| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus verschwindet einfach?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2012, 21:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Virus verschwindet einfach? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2012, 15:44
| #17 |
 | Virus verschwindet einfach? okay, habe jetzt ein anderes Problem:
__________________wenn ich AVG vorübergehend deaktivieren will dann gibt er mir folgende Antwort: "Beim Speichern der Konfiguration ist ein Fehler aufgetreten. Die angegebene Datei wurde nicht gefunden." Liegt das an den durchgeführten Maßnahmen? Bis zum OTL-Fix ging das ohne Probleme. Oder soll ich ihn einfach deinstallieren und nacher neu installieren? Lg Manu |
|
31.07.2012, 20:16
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach? Ja deinstallieren ist besser
__________________
__________________ |
|
31.07.2012, 20:44
| #19 |
| | Virus verschwindet einfach? okay, vorab noch zwei Sachen die mir sprichwörtlich ins Auge gesprungen sind: 1: Ich werde bei fast jedem Programm nach meiner Zustimmung gefragt, es auszuführen 2: Ich habe keine Berechtigung mehr etwas auf C zu speichern?  Hier das Log: Code:
ATTFilter 21:30:49.0818 3532 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:30:49.0873 3532 ============================================================
21:30:49.0873 3532 Current date / time: 2012/07/31 21:30:49.0873
21:30:49.0874 3532 SystemInfo:
21:30:49.0874 3532
21:30:49.0874 3532 OS Version: 6.0.6002 ServicePack: 2.0
21:30:49.0874 3532 Product type: Workstation
21:30:49.0874 3532 ComputerName: MANUELA-PC
21:30:49.0874 3532 UserName: Manuela
21:30:49.0874 3532 Windows directory: C:\Windows
21:30:49.0874 3532 System windows directory: C:\Windows
21:30:49.0874 3532 Processor architecture: Intel x86
21:30:49.0874 3532 Number of processors: 2
21:30:49.0874 3532 Page size: 0x1000
21:30:49.0874 3532 Boot type: Normal boot
21:30:49.0874 3532 ============================================================
21:30:56.0452 3532 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:30:56.0464 3532 ============================================================
21:30:56.0464 3532 \Device\Harddisk0\DR0:
21:30:56.0464 3532 MBR partitions:
21:30:56.0464 3532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x20AFBF70
21:30:56.0464 3532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x20AFC800, BlocksNum 0x249F0000
21:30:56.0464 3532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x454EC800, BlocksNum 0x2CA18000
21:30:56.0488 3532 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x71F0483F, BlocksNum 0x2801182
21:30:56.0488 3532 ============================================================
21:30:56.0523 3532 C: <-> \Device\Harddisk0\DR0\Partition0
21:30:56.0524 3532 D: <-> \Device\Harddisk0\DR0\Partition3
21:30:56.0558 3532 P: <-> \Device\Harddisk0\DR0\Partition1
21:30:56.0593 3532 G: <-> \Device\Harddisk0\DR0\Partition2
21:30:56.0593 3532 ============================================================
21:30:56.0593 3532 Initialize success
21:30:56.0593 3532 ============================================================
21:31:38.0923 3664 ============================================================
21:31:38.0923 3664 Scan started
21:31:38.0923 3664 Mode: Manual; SigCheck; TDLFS;
21:31:38.0923 3664 ============================================================
21:31:40.0146 3664 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:31:40.0244 3664 ACPI - ok
21:31:40.0482 3664 AcrSch2Svc (8826bf38899bf67cb16dbb8765a84c2a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
21:31:40.0495 3664 AcrSch2Svc - ok
21:31:40.0647 3664 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:40.0675 3664 AdobeFlashPlayerUpdateSvc - ok
21:31:40.0719 3664 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:31:40.0749 3664 adp94xx - ok
21:31:40.0842 3664 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:31:40.0861 3664 adpahci - ok
21:31:40.0881 3664 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:31:40.0893 3664 adpu160m - ok
21:31:40.0953 3664 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:31:40.0969 3664 adpu320 - ok
21:31:40.0988 3664 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:31:41.0017 3664 AeLookupSvc - ok
21:31:41.0082 3664 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:31:41.0159 3664 AFD - ok
21:31:41.0190 3664 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:31:41.0200 3664 agp440 - ok
21:31:41.0253 3664 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:31:41.0264 3664 aic78xx - ok
21:31:41.0294 3664 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:31:41.0344 3664 ALG - ok
21:31:41.0360 3664 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:31:41.0369 3664 aliide - ok
21:31:41.0412 3664 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:31:41.0423 3664 amdagp - ok
21:31:41.0477 3664 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:31:41.0487 3664 amdide - ok
21:31:41.0526 3664 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:31:41.0580 3664 AmdK7 - ok
21:31:41.0592 3664 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:31:41.0654 3664 AmdK8 - ok
21:31:41.0679 3664 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:31:41.0735 3664 Appinfo - ok
21:31:41.0746 3664 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:31:41.0757 3664 arc - ok
21:31:41.0768 3664 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:31:41.0778 3664 arcsas - ok
21:31:41.0801 3664 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:41.0860 3664 AsyncMac - ok
21:31:41.0879 3664 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:31:41.0888 3664 atapi - ok
21:31:41.0948 3664 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:31:41.0988 3664 AudioEndpointBuilder - ok
21:31:41.0991 3664 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:31:42.0007 3664 Audiosrv - ok
21:31:42.0050 3664 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
21:31:42.0062 3664 avgtp - ok
21:31:42.0136 3664 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:31:42.0149 3664 BBSvc - ok
21:31:42.0196 3664 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:31:42.0207 3664 BBUpdate - ok
21:31:42.0216 3664 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:31:42.0272 3664 Beep - ok
21:31:42.0309 3664 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:31:42.0340 3664 BFE - ok
21:31:42.0433 3664 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
21:31:42.0515 3664 BITS - ok
21:31:42.0563 3664 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:31:42.0583 3664 blbdrive - ok
21:31:42.0615 3664 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:31:42.0673 3664 bowser - ok
21:31:42.0689 3664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:31:42.0704 3664 BrFiltLo - ok
21:31:42.0746 3664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:31:42.0766 3664 BrFiltUp - ok
21:31:42.0790 3664 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:31:42.0849 3664 Browser - ok
21:31:42.0878 3664 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:31:43.0028 3664 Brserid - ok
21:31:43.0196 3664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:31:43.0261 3664 BrSerWdm - ok
21:31:43.0274 3664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:31:43.0328 3664 BrUsbMdm - ok
21:31:43.0349 3664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:31:43.0416 3664 BrUsbSer - ok
21:31:43.0439 3664 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:31:43.0508 3664 BTHMODEM - ok
21:31:43.0526 3664 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:31:43.0559 3664 cdfs - ok
21:31:43.0609 3664 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:31:43.0635 3664 cdrom - ok
21:31:43.0663 3664 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:31:43.0679 3664 CertPropSvc - ok
21:31:43.0745 3664 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:31:43.0790 3664 circlass - ok
21:31:43.0824 3664 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:31:43.0846 3664 CLFS - ok
21:31:43.0945 3664 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:43.0966 3664 clr_optimization_v2.0.50727_32 - ok
21:31:44.0025 3664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:44.0036 3664 clr_optimization_v4.0.30319_32 - ok
21:31:44.0112 3664 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:31:44.0141 3664 cmdide - ok
21:31:44.0153 3664 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:31:44.0163 3664 Compbatt - ok
21:31:44.0166 3664 COMSysApp - ok
21:31:44.0203 3664 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:31:44.0212 3664 crcdisk - ok
21:31:44.0224 3664 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:31:44.0280 3664 Crusoe - ok
21:31:44.0307 3664 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:31:44.0346 3664 CryptSvc - ok
21:31:44.0417 3664 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:31:44.0462 3664 DcomLaunch - ok
21:31:44.0477 3664 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:31:44.0504 3664 DfsC - ok
21:31:45.0234 3664 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:31:45.0411 3664 DFSR - ok
21:31:45.0786 3664 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:31:45.0832 3664 Dhcp - ok
21:31:45.0892 3664 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:31:45.0916 3664 disk - ok
21:31:45.0951 3664 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:31:45.0980 3664 Dnscache - ok
21:31:46.0006 3664 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:31:46.0034 3664 dot3svc - ok
21:31:46.0065 3664 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:31:46.0093 3664 DPS - ok
21:31:46.0126 3664 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:31:46.0177 3664 drmkaud - ok
21:31:46.0567 3664 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:46.0587 3664 DXGKrnl - ok
21:31:46.0628 3664 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:31:46.0668 3664 e1express - ok
21:31:46.0712 3664 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:31:46.0750 3664 E1G60 - ok
21:31:46.0768 3664 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:31:46.0793 3664 EapHost - ok
21:31:46.0835 3664 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:31:46.0853 3664 Ecache - ok
21:31:46.0912 3664 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:31:46.0942 3664 ehRecvr - ok
21:31:46.0962 3664 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:31:47.0013 3664 ehSched - ok
21:31:47.0063 3664 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:31:47.0111 3664 ehstart - ok
21:31:47.0141 3664 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:31:47.0169 3664 elxstor - ok
21:31:47.0236 3664 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:31:47.0322 3664 EMDMgmt - ok
21:31:47.0363 3664 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:31:47.0419 3664 ErrDev - ok
21:31:47.0452 3664 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:31:47.0487 3664 EventSystem - ok
21:31:47.0532 3664 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:31:47.0570 3664 exfat - ok
21:31:47.0593 3664 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:31:47.0620 3664 fastfat - ok
21:31:47.0634 3664 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:31:47.0692 3664 fdc - ok
21:31:47.0696 3664 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:31:47.0713 3664 fdPHost - ok
21:31:47.0740 3664 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:31:47.0784 3664 FDResPub - ok
21:31:47.0802 3664 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:31:47.0812 3664 FileInfo - ok
21:31:47.0863 3664 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:31:47.0893 3664 Filetrace - ok
21:31:47.0904 3664 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:47.0960 3664 flpydisk - ok
21:31:47.0982 3664 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:31:47.0994 3664 FltMgr - ok
21:31:48.0093 3664 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:31:48.0147 3664 FontCache - ok
21:31:48.0242 3664 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:48.0284 3664 FontCache3.0.0.0 - ok
21:31:48.0341 3664 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
21:31:48.0350 3664 fssfltr - ok
21:31:49.0010 3664 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:31:49.0046 3664 fsssvc - ok
21:31:49.0080 3664 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:49.0110 3664 Fs_Rec - ok
21:31:49.0143 3664 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:31:49.0153 3664 gagp30kx - ok
21:31:49.0229 3664 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:31:49.0292 3664 gpsvc - ok
21:31:49.0342 3664 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
21:31:49.0350 3664 hamachi - ok
21:31:49.0426 3664 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:31:49.0488 3664 HdAudAddService - ok
21:31:49.0671 3664 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:49.0753 3664 HDAudBus - ok
21:31:49.0773 3664 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:31:49.0805 3664 HidBth - ok
21:31:49.0866 3664 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:31:49.0921 3664 HidIr - ok
21:31:49.0970 3664 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
21:31:50.0015 3664 hidserv - ok
21:31:50.0061 3664 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:50.0113 3664 HidUsb - ok
21:31:50.0137 3664 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:31:50.0206 3664 hkmsvc - ok
21:31:50.0225 3664 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:31:50.0239 3664 HpCISSs - ok
21:31:50.0549 3664 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:31:50.0687 3664 HTTP - ok
21:31:50.0715 3664 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:31:50.0724 3664 i2omp - ok
21:31:50.0824 3664 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:50.0895 3664 i8042prt - ok
21:31:51.0035 3664 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:31:51.0074 3664 iaStorV - ok
21:31:51.0424 3664 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:51.0464 3664 idsvc - ok
21:31:51.0601 3664 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:31:51.0623 3664 iirsp - ok
21:31:51.0686 3664 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:31:51.0730 3664 IKEEXT - ok
21:31:52.0405 3664 IntcAzAudAddService (2790cc09422b6bedae9825ae289e9bb7) C:\Windows\system32\drivers\RTKVHDA.sys
21:31:52.0508 3664 IntcAzAudAddService - ok
21:31:53.0100 3664 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:31:53.0109 3664 intelide - ok
21:31:53.0133 3664 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:53.0193 3664 intelppm - ok
21:31:53.0222 3664 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:31:53.0247 3664 IPBusEnum - ok
21:31:53.0262 3664 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:53.0325 3664 IpFilterDriver - ok
21:31:53.0536 3664 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:31:53.0574 3664 iphlpsvc - ok
21:31:53.0576 3664 IpInIp - ok
21:31:53.0592 3664 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:31:53.0611 3664 IPMIDRV - ok
21:31:53.0670 3664 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:31:53.0735 3664 IPNAT - ok
21:31:53.0745 3664 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:31:53.0763 3664 IRENUM - ok
21:31:53.0796 3664 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:31:53.0805 3664 isapnp - ok
21:31:53.0858 3664 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:31:53.0869 3664 iScsiPrt - ok
21:31:53.0882 3664 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:31:53.0891 3664 iteatapi - ok
21:31:53.0939 3664 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:31:53.0948 3664 iteraid - ok
21:31:53.0986 3664 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:53.0995 3664 kbdclass - ok
21:31:54.0014 3664 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:54.0063 3664 kbdhid - ok
21:31:54.0096 3664 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:31:54.0110 3664 KeyIso - ok
21:31:54.0180 3664 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:31:54.0209 3664 KSecDD - ok
21:31:54.0302 3664 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:31:54.0364 3664 KtmRm - ok
21:31:54.0407 3664 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
21:31:54.0445 3664 LanmanServer - ok
21:31:54.0495 3664 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:31:54.0530 3664 LanmanWorkstation - ok
21:31:54.0550 3664 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:54.0613 3664 lltdio - ok
21:31:54.0651 3664 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:31:54.0677 3664 lltdsvc - ok
21:31:54.0689 3664 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:31:54.0721 3664 lmhosts - ok
21:31:54.0888 3664 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:31:54.0918 3664 LSI_FC - ok
21:31:54.0940 3664 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:31:54.0969 3664 LSI_SAS - ok
21:31:54.0990 3664 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:55.0001 3664 LSI_SCSI - ok
21:31:55.0039 3664 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:31:55.0064 3664 luafv - ok
21:31:55.0132 3664 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
21:31:55.0149 3664 LVRS - ok
21:31:57.0655 3664 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
21:31:57.0786 3664 LVUVC - ok
21:31:58.0099 3664 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:31:58.0123 3664 Mcx2Svc - ok
21:31:58.0175 3664 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:31:58.0185 3664 megasas - ok
21:31:58.0251 3664 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:31:58.0277 3664 MegaSR - ok
21:31:58.0310 3664 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:31:58.0346 3664 MMCSS - ok
21:31:58.0352 3664 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:31:58.0378 3664 Modem - ok
21:31:58.0391 3664 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:31:58.0409 3664 monitor - ok
21:31:58.0436 3664 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:58.0445 3664 mouclass - ok
21:31:58.0492 3664 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:58.0522 3664 mouhid - ok
21:31:58.0549 3664 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:31:58.0559 3664 MountMgr - ok
21:31:58.0602 3664 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:31:58.0614 3664 mpio - ok
21:31:58.0690 3664 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:31:58.0729 3664 mpsdrv - ok
21:31:58.0786 3664 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:31:58.0827 3664 MpsSvc - ok
21:31:58.0905 3664 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:31:58.0916 3664 Mraid35x - ok
21:31:58.0942 3664 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:31:58.0963 3664 MRxDAV - ok
21:31:58.0987 3664 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:59.0003 3664 mrxsmb - ok
21:31:59.0042 3664 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:59.0074 3664 mrxsmb10 - ok
21:31:59.0091 3664 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:59.0133 3664 mrxsmb20 - ok
21:31:59.0160 3664 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:31:59.0169 3664 msahci - ok
21:31:59.0185 3664 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:31:59.0197 3664 msdsm - ok
21:31:59.0242 3664 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:31:59.0271 3664 MSDTC - ok
21:31:59.0284 3664 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:31:59.0343 3664 Msfs - ok
21:31:59.0367 3664 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:31:59.0375 3664 msisadrv - ok
21:31:59.0395 3664 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:31:59.0423 3664 MSiSCSI - ok
21:31:59.0425 3664 msiserver - ok
21:31:59.0447 3664 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:59.0477 3664 MSKSSRV - ok
21:31:59.0500 3664 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:59.0519 3664 MSPCLOCK - ok
21:31:59.0536 3664 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:31:59.0555 3664 MSPQM - ok
21:31:59.0584 3664 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:31:59.0596 3664 MsRPC - ok
21:31:59.0609 3664 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:59.0617 3664 mssmbios - ok
21:31:59.0627 3664 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:31:59.0646 3664 MSTEE - ok
21:31:59.0682 3664 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:31:59.0692 3664 Mup - ok
21:31:59.0722 3664 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:31:59.0760 3664 napagent - ok
21:31:59.0799 3664 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:59.0829 3664 NativeWifiP - ok
21:31:59.0906 3664 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:31:59.0937 3664 NDIS - ok
21:31:59.0952 3664 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:59.0982 3664 NdisTapi - ok
21:31:59.0999 3664 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:00.0018 3664 Ndisuio - ok
21:32:00.0060 3664 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:00.0083 3664 NdisWan - ok
21:32:00.0090 3664 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:32:00.0105 3664 NDProxy - ok
21:32:00.0140 3664 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:32:00.0202 3664 NetBIOS - ok
21:32:00.0279 3664 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:32:00.0326 3664 netbt - ok
21:32:00.0359 3664 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:32:00.0368 3664 Netlogon - ok
21:32:00.0393 3664 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:32:00.0422 3664 Netman - ok
21:32:00.0451 3664 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:32:00.0495 3664 netprofm - ok
21:32:00.0533 3664 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:00.0550 3664 NetTcpPortSharing - ok
21:32:00.0561 3664 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:32:00.0571 3664 nfrd960 - ok
21:32:00.0638 3664 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:32:00.0669 3664 NlaSvc - ok
21:32:00.0675 3664 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:32:00.0699 3664 Npfs - ok
21:32:00.0712 3664 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:32:00.0743 3664 nsi - ok
21:32:00.0747 3664 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:32:00.0765 3664 nsiproxy - ok
21:32:00.0994 3664 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:32:01.0037 3664 Ntfs - ok
21:32:01.0053 3664 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:32:01.0085 3664 ntrigdigi - ok
21:32:01.0103 3664 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:32:01.0135 3664 Null - ok
21:32:03.0994 3664 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:32:04.0205 3664 nvlddmkm - ok
21:32:04.0775 3664 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:32:04.0786 3664 nvraid - ok
21:32:04.0797 3664 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:32:04.0807 3664 nvstor - ok
21:32:04.0915 3664 NVSvc (725754030d809ed7f802399ac5b0ad3d) C:\Windows\system32\nvvsvc.exe
21:32:04.0933 3664 NVSvc - ok
21:32:04.0964 3664 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:32:04.0984 3664 nv_agp - ok
21:32:04.0987 3664 NwlnkFlt - ok
21:32:04.0991 3664 NwlnkFwd - ok
21:32:05.0225 3664 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:32:05.0248 3664 odserv - ok
21:32:05.0283 3664 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:32:05.0321 3664 ohci1394 - ok
21:32:05.0369 3664 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:05.0384 3664 ose - ok
21:32:05.0452 3664 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:32:05.0500 3664 p2pimsvc - ok
21:32:05.0505 3664 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:32:05.0524 3664 p2psvc - ok
21:32:05.0547 3664 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:32:05.0580 3664 Parport - ok
21:32:05.0651 3664 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:32:05.0662 3664 partmgr - ok
21:32:05.0671 3664 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:32:05.0739 3664 Parvdm - ok
21:32:05.0764 3664 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:32:05.0805 3664 PcaSvc - ok
21:32:05.0859 3664 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:32:05.0876 3664 pci - ok
21:32:05.0888 3664 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:32:05.0898 3664 pciide - ok
21:32:05.0945 3664 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:32:05.0967 3664 pcmcia - ok
21:32:06.0047 3664 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:32:06.0108 3664 PEAUTH - ok
21:32:07.0170 3664 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:32:07.0263 3664 pla - ok
21:32:07.0734 3664 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:32:07.0772 3664 PlugPlay - ok
21:32:07.0798 3664 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
21:32:07.0856 3664 PnkBstrA - ok
21:32:08.0322 3664 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:32:08.0343 3664 PNRPAutoReg - ok
21:32:08.0348 3664 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:32:08.0367 3664 PNRPsvc - ok
21:32:08.0428 3664 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:32:08.0470 3664 PolicyAgent - ok
21:32:08.0564 3664 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:32:08.0655 3664 PptpMiniport - ok
21:32:08.0675 3664 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:32:08.0734 3664 Processor - ok
21:32:08.0753 3664 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:32:08.0769 3664 ProfSvc - ok
21:32:08.0787 3664 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:32:08.0797 3664 ProtectedStorage - ok
21:32:08.0854 3664 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:32:08.0908 3664 PSched - ok
21:32:09.0121 3664 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:32:09.0202 3664 ql2300 - ok
21:32:09.0219 3664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:32:09.0262 3664 ql40xx - ok
21:32:09.0315 3664 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:32:09.0336 3664 QWAVE - ok
21:32:09.0346 3664 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:32:09.0356 3664 QWAVEdrv - ok
21:32:09.0402 3664 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:32:09.0420 3664 RasAcd - ok
21:32:09.0433 3664 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:32:09.0471 3664 RasAuto - ok
21:32:09.0482 3664 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:09.0506 3664 Rasl2tp - ok
21:32:09.0610 3664 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:32:09.0646 3664 RasMan - ok
21:32:09.0682 3664 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:09.0731 3664 RasPppoe - ok
21:32:09.0752 3664 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:32:09.0773 3664 RasSstp - ok
21:32:09.0817 3664 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:32:09.0846 3664 rdbss - ok
21:32:09.0859 3664 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:09.0887 3664 RDPCDD - ok
21:32:09.0931 3664 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:32:09.0959 3664 rdpdr - ok
21:32:09.0963 3664 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:32:09.0982 3664 RDPENCDD - ok
21:32:10.0025 3664 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:32:10.0063 3664 RDPWD - ok
21:32:10.0106 3664 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:32:10.0125 3664 RemoteAccess - ok
21:32:10.0147 3664 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:32:10.0171 3664 RemoteRegistry - ok
21:32:10.0181 3664 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:32:10.0217 3664 RpcLocator - ok
21:32:10.0528 3664 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:32:10.0556 3664 RpcSs - ok
21:32:10.0585 3664 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:32:10.0644 3664 rspndr - ok
21:32:10.0669 3664 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:32:10.0678 3664 SamSs - ok
21:32:10.0696 3664 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:32:10.0706 3664 sbp2port - ok
21:32:10.0746 3664 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:32:10.0828 3664 SCardSvr - ok
21:32:11.0193 3664 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:32:11.0229 3664 Schedule - ok
21:32:11.0249 3664 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:32:11.0263 3664 SCPolicySvc - ok
21:32:11.0309 3664 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:32:11.0337 3664 SDRSVC - ok
21:32:11.0349 3664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:32:11.0418 3664 secdrv - ok
21:32:11.0434 3664 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:32:11.0455 3664 seclogon - ok
21:32:11.0465 3664 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:32:11.0494 3664 SENS - ok
21:32:11.0516 3664 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:32:11.0535 3664 Serenum - ok
21:32:11.0578 3664 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:32:11.0634 3664 Serial - ok
21:32:11.0640 3664 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:32:11.0658 3664 sermouse - ok
21:32:11.0681 3664 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:32:11.0703 3664 SessionEnv - ok
21:32:11.0727 3664 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:32:11.0741 3664 sffdisk - ok
21:32:11.0755 3664 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:32:11.0784 3664 sffp_mmc - ok
21:32:11.0793 3664 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:32:11.0823 3664 sffp_sd - ok
21:32:11.0841 3664 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:32:11.0872 3664 sfloppy - ok
21:32:12.0134 3664 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:32:12.0167 3664 SharedAccess - ok
21:32:12.0209 3664 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:32:12.0345 3664 ShellHWDetection - ok
21:32:12.0364 3664 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:32:12.0374 3664 sisagp - ok
21:32:12.0418 3664 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:32:12.0428 3664 SiSRaid2 - ok
21:32:12.0469 3664 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:32:12.0480 3664 SiSRaid4 - ok
21:32:13.0150 3664 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:32:13.0233 3664 slsvc - ok
21:32:13.0382 3664 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:32:13.0435 3664 SLUINotify - ok
21:32:13.0494 3664 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:32:13.0541 3664 Smb - ok
21:32:13.0570 3664 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\Windows\system32\DRIVERS\snapman.sys
21:32:13.0594 3664 snapman - ok
21:32:13.0614 3664 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:32:13.0624 3664 SNMPTRAP - ok
21:32:13.0659 3664 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:32:13.0668 3664 spldr - ok
21:32:13.0697 3664 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:32:13.0717 3664 Spooler - ok
21:32:13.0753 3664 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:32:13.0797 3664 srv - ok
21:32:13.0856 3664 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:32:13.0947 3664 srv2 - ok
21:32:14.0172 3664 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:32:14.0184 3664 srvnet - ok
21:32:14.0229 3664 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:32:14.0249 3664 SSDPSRV - ok
21:32:14.0287 3664 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:32:14.0312 3664 SstpSvc - ok
21:32:14.0350 3664 Steam Client Service - ok
21:32:14.0439 3664 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:32:14.0476 3664 stisvc - ok
21:32:14.0495 3664 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:32:14.0505 3664 swenum - ok
21:32:14.0588 3664 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:32:14.0644 3664 swprv - ok
21:32:14.0660 3664 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:32:14.0670 3664 Symc8xx - ok
21:32:14.0699 3664 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:32:14.0708 3664 Sym_hi - ok
21:32:14.0762 3664 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:32:14.0771 3664 Sym_u3 - ok
21:32:15.0040 3664 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:32:15.0073 3664 SysMain - ok
21:32:15.0133 3664 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:32:15.0145 3664 TabletInputService - ok
21:32:15.0168 3664 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:32:15.0194 3664 TapiSrv - ok
21:32:15.0204 3664 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:32:15.0235 3664 TBS - ok
21:32:15.0370 3664 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:32:15.0429 3664 Tcpip - ok
21:32:15.0438 3664 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:32:15.0462 3664 Tcpip6 - ok
21:32:15.0532 3664 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:32:15.0581 3664 tcpipreg - ok
21:32:15.0587 3664 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:32:15.0616 3664 TDPIPE - ok
21:32:15.0681 3664 tdrpman (603d59923828c6c213b84b14cbf32083) C:\Windows\system32\DRIVERS\tdrpman.sys
21:32:15.0708 3664 tdrpman - ok
21:32:15.0726 3664 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:32:15.0744 3664 TDTCP - ok
21:32:15.0799 3664 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:32:15.0847 3664 tdx - ok
21:32:15.0875 3664 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:32:15.0884 3664 TermDD - ok
21:32:16.0088 3664 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:32:16.0136 3664 TermService - ok
21:32:16.0196 3664 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:32:16.0208 3664 Themes - ok
21:32:16.0277 3664 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:32:16.0295 3664 THREADORDER - ok
21:32:16.0331 3664 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
21:32:16.0337 3664 tifsfilter - ok
21:32:16.0487 3664 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
21:32:16.0526 3664 timounter - ok
21:32:16.0601 3664 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:32:16.0619 3664 TrkWks - ok
21:32:16.0656 3664 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:32:16.0675 3664 TrustedInstaller - ok
21:32:16.0857 3664 TryAndDecideService (a4b62a8c60d50bd3b24b70ca11a4a3bf) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
21:32:16.0871 3664 TryAndDecideService - ok
21:32:16.0900 3664 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:16.0959 3664 tssecsrv - ok
21:32:16.0984 3664 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:32:17.0035 3664 tunmp - ok
21:32:17.0070 3664 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:32:17.0082 3664 tunnel - ok
21:32:17.0099 3664 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:32:17.0109 3664 uagp35 - ok
21:32:17.0179 3664 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:32:17.0206 3664 udfs - ok
21:32:17.0224 3664 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:32:17.0282 3664 UI0Detect - ok
21:32:17.0299 3664 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:32:17.0310 3664 uliagpkx - ok
21:32:17.0367 3664 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:32:17.0413 3664 uliahci - ok
21:32:17.0452 3664 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:32:17.0482 3664 UlSata - ok
21:32:17.0580 3664 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:32:17.0601 3664 ulsata2 - ok
21:32:17.0619 3664 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:32:17.0658 3664 umbus - ok
21:32:17.0764 3664 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:32:17.0777 3664 UMVPFSrv - ok
21:32:17.0877 3664 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) P:\Systemwartung\Unlocker\UnlockerDriver5.sys
21:32:17.0883 3664 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
21:32:17.0883 3664 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
21:32:18.0020 3664 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:32:18.0055 3664 upnphost - ok
21:32:18.0101 3664 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:32:18.0117 3664 usbaudio - ok
21:32:18.0164 3664 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:18.0213 3664 usbccgp - ok
21:32:18.0229 3664 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:32:18.0263 3664 usbcir - ok
21:32:18.0289 3664 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:32:18.0342 3664 usbehci - ok
21:32:18.0376 3664 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:32:18.0409 3664 usbhub - ok
21:32:18.0418 3664 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:32:18.0451 3664 usbohci - ok
21:32:18.0551 3664 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:32:18.0569 3664 usbprint - ok
21:32:18.0599 3664 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:32:18.0648 3664 usbscan - ok
21:32:18.0658 3664 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:18.0673 3664 USBSTOR - ok
21:32:18.0726 3664 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:18.0759 3664 usbuhci - ok
21:32:18.0793 3664 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:32:18.0830 3664 usbvideo - ok
21:32:18.0851 3664 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:32:18.0867 3664 UxSms - ok
21:32:18.0928 3664 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:32:18.0984 3664 vds - ok
21:32:19.0034 3664 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:19.0053 3664 vga - ok
21:32:19.0071 3664 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:32:19.0093 3664 VgaSave - ok
21:32:19.0146 3664 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:32:19.0156 3664 viaagp - ok
21:32:19.0260 3664 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:32:19.0297 3664 ViaC7 - ok
21:32:19.0325 3664 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:32:19.0335 3664 viaide - ok
21:32:19.0349 3664 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:32:19.0372 3664 volmgr - ok
21:32:19.0421 3664 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:32:19.0449 3664 volmgrx - ok
21:32:19.0506 3664 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:32:19.0526 3664 volsnap - ok
21:32:19.0547 3664 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:32:19.0566 3664 vsmraid - ok
21:32:19.0754 3664 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:32:19.0811 3664 VSS - ok
21:32:19.0976 3664 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
21:32:20.0024 3664 vToolbarUpdater12.1.5 - ok
21:32:20.0444 3664 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:32:20.0473 3664 W32Time - ok
21:32:20.0511 3664 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:32:20.0584 3664 WacomPen - ok
21:32:20.0605 3664 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:20.0658 3664 Wanarp - ok
21:32:20.0661 3664 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:20.0675 3664 Wanarpv6 - ok
21:32:20.0723 3664 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:32:20.0753 3664 wcncsvc - ok
21:32:20.0780 3664 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:32:20.0837 3664 WcsPlugInService - ok
21:32:20.0849 3664 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:32:20.0859 3664 Wd - ok
21:32:20.0931 3664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:32:20.0960 3664 Wdf01000 - ok
21:32:20.0988 3664 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:32:21.0013 3664 WdiServiceHost - ok
21:32:21.0015 3664 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:32:21.0035 3664 WdiSystemHost - ok
21:32:21.0064 3664 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:32:21.0087 3664 WebClient - ok
21:32:21.0117 3664 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:32:21.0160 3664 Wecsvc - ok
21:32:21.0175 3664 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:32:21.0192 3664 wercplsupport - ok
21:32:21.0235 3664 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:32:21.0258 3664 WerSvc - ok
21:32:21.0313 3664 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:32:21.0332 3664 WinDefend - ok
21:32:21.0336 3664 WinHttpAutoProxySvc - ok
21:32:21.0381 3664 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:32:21.0402 3664 Winmgmt - ok
21:32:21.0706 3664 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:32:21.0771 3664 WinRM - ok
21:32:21.0829 3664 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:32:21.0906 3664 Wlansvc - ok
21:32:21.0975 3664 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:32:21.0990 3664 WmiAcpi - ok
21:32:22.0057 3664 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:32:22.0080 3664 wmiApSrv - ok
21:32:22.0606 3664 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:32:22.0637 3664 WMPNetworkSvc - ok
21:32:22.0671 3664 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:32:22.0714 3664 WPCSvc - ok
21:32:22.0740 3664 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:32:22.0763 3664 WPDBusEnum - ok
21:32:23.0075 3664 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:32:23.0109 3664 WPFFontCache_v0400 - ok
21:32:23.0170 3664 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:32:23.0189 3664 ws2ifsl - ok
21:32:23.0222 3664 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
21:32:23.0272 3664 wscsvc - ok
21:32:23.0275 3664 WSearch - ok
21:32:24.0035 3664 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:32:24.0113 3664 wuauserv - ok
21:32:24.0529 3664 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:24.0548 3664 WUDFRd - ok
21:32:24.0579 3664 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:32:24.0636 3664 wudfsvc - ok
21:32:24.0655 3664 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:32:26.0325 3664 \Device\Harddisk0\DR0 - ok
21:32:26.0352 3664 Boot (0x1200) (d9a55d68c7e9e6b86756e4877ae8e065) \Device\Harddisk0\DR0\Partition0
21:32:26.0357 3664 \Device\Harddisk0\DR0\Partition0 - ok
21:32:26.0372 3664 Boot (0x1200) (293527aaab9e95b7360bab10bfdfa242) \Device\Harddisk0\DR0\Partition1
21:32:26.0377 3664 \Device\Harddisk0\DR0\Partition1 - ok
21:32:26.0413 3664 Boot (0x1200) (03411e8353c30d403529d34bd3f45e6e) \Device\Harddisk0\DR0\Partition2
21:32:26.0416 3664 \Device\Harddisk0\DR0\Partition2 - ok
21:32:26.0448 3664 Boot (0x1200) (6cd3b614640d21d25991a70cc7754fc1) \Device\Harddisk0\DR0\Partition3
21:32:26.0451 3664 \Device\Harddisk0\DR0\Partition3 - ok
21:32:26.0452 3664 ============================================================
21:32:26.0452 3664 Scan finished
21:32:26.0452 3664 ============================================================
21:32:26.0459 3088 Detected object count: 1
21:32:26.0459 3088 Actual detected object count: 1
21:32:58.0603 3088 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:58.0603 3088 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Lg Manu |
|
01.08.2012, 11:06
| #20 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach?Zitat:
Das Hauptverzeichnis von C: ist auch nicht dafür gedacht, irgendwelche Benutzerdateien zu speichern! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 15:52
| #21 |
| | Virus verschwindet einfach? Kleines Problem: Ich musste den AVG wieder deinstallieren da ich ihn wieder nicht deaktivieren konnte. Habe nur die "Installationsdatei" da gelassen, damit ich ihn nicht jedes mal neu runterladen muss, da hat Combofix aber gemeckert, dass AVG aktiv sei. Habe diese nun auch gelöscht, Combofix gibt aber immer noch das selbe Problem an.. Ist das die gemeinte Warnmeldung? Lg Manu Edit: vergiss es, hat sich erledigt-Neustart wäre sinnvoll nach einer Deinstallation -.- So, das Combofix-Log: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-31.03 - Manuela 02.08.2012 17:00:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2552 [GMT 2:00]
ausgeführt von:: C:\Users\Manuela\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\avira_free_antivirus_de12001125.exe
((((((((((((((((((((((( Dateien erstellt von 2012-07-02 bis 2012-08-02 ))))))))))))))))))))))))))))))
2012-08-02 15:03:48 . 2012-08-02 15:03:52 -------- d-----w- C:\Users\Manuela\AppData\Local\temp
2012-08-02 15:03:48 . 2012-08-02 15:03:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-30 18:52:57 . 2012-07-30 18:52:57 -------- d-----w- C:\_OTL
2012-07-28 12:17:26 . 2012-07-28 12:17:26 -------- d-----w- C:\Program Files\ESET
2012-07-28 11:42:26 . 2012-07-16 00:41:42 6891424 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF78A69B-52F8-4CA6-8941-315E0D90DD1A}\mpengine.dll
2012-07-28 11:26:41 . 2012-07-28 11:26:41 -------- d-----w- C:\Users\Manuela\AppData\Roaming\Malwarebytes
2012-07-28 11:26:13 . 2012-07-28 11:26:14 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-28 11:26:13 . 2012-07-28 11:26:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-28 11:26:13 . 2012-07-03 11:46:44 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-14 16:07:04 . 2012-06-13 13:40:21 2047488 ----a-w- C:\Windows\system32\win32k.sys
2012-07-14 15:11:50 . 2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\system32\msxml6.dll
2012-07-14 15:11:50 . 2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\system32\msxml3.dll
2012-07-14 15:11:50 . 2012-06-05 16:47:10 708608 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-14 15:11:49 . 2012-06-04 15:26:04 440704 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-07-14 15:11:49 . 2012-06-02 00:04:25 278528 ----a-w- C:\Windows\system32\schannel.dll
2012-07-14 15:11:49 . 2012-06-02 00:03:42 204288 ----a-w- C:\Windows\system32\ncrypt.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-07-27 17:00:20 . 2012-05-04 15:49:24 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-07-27 17:00:20 . 2011-06-13 15:45:22 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 15:43:18 . 2012-06-16 15:43:18 44384 ----a-w- C:\Windows\system32\drivers\tifsfilt.sys
2012-06-16 15:43:18 . 2012-06-16 15:43:18 441760 ----a-w- C:\Windows\system32\drivers\timntr.sys
2012-06-16 15:43:03 . 2012-06-16 15:43:03 129248 ----a-w- C:\Windows\system32\drivers\snapman.sys
2012-06-16 15:43:01 . 2012-06-16 15:43:01 368736 ----a-w- C:\Windows\system32\drivers\tdrpman.sys
2012-06-12 18:11:37 . 2012-06-12 18:11:37 348160 ----a-w- C:\Windows\system32\msvcr71.dll
2012-06-12 18:11:37 . 2012-06-12 18:11:37 1700352 ----a-w- C:\Windows\system32\gdiplus.dll
2012-06-12 18:11:37 . 2012-06-12 18:11:37 1060864 ----a-w- C:\Windows\system32\mfc71.dll
2012-06-02 22:19:33 . 2012-06-22 14:46:23 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:33 . 2012-06-22 14:46:23 45080 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:32 . 2012-06-22 14:46:11 35864 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:23 . 2012-06-22 14:46:11 577048 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:19:17 . 2012-06-22 14:46:23 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:12:32 . 2012-06-22 14:46:23 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:12:13 . 2012-06-22 14:46:11 88576 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-02 13:19:42 . 2012-06-22 14:46:07 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 13:12:20 . 2012-06-22 14:46:07 33792 ----a-w- C:\Windows\system32\wuapp.exe
2012-05-31 10:25:14 . 2011-06-13 07:33:25 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-05-29 11:17:02 . 2012-05-29 11:17:02 1461960 ----a-w- C:\Windows\system32\WdfCoInstaller01009.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 15:34:30 6724128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 00:41:12 49208]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 03:05:18 2622232]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 03:08:48 907040]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 00:55:30 140568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2133016117-2134235768-880521831-1000]
"EnableNotificationsRef"=dword:00000001
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Inhalt des "geplante Tasks" Ordners
2012-08-02 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 15:49:24 . 2012-07-27 17:00:20]
2012-08-02 C:\Windows\Tasks\HP Photo Creations Messager.job
- C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11:00 . 2011-02-15 10:11:00]
------- Zusätzlicher Suchlauf -------
TCP: DhcpNameServer = 80.69.100.102 80.69.100.214
Allerdings weiß ich nicht, ob er jetzt fertig war. War während dem Scan eine rauchen und als ich wiederkam musste ich mich neu anmelden und hatte anschließend folgende Meldung: Code:
ATTFilter Windows wird nach unerwartetem Herunterfahren wieder ausgeführt
Dazu gab es folgende Problembeschreibung: Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 826BA18C
BCP3: 80F429BC
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini080212-01.dmp
C:\Users\Manuela\AppData\Local\temp\WER-118077-0.sysdata.xml
C:\Users\Manuela\AppData\Local\temp\WERF7E5.tmp.version.txt
Lesen Sie unsere Datenschutzrichtlinie:
hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407
EDIT: Hab das Log mit dem von anderen Verglichen und habe selbst festgestellt, dass es wohl nicht fertig war  Hab das ganze nochmal gemacht: Code:
ATTFilter Combofix Logfile: --- --- --- |
|
03.08.2012, 14:49
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 18:19
| #23 |
| | Virus verschwindet einfach? So, hier erstmal Gmer, Osam mach ich gleich im Anschluss: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 19:18:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000333AS rev.BD15
Running: xwk13lr8.exe; Driver: C:\Users\Manuela\AppData\Local\Temp\uxdiifog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x81FC9004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x81FC90D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x81FC8D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x81FC8E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x81FC8EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x81FC8F56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3BD 826F8A80 8 Bytes [04, 90, FC, 81, D4, 90, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 826F8AB4 4 Bytes [76, 8D, FC, 81]
.text ntkrnlpa.exe!KeSetEvent + 621 826F8CE4 8 Bytes [1E, 8E, FC, 81, BA, 8E, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 826F8D44 4 Bytes [56, 8F, FC, 81]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74987817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749CB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7498BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7497F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7497E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749B73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7498DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7497FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7497FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7497D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74976853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7497687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74982AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- EOF - GMER 1.0.15 ----
Lg Manu Hier OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:26:25 on 03.08.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 12.00 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe [Common] -----( %SystemRoot%\Tasks )----- "HP Photo Creations Messager.job" - ? - C:\ProgramData\HP Photo Creations\MessageCheck.exe (File found, but it contains no detailed information) "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - P:\Basic\OFFICE~1\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys "Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpman.sys "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys "AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys "AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsdriverx.sys "AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsfilterx.sys "AVGIDSHX" (AVGIDSHX) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidshx.sys "AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\avgidsshimx.sys "avgtp" (avgtp) - "AVG Technologies" - C:\Windows\system32\drivers\avgtpx86.sys "catchme" (catchme) - ? - C:\Users\Manuela\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "uxdiifog" (uxdiifog) - ? - C:\Users\Manuela\AppData\Local\Temp\uxdiifog.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - ? - (File not found | COM-object registry key not found) {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgse.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - P:\Basic\Office 2007\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - P:\Basic\OFFICE~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - P:\Basic\OFFICE~1\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - P:\Systemwartung\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - P:\Basic\Winrar\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgdtiex.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgdtiex.dll {95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe "AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Program Files\AVG\AVG2012\avgtray.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe "vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Discovery Port Monitor (HP Photosmart 5510d series)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPMb411.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Acronis Try And Decide Service" (TryAndDecideService) - ? - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (File found, but it contains no detailed information) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgidsagent.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe "BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "vToolbarUpdater12.1.5" (vToolbarUpdater12.1.5) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Und das letzte: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 19:29:59
-----------------------------
19:29:59.455 OS Version: Windows 6.0.6002 Service Pack 2
19:29:59.456 Number of processors: 2 586 0x170A
19:29:59.457 ComputerName: MANUELA-PC UserName: Manuela
19:30:00.587 Initialize success
19:31:29.090 AVAST engine defs: 12080300
19:31:42.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:31:42.963 Disk 0 Vendor: ST31000333AS BD15 Size: 953869MB BusType: 3
19:31:43.200 Disk 0 MBR read successfully
19:31:43.205 Disk 0 MBR scan
19:31:43.208 Disk 0 Windows VISTA default MBR code
19:31:43.327 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 267767 MB offset 2048
19:31:43.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 300000 MB offset 548390912
19:31:43.446 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 365616 MB offset 1162790912
19:31:43.450 Disk 0 Partition - 00 0F Extended LBA 20482 MB offset 1911572480
19:31:43.547 Disk 0 Partition 4 00 0B FAT32 MSDOS5.0 20482 MB offset 1911572543
19:31:43.674 Disk 0 scanning sectors +1953520065
19:31:44.062 Disk 0 scanning C:\Windows\system32\drivers
19:32:41.105 Service scanning
19:32:54.929 Modules scanning
19:33:56.214 Disk 0 trace - called modules:
19:33:56.270 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:33:56.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863b9ac8]
19:33:56.277 3 CLASSPNP.SYS[8b3a28b3] -> nt!IofCallDriver -> [0x85aea918]
19:33:56.280 5 acpi.sys[8068a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85158b98]
19:33:57.329 AVAST engine scan C:\Windows
19:35:00.164 AVAST engine scan C:\Windows\system32
19:42:56.746 AVAST engine scan C:\Windows\system32\drivers
19:43:07.357 AVAST engine scan C:\Users\Manuela
19:43:52.799 AVAST engine scan C:\ProgramData
19:44:43.871 Scan finished successfully
19:45:26.867 Disk 0 MBR has been saved successfully to "C:\Users\Manuela\Desktop\MBR.dat"
19:45:26.871 The log file has been saved successfully to "C:\Users\Manuela\Desktop\aswMBR.txt"
Geändert von MLike (03.08.2012 um 18:26 Uhr) |
|
03.08.2012, 20:50
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 11:11
| #25 |
| | Virus verschwindet einfach? Hier erstmal das Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Manuela :: MANUELA-PC [Administrator] 04.08.2012 11:13:39 mbam-log-2012-08-04 (11-13-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|P:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 303023 Laufzeit: 56 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Lg Manu So, und hier nun das letzte Log von superantispyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/04/2012 at 01:06 PM
Application Version : 5.5.1012
Core Rules Database Version : 9011
Trace Rules Database Version: 6823
Scan type : Complete Scan
Total Scan Time : 00:48:12
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 33963
Registry threats detected : 0
File items scanned : 126033
File threats detected : 4
Adware.Tracking Cookie
C:\USERS\MANUELA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1J14O1GZ.txt [ Cookie:manuela@c.atdmt.com/ ]
C:\USERS\MANUELA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EYT7U4D.txt [ Cookie:manuela@atdmt.com/ ]
delivery.ibanner.de [ P:\SICHERUNG\USERS\MANUELA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CFDCJG3V ]
imagesrv.adition.com [ P:\SICHERUNG\USERS\MANUELA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CFDCJG3V ]
|
|
04.08.2012, 14:34
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 14:41
| #27 |
| | Virus verschwindet einfach? Dankeschön für die Info, werde auf jeden Fall Einstallungen ändern An sich keine Probleme außer eben dass selbst die neu installierte AVG-Version Probleme macht, wenn ich sie für einen Moment deaktivieren möchte. Aber denke da werde ich einfach nochmal sauber deinstallieren und mal von ner anderen Seite als chip runterladen. Wegen dem anderen Problem wegen bootcd werde ich dann ein neues Thema im geeigneten Forum erstellen. Bin ich nun entlassen und sauber und kann die Programme alle wieder deinstallieren? Lg Manu |
|
04.08.2012, 18:26
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus verschwindet einfach? Statt AVG kannst du doch einfach einen anderen Virenscanner nehmen. Avast oder MSE als Beispiel Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 19:30
| #29 |
| | Virus verschwindet einfach? Super Vielen herzlichen Dank für deine Unterstützung und die vielen Tipps.. Hoffe ich fange mir so schnell nichts mehr ein!  Lg Manu |
|
| Themen zu Virus verschwindet einfach? |
| avg, betriebssystem, boot-cd, dateien, einfach, fehler, fehlermeldungen, file, funktioniert, funktioniert nicht, funktioniert nicht mehr, hallo zusammen, infizierte datei, komische, laden, manager, neu, nicht mehr, plötzlich, problem, quarantäne, scan, scanner, schließen, seite, virenquarantäne, virenscanner, virus, windows |
Linear-Darstellung
