1412 Kbdclass - ok 14:22:46.0093 1412 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 14:22:46.0250 1412 kbdhid - ok 14:22:46.0265 1412 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 14:22:46.0406 1412 kmixer - ok 14:22:46.0468 1412 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 14:22:46.0593 1412 KSecDD - ok 14:22:46.0640 1412 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 14:22:46.0687 1412 lanmanserver - ok 14:22:46.0734 1412 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 14:22:46.0812 1412 lanmanworkstation - ok 14:22:46.0812 1412 lbrtfdc - ok 14:22:46.0859 1412 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 14:22:47.0000 1412 LmHosts - ok 14:22:47.0015 1412 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys 14:22:47.0046 1412 LVUSBSta - ok 14:22:47.0078 1412 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 14:22:47.0234 1412 Messenger - ok 14:22:47.0250 1412 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 14:22:47.0390 1412 mnmdd - ok 14:22:47.0437 1412 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 14:22:47.0593 1412 mnmsrvc - ok 14:22:47.0625 1412 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 14:22:47.0812 1412 Modem - ok 14:22:47.0828 1412 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:22:47.0984 1412 Mouclass - ok 14:22:48.0000 1412 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 14:22:48.0140 1412 MountMgr - ok 14:22:48.0187 1412 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys 14:22:48.0343 1412 MPE - ok 14:22:48.0359 1412 mraid35x - ok 14:22:48.0375 1412 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:22:48.0546 1412 MRxDAV - ok 14:22:48.0578 1412 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:22:48.0671 1412 MRxSmb - ok 14:22:48.0718 1412 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe 14:22:48.0875 1412 MSDTC - ok 14:22:48.0906 1412 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 14:22:49.0046 1412 Msfs - ok 14:22:49.0046 1412 MSIServer - ok 14:22:49.0078 1412 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:22:49.0234 1412 MSKSSRV - ok 14:22:49.0250 1412 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:22:49.0390 1412 MSPCLOCK - ok 14:22:49.0406 1412 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 14:22:49.0546 1412 MSPQM - ok 14:22:49.0562 1412 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:22:49.0703 1412 mssmbios - ok 14:22:49.0734 1412 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 14:22:49.0875 1412 MSTEE - ok 14:22:49.0906 1412 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 14:22:49.0968 1412 Mup - ok 14:22:50.0000 1412 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 14:22:50.0156 1412 NABTSFEC - ok 14:22:50.0203 1412 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 14:22:50.0390 1412 napagent - ok 14:22:50.0421 1412 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 14:22:50.0578 1412 NDIS - ok 14:22:50.0609 1412 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 14:22:50.0765 1412 NdisIP - ok 14:22:50.0781 1412 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:22:50.0843 1412 NdisTapi - ok 14:22:50.0859 1412 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:22:51.0015 1412 Ndisuio - ok 14:22:51.0031 1412 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:22:51.0187 1412 NdisWan - ok 14:22:51.0203 1412 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 14:22:51.0250 1412 NDProxy - ok 14:22:51.0375 1412 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe 14:22:51.0453 1412 Nero BackItUp Scheduler 3 - ok 14:22:51.0484 1412 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 14:22:51.0640 1412 NetBIOS - ok 14:22:51.0656 1412 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 14:22:51.0921 1412 NetBT - ok 14:22:51.0953 1412 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 14:22:52.0109 1412 NetDDE - ok 14:22:52.0125 1412 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 14:22:52.0234 1412 NetDDEdsdm - ok 14:22:52.0265 1412 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe 14:22:52.0390 1412 Netlogon - ok 14:22:52.0406 1412 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 14:22:52.0546 1412 Netman - ok 14:22:52.0609 1412 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:22:52.0656 1412 NetTcpPortSharing - ok 14:22:52.0687 1412 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 14:22:52.0812 1412 NIC1394 - ok 14:22:52.0843 1412 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 14:22:52.0875 1412 Nla - ok 14:22:52.0968 1412 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe 14:22:53.0015 1412 NMIndexingService - ok 14:22:53.0046 1412 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 14:22:53.0171 1412 Npfs - ok 14:22:53.0203 1412 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 14:22:53.0390 1412 Ntfs - ok 14:22:53.0406 1412 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 14:22:53.0531 1412 NtLmSsp - ok 14:22:53.0578 1412 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 14:22:53.0781 1412 NtmsSvc - ok 14:22:53.0781 1412 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 14:22:53.0937 1412 Null - ok 14:22:53.0968 1412 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:22:54.0125 1412 NwlnkFlt - ok 14:22:54.0156 1412 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:22:54.0328 1412 NwlnkFwd - ok 14:22:54.0359 1412 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 14:22:54.0500 1412 ohci1394 - ok 14:22:54.0562 1412 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 14:22:54.0609 1412 ose - ok 14:22:54.0640 1412 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 14:22:54.0796 1412 Parport - ok 14:22:54.0812 1412 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 14:22:54.0968 1412 PartMgr - ok 14:22:55.0000 1412 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 14:22:55.0140 1412 ParVdm - ok 14:22:55.0171 1412 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 14:22:55.0328 1412 PCI - ok 14:22:55.0328 1412 PCIDump - ok 14:22:55.0343 1412 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 14:22:55.0500 1412 PCIIde - ok 14:22:55.0531 1412 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 14:22:55.0703 1412 Pcmcia - ok 14:22:55.0703 1412 PDCOMP - ok 14:22:55.0718 1412 PDFRAME - ok 14:22:55.0718 1412 PDRELI - ok 14:22:55.0734 1412 PDRFRAME - ok 14:22:55.0734 1412 perc2 - ok 14:22:55.0750 1412 perc2hib - ok 14:22:55.0812 1412 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe 14:22:55.0828 1412 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 14:22:55.0828 1412 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 14:22:55.0843 1412 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 14:22:55.0875 1412 PlugPlay - ok 14:22:55.0875 1412 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe 14:22:56.0000 1412 PolicyAgent - ok 14:22:56.0031 1412 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:22:56.0187 1412 PptpMiniport - ok 14:22:56.0203 1412 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 14:22:56.0343 1412 Processor - ok 14:22:56.0359 1412 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 14:22:56.0484 1412 ProtectedStorage - ok 14:22:56.0500 1412 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys 14:22:56.0531 1412 psadd - ok 14:22:56.0546 1412 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 14:22:56.0687 1412 PSched - ok 14:22:56.0703 1412 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:22:56.0875 1412 Ptilink - ok 14:22:56.0906 1412 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 14:22:56.0937 1412 PxHelp20 - ok 14:22:56.0937 1412 ql1080 - ok 14:22:56.0953 1412 Ql10wnt - ok 14:22:56.0953 1412 ql12160 - ok 14:22:56.0968 1412 ql1240 - ok 14:22:56.0968 1412 ql1280 - ok 14:22:56.0984 1412 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:22:57.0140 1412 RasAcd - ok 14:22:57.0171 1412 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 14:22:57.0328 1412 RasAuto - ok 14:22:57.0343 1412 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:22:57.0484 1412 Rasl2tp - ok 14:22:57.0546 1412 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 14:22:57.0703 1412 RasMan - ok 14:22:57.0718 1412 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:22:57.0875 1412 RasPppoe - ok 14:22:57.0890 1412 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 14:22:58.0046 1412 Raspti - ok 14:22:58.0062 1412 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:22:58.0218 1412 Rdbss - ok 14:22:58.0234 1412 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:22:58.0375 1412 RDPCDD - ok 14:22:58.0390 1412 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:22:58.0562 1412 rdpdr - ok 14:22:58.0609 1412 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 14:22:58.0687 1412 RDPWD - ok 14:22:58.0718 1412 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 14:22:58.0890 1412 RDSessMgr - ok 14:22:58.0921 1412 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 14:22:59.0062 1412 redbook - ok 14:22:59.0109 1412 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 14:22:59.0250 1412 RemoteAccess - ok 14:22:59.0281 1412 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 14:22:59.0406 1412 RemoteRegistry - ok 14:22:59.0437 1412 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe 14:22:59.0593 1412 RpcLocator - ok 14:22:59.0625 1412 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 14:22:59.0656 1412 RpcSs - ok 14:22:59.0703 1412 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe 14:22:59.0921 1412 RSVP - ok 14:22:59.0937 1412 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 14:23:00.0093 1412 SamSs - ok 14:23:00.0093 1412 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 14:23:00.0328 1412 SCardSvr - ok 14:23:00.0375 1412 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 14:23:00.0625 1412 Schedule - ok 14:23:00.0656 1412 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:23:00.0781 1412 Secdrv - ok 14:23:00.0812 1412 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 14:23:00.0937 1412 seclogon - ok 14:23:00.0953 1412 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 14:23:01.0093 1412 SENS - ok 14:23:01.0109 1412 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 14:23:01.0250 1412 serenum - ok 14:23:01.0265 1412 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 14:23:01.0421 1412 Serial - ok 14:23:01.0453 1412 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 14:23:01.0609 1412 Sfloppy - ok 14:23:01.0640 1412 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 14:23:01.0812 1412 SharedAccess - ok 14:23:01.0828 1412 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 14:23:01.0859 1412 ShellHWDetection - ok 14:23:01.0859 1412 Simbad - ok 14:23:01.0906 1412 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 14:23:02.0062 1412 SLIP - ok 14:23:02.0093 1412 [ 1319EA66A96250D59665D133C0FF7CD0 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 14:23:02.0109 1412 smwdm ( UnsignedFile.Multi.Generic ) - warning 14:23:02.0109 1412 smwdm - detected UnsignedFile.Multi.Generic (1) 14:23:02.0125 1412 [ 9BAE383D3116A545758D45D0B994BA32 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys 14:23:02.0171 1412 snapman ( UnsignedFile.Multi.Generic ) - warning 14:23:02.0171 1412 snapman - detected UnsignedFile.Multi.Generic (1) 14:23:02.0187 1412 Sparrow - ok 14:23:02.0203 1412 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 14:23:02.0343 1412 splitter - ok 14:23:02.0375 1412 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 14:23:02.0421 1412 Spooler - ok 14:23:02.0453 1412 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 14:23:02.0593 1412 sr - ok 14:23:02.0640 1412 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll 14:23:02.0765 1412 srservice - ok 14:23:02.0812 1412 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 14:23:02.0890 1412 Srv - ok 14:23:02.0921 1412 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 14:23:03.0078 1412 SSDPSRV - ok 14:23:03.0125 1412 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 14:23:03.0156 1412 ssmdrv - ok 14:23:03.0187 1412 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 14:23:03.0328 1412 stisvc - ok 14:23:03.0375 1412 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 14:23:03.0515 1412 streamip - ok 14:23:03.0562 1412 [ B384A999C5326BA7BC940347A26FC0B9 ] SUService C:\Programme\Lenovo\System Update\SUService.exe 14:23:03.0593 1412 SUService ( UnsignedFile.Multi.Generic ) - warning 14:23:03.0593 1412 SUService - detected UnsignedFile.Multi.Generic (1) 14:23:03.0625 1412 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 14:23:03.0765 1412 swenum - ok 14:23:03.0781 1412 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 14:23:03.0937 1412 swmidi - ok 14:23:03.0937 1412 SwPrv - ok 14:23:03.0953 1412 symc810 - ok 14:23:03.0953 1412 symc8xx - ok 14:23:03.0968 1412 sym_hi - ok 14:23:03.0968 1412 sym_u3 - ok 14:23:04.0000 1412 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 14:23:04.0140 1412 sysaudio - ok 14:23:04.0171 1412 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 14:23:04.0328 1412 SysmonLog - ok 14:23:04.0359 1412 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 14:23:04.0484 1412 TapiSrv - ok 14:23:04.0515 1412 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:23:04.0640 1412 Tcpip - ok 14:23:04.0656 1412 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 14:23:04.0796 1412 TDPIPE - ok 14:23:04.0796 1412 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 14:23:04.0937 1412 TDTCP - ok 14:23:04.0953 1412 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 14:23:05.0093 1412 TermDD - ok 14:23:05.0125 1412 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 14:23:05.0328 1412 TermService - ok 14:23:05.0359 1412 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 14:23:05.0375 1412 Themes - ok 14:23:05.0421 1412 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe 14:23:05.0484 1412 ThinkVantage Registry Monitor Service - ok 14:23:05.0500 1412 [ 38E6EE805F15F829982DCEEC07A70B2D ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 14:23:05.0531 1412 tifsfilter ( UnsignedFile.Multi.Generic ) - warning 14:23:05.0531 1412 tifsfilter - detected UnsignedFile.Multi.Generic (1) 14:23:05.0562 1412 [ C9E142BF4F947F7BB3E88123D156EEEC ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys 14:23:05.0609 1412 timounter ( UnsignedFile.Multi.Generic ) - warning 14:23:05.0609 1412 timounter - detected UnsignedFile.Multi.Generic (1) 14:23:05.0640 1412 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe 14:23:05.0781 1412 TlntSvr - ok 14:23:05.0796 1412 TosIde - ok 14:23:05.0828 1412 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys 14:23:05.0843 1412 TPM ( UnsignedFile.Multi.Generic ) - warning 14:23:05.0843 1412 TPM - detected UnsignedFile.Multi.Generic (1) 14:23:05.0875 1412 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 14:23:06.0015 1412 TrkWks - ok 14:23:06.0062 1412 [ E35226351731E657D2C3DD9266531FAA ] TT7146KS C:\WINDOWS\system32\DRIVERS\TT7146KS.sys 14:23:06.0109 1412 TT7146KS ( UnsignedFile.Multi.Generic ) - warning 14:23:06.0109 1412 TT7146KS - detected UnsignedFile.Multi.Generic (1) 14:23:06.0140 1412 [ 3C4EEE3B121CFBFA05FDF4D6CDB54CA1 ] TTHID C:\WINDOWS\system32\DRIVERS\Cinergy_Hybrid_XE_HID.sys 14:23:06.0187 1412 TTHID - ok 14:23:06.0234 1412 [ 2496F2919F82367196F8AE7B5AAAB437 ] TTLOOPHE C:\WINDOWS\system32\DRIVERS\ttloophe.sys 14:23:06.0265 1412 TTLOOPHE ( UnsignedFile.Multi.Generic ) - warning 14:23:06.0265 1412 TTLOOPHE - detected UnsignedFile.Multi.Generic (1) 14:23:06.0312 1412 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe 14:23:06.0421 1412 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning 14:23:06.0421 1412 TVT Scheduler - detected UnsignedFile.Multi.Generic (1) 14:23:06.0437 1412 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 14:23:06.0593 1412 Udfs - ok 14:23:06.0656 1412 [ AC426CD0AA0DB592A81C9A78A5F4B309 ] UDXTTM6010 C:\WINDOWS\system32\DRIVERS\UDXTTM6010.sys 14:23:06.0828 1412 UDXTTM6010 - ok 14:23:06.0828 1412 ultra - ok 14:23:06.0890 1412 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 14:23:06.0937 1412 UMWdf - ok 14:23:06.0984 1412 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 14:23:07.0187 1412 Update - ok 14:23:07.0218 1412 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 14:23:07.0390 1412 upnphost - ok 14:23:07.0437 1412 [ 06F3FBC53FCB3039BF501146026EDC82 ] UPS C:\Programme\Pwrchute\ups.exe 14:23:07.0468 1412 UPS ( UnsignedFile.Multi.Generic ) - warning 14:23:07.0468 1412 UPS - detected UnsignedFile.Multi.Generic (1) 14:23:07.0531 1412 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 14:23:07.0609 1412 USBAAPL - ok 14:23:07.0656 1412 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 14:23:07.0812 1412 usbaudio - ok 14:23:07.0859 1412 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:23:08.0015 1412 usbccgp - ok 14:23:08.0031 1412 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:23:08.0171 1412 usbehci - ok 14:23:08.0203 1412 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:23:08.0343 1412 usbhub - ok 14:23:08.0390 1412 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 14:23:08.0531 1412 usbprint - ok 14:23:08.0562 1412 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:23:08.0703 1412 usbscan - ok 14:23:08.0718 1412 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:23:08.0890 1412 USBSTOR - ok 14:23:08.0921 1412 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:23:09.0062 1412 usbuhci - ok 14:23:09.0078 1412 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 14:23:09.0234 1412 VgaSave - ok 14:23:09.0234 1412 ViaIde - ok 14:23:09.0265 1412 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 14:23:09.0421 1412 VolSnap - ok 14:23:09.0453 1412 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 14:23:09.0640 1412 VSS - ok 14:23:09.0671 1412 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll 14:23:09.0812 1412 W32Time - ok 14:23:09.0828 1412 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:23:09.0984 1412 Wanarp - ok 14:23:10.0000 1412 WDICA - ok 14:23:10.0015 1412 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 14:23:10.0156 1412 wdmaud - ok 14:23:10.0187 1412 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 14:23:10.0312 1412 WebClient - ok 14:23:10.0343 1412 winmgmt - ok 14:23:10.0390 1412 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 14:23:10.0484 1412 WmdmPmSN - ok 14:23:10.0515 1412 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 14:23:10.0593 1412 Wmi - ok 14:23:10.0640 1412 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 14:23:10.0765 1412 WmiApSrv - ok 14:23:10.0796 1412 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 14:23:10.0953 1412 wscsvc - ok 14:23:11.0000 1412 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 14:23:11.0156 1412 WSTCODEC - ok 14:23:11.0171 1412 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 14:23:11.0296 1412 wuauserv - ok 14:23:11.0343 1412 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 14:23:11.0500 1412 WZCSVC - ok 14:23:11.0531 1412 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 14:23:11.0687 1412 xmlprov - ok 14:23:11.0703 1412 ================ Scan global =============================== 14:23:11.0718 1412 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 14:23:11.0750 1412 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:23:11.0781 1412 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:23:11.0796 1412 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 14:23:11.0796 1412 [Global] - ok 14:23:11.0796 1412 ================ Scan MBR ================================== 14:23:11.0812 1412 [ 891A5A795784628F5A01EB95B84D278C ] \Device\Harddisk0\DR0 14:23:11.0875 1412 \Device\Harddisk0\DR0 - ok 14:23:11.0890 1412 [ 587F1BF40479D66675A13B610E5E7F9E ] \Device\Harddisk1\DR1 14:23:11.0953 1412 \Device\Harddisk1\DR1 - ok 14:23:11.0953 1412 ================ Scan VBR ================================== 14:23:11.0953 1412 [ C34BB0789D7FB7B20393B6DBA8BA471E ] \Device\Harddisk0\DR0\Partition1 14:23:11.0953 1412 \Device\Harddisk0\DR0\Partition1 - ok 14:23:11.0984 1412 [ EAD5C8DFF685179C1A2DA335DDCF9F0A ] \Device\Harddisk1\DR1\Partition1 14:23:11.0984 1412 \Device\Harddisk1\DR1\Partition1 - ok 14:23:11.0984 1412 ============================================================ 14:23:11.0984 1412 Scan finished 14:23:11.0984 1412 ============================================================ 14:23:12.0125 1264 Detected object count: 20 14:23:12.0125 1264 Actual detected object count: 20 14:24:00.0031 1264 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0031 1264 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0031 1264 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0031 1264 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0031 1264 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0031 1264 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0031 1264 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0031 1264 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0031 1264 BPowMon ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0031 1264 BPowMon ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 Ext2fs ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0046 1264 Ext2fs ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0046 1264 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 ialm ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0046 1264 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 IfsMount ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0046 1264 IfsMount ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0046 1264 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0046 1264 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 snapman ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 timounter ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 TPM ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 TPM ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0062 1264 TT7146KS ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0062 1264 TT7146KS ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0078 1264 TTLOOPHE ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0078 1264 TTLOOPHE ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0078 1264 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0078 1264 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:00.0078 1264 UPS ( UnsignedFile.Multi.Generic ) - skipped by user 14:24:00.0078 1264 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:24:14.0656 3564 Deinitialize success |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizeivirus Österreich hi Combofix: Scan mit Combofix
Combofix: Scan mit Combofix
| ![]() Polizeivirus ÖsterreichCode:
ATTFilter ComboFix 13-02-03.03 - Gerhard 06.02.2013 14:51:51.1.2 - x86 ausgeführt von:: c:\dokumente und einstellungen\Gerhard\Desktop\ComboFix.exe . ADS - WINDOWS: deleted 24 bytes in 1 streams. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Gerhard\WINDOWS c:\windows\IsUn0407.exe F:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 )))))))))))))))))))))))))))))) . . 2013-02-06 12:39 . 2013-02-06 12:39 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\libimobiledevice 2013-02-06 12:01 . 2013-02-06 12:01 -------- d-----w- C:\_OTL 2013-02-05 23:29 . 2013-02-05 23:32 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-02-05 22:36 . 2013-02-05 22:36 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\DoNotTrackPlus 2013-02-05 22:36 . 2013-02-05 22:37 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\CallingID 2013-02-05 22:36 . 2013-02-05 22:36 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\AskToolbar 2013-02-05 19:36 . 2001-08-18 03:54 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-02-05 19:36 . 2008-04-14 06:52 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-01-25 20:19 . 2013-02-05 20:47 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\redsn0w 2013-01-25 19:40 . 2013-01-25 22:59 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Apple Computer 2013-01-25 19:40 . 2013-01-25 19:40 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Apple Computer 2013-01-25 19:39 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-01-25 19:37 . 2013-01-25 19:37 -------- d-----w- c:\programme\iPod 2013-01-25 19:37 . 2013-01-25 19:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-01-25 19:37 . 2013-01-25 19:39 -------- d-----w- c:\programme\iTunes 2013-01-25 19:37 . 2013-01-25 19:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer 2013-01-25 19:37 . 2013-01-25 19:37 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Apple 2013-01-25 19:36 . 2013-01-25 19:37 -------- d-----w- c:\programme\Apple Software Update 2013-01-25 19:36 . 2013-01-25 19:36 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer 2013-01-25 19:36 . 2013-01-25 19:39 -------- dc----w- c:\windows\system32\DRVSTORE 2013-01-25 19:36 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll 2013-01-25 19:36 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2013-01-25 19:35 . 2013-01-25 19:36 -------- d-----w- c:\programme\Bonjour 2013-01-25 19:35 . 2013-01-25 19:37 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2013-01-25 19:35 . 2013-01-25 19:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple 2013-01-25 19:28 . 2013-01-25 19:28 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Avira 2013-01-25 19:23 . 2013-01-25 19:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AskToolbar 2013-01-25 19:23 . 2013-01-25 19:23 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten 2013-01-25 19:22 . 2013-01-25 19:23 -------- d-----w- c:\programme\Ask.com 2013-01-25 19:22 . 2013-02-05 22:42 -------- d-----w- c:\dokumente und einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\AskToolbar 2013-01-25 19:22 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-01-25 19:22 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-01-25 19:22 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-01-25 19:22 . 2013-01-25 19:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2013-01-25 19:22 . 2013-01-25 19:22 -------- d-----w- c:\programme\Avira 2013-01-25 19:21 . 2013-01-25 19:21 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-25 19:21 . 2011-06-24 09:23 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2001-08-18 19:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 11:55 . 2002-08-29 01:23 1866496 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 04:21 . 2011-12-13 16:28 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784] "ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-04-07 148888] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "Acronis*True*Image Monitor"="c:\programme\Acronis\TrueImage\TrueImageMonitor.exe" [2009-04-07 417846] "Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2009-04-07 61440] "OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] "Message Center Plus"="c:\programme\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-12-20 1574176] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800] "APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ AutoStart IR.lnk - c:\programme\WinTV\Ir.exe [2009-6-5 110647] WinTV Recording Status..lnk - c:\programme\WinTV\WinTV7\WinTVTray.exe [2009-6-5 98304] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"= "c:\\Programme\\TerraTec\\TerraTec Home Cinema\\TTDvrServer.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "f:\\utorrent.exe"= "c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [x] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [x] R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [x] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [x] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [x] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [x] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [x] R3 TTHID;Cinergy Hybrid XE HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid_XE_HID.sys [x] R3 UDXTTM6010;Cinergy Hybrid XE BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [x] S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 BPowMon;Broadcom Power monitoring service;c:\programme\Broadcom\BACS\BPowMon.exe [x] S2 HauppaugeTVServer;HauppaugeTVServer;c:\programme\WinTV\TVServer\HauppaugeTVServer.exe [x] S3 TT7146KS;TechnoTrend SAA7146 Capture (WDM);c:\windows\system32\DRIVERS\TT7146KS.sys [x] S3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;c:\windows\system32\DRIVERS\ttloophe.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 34418037 *Deregistered* - 34418037 . Inhalt des "geplante Tasks" Ordners . 2013-02-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2012-12-20 20:56] . 2013-01-26 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_SERVER_Gerhard.job - c:\windows\system32\mobsync.exe [2001-08-18 05:52] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\4ees31qk.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=c532d45a-72a6-473d-bcf1-f6d770e1c6b6&apn_ptnrs=%5EAGU&apn_sauid=398214DD-E924-4840-9342-1F9930CE19D5&apn_dtid=%5EYYYYYY%5EYY%5EAT&&q= FF - ExtSQL: 2013-01-25 20:23; toolbar@ask.com; c:\dokumente und einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\4ees31qk.default\extensions\toolbar@ask.com . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-RealFlight2 - G:\CPanel.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-02-06 14:58 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(832) c:\programme\Avira\AntiVir Desktop\avsda.dll . Zeit der Fertigstellung: 2013-02-06 15:00:05 ComboFix-quarantined-files.txt 2013-02-06 14:00 . Vor Suchlauf: 3.329.802.240 Bytes frei Nach Suchlauf: 3.347.152.896 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 6B4E5BCF48A0B120FF19E973130E06B3 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Polizeivirus Österreich hi, 1. reg file laden: http://download.bleepingcomputer.com...xp/winmgmt.reg ausführen, Nachfrage bestätigen, neustarten. 2. malwarebytes: Downloade Dir bitte Malwarebytes
2. malwarebytes: Downloade Dir bitte Malwarebytes
| ![]() Polizeivirus ÖsterreichCode:
ATTFilter Malwarebytes Anti-Malware (Test) www.malwarebytes.org Datenbank Version: v2013.02.06.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Gerhard :: SERVER [Administrator] Schutz: Aktiviert 06.02.2013 15:45:04 mbam-log-2013-02-06 (15-45-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 299478 Laufzeit: 1 Stunde(n), 18 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\SYSTEM32\SMART.DLL (Trojan.Agent) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\system32\Smart.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
- internet explorer 8, auch wenn du nen andern browser nutzt, muss er aktuell sein. Download: Windows Internet Explorer 8 für Windows XP - Microsoft Download Center - Download Details - automatische updates so konfigurieren, das sie automatisch geladen/instaliert werden: Konfigurieren und Verwenden des Features "Automatische Updates" in Windows bitte melden, wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
