| |
| |||||||
Log-Analyse und Auswertung: ATRAPS.gen2 von AVIRA gemeldetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2012, 22:11
| #1 |
| |  ATRAPS.gen2 von AVIRA gemeldet Hallo, wie schon einige vor mir, hat es mich heute auch mit atraps.gen und atraps.gen2 erwischt. Wäre nett, wenn ihr mir helfen könntet das Ding wieder loszuwerden. Hab schon mal die von euch empfohlenen Scans gemacht, die Logdateien häng ich an.  |
|
31.12.2012, 12:16
| #2 | ||
| /// TB-Ausbilder  | ATRAPS.gen2 von AVIRA gemeldet
 Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
31.12.2012, 16:30
| #3 |
| | ATRAPS.gen2 von AVIRA gemeldet Vielen Dank für die Unterstützung, ich will zumindest versuchen, das Ding wieder sauber zu kriegen. Hier schon mal die Logdateien:
__________________Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:04 on 31/12/2012 (Alle)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 13:34:22
-----------------------------
13:34:22.569 OS Version: Windows 6.0.6002 Service Pack 2
13:34:22.569 Number of processors: 2 586 0x1706
13:34:22.585 ComputerName: ALLE-PC UserName: Alle
13:34:23.724 Initialize success
13:34:29.854 AVAST engine defs: 12123100
13:34:36.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:34:36.906 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 3
13:34:36.984 Disk 0 MBR read successfully
13:34:36.999 Disk 0 MBR scan
13:34:36.999 Disk 0 Windows VISTA default MBR code
13:34:37.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 589987 MB offset 2048
13:34:37.030 Disk 0 Partition - 00 0F Extended LBA 20489 MB offset 1208296782
13:34:37.062 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20489 MB offset 1208296845
13:34:37.155 Disk 0 scanning sectors +1250258625
13:34:37.296 Disk 0 scanning C:\Windows\system32\drivers
13:35:01.335 Service scanning
13:35:26.404 Modules scanning
13:35:41.162 Disk 0 trace - called modules:
13:35:41.692 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:35:41.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86034a58]
13:35:41.692 3 CLASSPNP.SYS[8a7a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84782028]
13:35:43.315 AVAST engine scan C:\Windows
13:36:11.894 AVAST engine scan C:\Windows\system32
13:42:57.510 AVAST engine scan C:\Windows\system32\drivers
13:43:56.946 AVAST engine scan C:\Users\Alle
14:22:34.014 File: C:\Users\Alle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\100a65fb-711422d7 **INFECTED** Win32:Zbot-QGO [Trj]
14:46:08.013 AVAST engine scan C:\ProgramData
14:51:34.022 Scan finished successfully
15:05:42.428 Disk 0 MBR has been saved successfully to "C:\Users\Alle\Desktop\MBR.dat"
15:05:42.444 The log file has been saved successfully to "C:\Users\Alle\Desktop\aswMBR.txt"
Code:
ATTFilter 15:09:04.0833 3556 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:09:06.0861 3556 ============================================================
15:09:06.0861 3556 Current date / time: 2012/12/31 15:09:06.0861
15:09:06.0861 3556 SystemInfo:
15:09:06.0861 3556
15:09:06.0861 3556 OS Version: 6.0.6002 ServicePack: 2.0
15:09:06.0861 3556 Product type: Workstation
15:09:06.0861 3556 ComputerName: ALLE-PC
15:09:06.0861 3556 UserName: Alle
15:09:06.0861 3556 Windows directory: C:\Windows
15:09:06.0861 3556 System windows directory: C:\Windows
15:09:06.0861 3556 Processor architecture: Intel x86
15:09:06.0861 3556 Number of processors: 2
15:09:06.0861 3556 Page size: 0x1000
15:09:06.0861 3556 Boot type: Normal boot
15:09:06.0861 3556 ============================================================
15:09:07.0329 3556 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:09:07.0407 3556 ============================================================
15:09:07.0407 3556 \Device\Harddisk0\DR0:
15:09:07.0407 3556 MBR partitions:
15:09:07.0407 3556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48051800
15:09:07.0423 3556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x4805258D, BlocksNum 0x2804934
15:09:07.0423 3556 ============================================================
15:09:07.0454 3556 C: <-> \Device\Harddisk0\DR0\Partition1
15:09:07.0485 3556 D: <-> \Device\Harddisk0\DR0\Partition2
15:09:07.0485 3556 ============================================================
15:09:07.0485 3556 Initialize success
15:09:07.0485 3556 ============================================================
15:09:36.0064 4908 ============================================================
15:09:36.0064 4908 Scan started
15:09:36.0064 4908 Mode: Manual; TDLFS;
15:09:36.0064 4908 ============================================================
15:09:36.0408 4908 ================ Scan system memory ========================
15:09:36.0408 4908 System memory - ok
15:09:36.0408 4908 ================ Scan services =============================
15:09:36.0564 4908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:09:36.0564 4908 ACPI - ok
15:09:36.0673 4908 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:09:36.0688 4908 AdobeARMservice - ok
15:09:36.0735 4908 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:09:36.0735 4908 AdobeFlashPlayerUpdateSvc - ok
15:09:36.0782 4908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:09:36.0782 4908 adp94xx - ok
15:09:36.0813 4908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:09:36.0813 4908 adpahci - ok
15:09:36.0829 4908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:09:36.0829 4908 adpu160m - ok
15:09:36.0860 4908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:09:36.0860 4908 adpu320 - ok
15:09:36.0907 4908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:09:36.0907 4908 AeLookupSvc - ok
15:09:36.0954 4908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:09:36.0954 4908 AFD - ok
15:09:36.0985 4908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:09:36.0985 4908 agp440 - ok
15:09:37.0016 4908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:09:37.0016 4908 aic78xx - ok
15:09:37.0032 4908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:09:37.0032 4908 ALG - ok
15:09:37.0047 4908 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:09:37.0047 4908 aliide - ok
15:09:37.0078 4908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:09:37.0078 4908 amdagp - ok
15:09:37.0094 4908 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:09:37.0094 4908 amdide - ok
15:09:37.0125 4908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:09:37.0125 4908 AmdK7 - ok
15:09:37.0141 4908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:09:37.0141 4908 AmdK8 - ok
15:09:37.0250 4908 [ BCD725206E7CBBF253F326202244A125 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
15:09:37.0250 4908 AntiVirFirewallService - ok
15:09:37.0312 4908 [ FCAE7984609FD0662B48D64603D1DAFF ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
15:09:37.0328 4908 AntiVirMailService - ok
15:09:37.0406 4908 [ FBF39613CA267F851186F93180AE2ED4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:09:37.0406 4908 AntiVirSchedulerService - ok
15:09:37.0453 4908 [ 476750076D102DC5F5B45ECE3C676853 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:09:37.0453 4908 AntiVirService - ok
15:09:37.0500 4908 [ E95B3655198C4DD65A7031EF8358CEF8 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:09:37.0531 4908 AntiVirWebService - ok
15:09:37.0578 4908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:09:37.0578 4908 Appinfo - ok
15:09:37.0593 4908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:09:37.0593 4908 arc - ok
15:09:37.0624 4908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:09:37.0624 4908 arcsas - ok
15:09:37.0734 4908 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:09:37.0749 4908 aspnet_state - ok
15:09:37.0780 4908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:37.0780 4908 AsyncMac - ok
15:09:37.0796 4908 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
15:09:37.0796 4908 atapi - ok
15:09:37.0843 4908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:09:37.0843 4908 AudioEndpointBuilder - ok
15:09:37.0874 4908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:09:37.0874 4908 Audiosrv - ok
15:09:37.0921 4908 [ 0CC858D7AC36411E786ED0E0E69A4301 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
15:09:37.0921 4908 avfwim - ok
15:09:37.0983 4908 [ 76AD8733C1AA8AEA4CD678DCE886D701 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
15:09:37.0983 4908 avfwot - ok
15:09:38.0046 4908 [ 2060DAAC61CC3F65B6517CE840E4F6DA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:09:38.0046 4908 avgntflt - ok
15:09:38.0077 4908 [ F3AF2B17AE92A378979ADD8D6981E818 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:09:38.0077 4908 avipbb - ok
15:09:38.0092 4908 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:09:38.0092 4908 avkmgr - ok
15:09:38.0139 4908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:09:38.0139 4908 Beep - ok
15:09:38.0202 4908 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:09:38.0217 4908 BITS - ok
15:09:38.0248 4908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:09:38.0248 4908 blbdrive - ok
15:09:38.0358 4908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:09:38.0358 4908 Bonjour Service - ok
15:09:38.0404 4908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:09:38.0404 4908 bowser - ok
15:09:38.0451 4908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:09:38.0451 4908 BrFiltLo - ok
15:09:38.0467 4908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:09:38.0467 4908 BrFiltUp - ok
15:09:38.0498 4908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:09:38.0498 4908 Browser - ok
15:09:38.0545 4908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:09:38.0545 4908 Brserid - ok
15:09:38.0560 4908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:09:38.0560 4908 BrSerWdm - ok
15:09:38.0576 4908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:09:38.0576 4908 BrUsbMdm - ok
15:09:38.0592 4908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:09:38.0592 4908 BrUsbSer - ok
15:09:38.0607 4908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:09:38.0623 4908 BTHMODEM - ok
15:09:38.0654 4908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:09:38.0654 4908 cdfs - ok
15:09:38.0685 4908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:09:38.0685 4908 cdrom - ok
15:09:38.0732 4908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:09:38.0732 4908 CertPropSvc - ok
15:09:38.0748 4908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:09:38.0748 4908 circlass - ok
15:09:38.0794 4908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:09:38.0794 4908 CLFS - ok
15:09:38.0826 4908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:38.0857 4908 clr_optimization_v2.0.50727_32 - ok
15:09:38.0950 4908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:09:38.0950 4908 clr_optimization_v4.0.30319_32 - ok
15:09:38.0982 4908 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:09:38.0982 4908 cmdide - ok
15:09:38.0982 4908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:09:38.0982 4908 Compbatt - ok
15:09:38.0997 4908 COMSysApp - ok
15:09:38.0997 4908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:09:38.0997 4908 crcdisk - ok
15:09:39.0028 4908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:09:39.0028 4908 Crusoe - ok
15:09:39.0060 4908 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:09:39.0060 4908 CryptSvc - ok
15:09:39.0122 4908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:09:39.0138 4908 DcomLaunch - ok
15:09:39.0184 4908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:09:39.0184 4908 DfsC - ok
15:09:39.0262 4908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:09:39.0325 4908 DFSR - ok
15:09:39.0387 4908 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:09:39.0387 4908 dg_ssudbus - ok
15:09:39.0434 4908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:09:39.0434 4908 Dhcp - ok
15:09:39.0481 4908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:09:39.0481 4908 disk - ok
15:09:39.0512 4908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:09:39.0512 4908 Dnscache - ok
15:09:39.0574 4908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:09:39.0574 4908 dot3svc - ok
15:09:39.0621 4908 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:09:39.0637 4908 Dot4 - ok
15:09:39.0684 4908 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:09:39.0684 4908 Dot4Print - ok
15:09:39.0715 4908 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:09:39.0715 4908 dot4usb - ok
15:09:39.0746 4908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:09:39.0746 4908 DPS - ok
15:09:39.0793 4908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:09:39.0793 4908 drmkaud - ok
15:09:39.0824 4908 [ E577B5C4A6BE078E5445CDCFB65BE7AB ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys
15:09:39.0824 4908 DslMNLwf - ok
15:09:39.0871 4908 [ C6B2E10CFE79169C72F0269087B9A603 ] dsltestSp5 C:\Windows\system32\Drivers\dsltestSp5.sys
15:09:39.0871 4908 dsltestSp5 - ok
15:09:39.0933 4908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:09:39.0949 4908 DXGKrnl - ok
15:09:40.0011 4908 [ ABFD0739BDA1A9295B872A4B27326B9C ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
15:09:40.0011 4908 e1express - ok
15:09:40.0058 4908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:09:40.0058 4908 E1G60 - ok
15:09:40.0089 4908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:09:40.0089 4908 EapHost - ok
15:09:40.0152 4908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:09:40.0152 4908 Ecache - ok
15:09:40.0198 4908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:09:40.0198 4908 ehRecvr - ok
15:09:40.0214 4908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:09:40.0214 4908 ehSched - ok
15:09:40.0230 4908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:09:40.0230 4908 ehstart - ok
15:09:40.0245 4908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:09:40.0245 4908 elxstor - ok
15:09:40.0308 4908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:09:40.0323 4908 EMDMgmt - ok
15:09:40.0339 4908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:09:40.0339 4908 ErrDev - ok
15:09:40.0386 4908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:09:40.0401 4908 EventSystem - ok
15:09:40.0432 4908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:09:40.0448 4908 exfat - ok
15:09:40.0526 4908 Fabs - ok
15:09:40.0542 4908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:09:40.0542 4908 fastfat - ok
15:09:40.0573 4908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:09:40.0573 4908 fdc - ok
15:09:40.0604 4908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:09:40.0604 4908 fdPHost - ok
15:09:40.0620 4908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:09:40.0620 4908 FDResPub - ok
15:09:40.0651 4908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:09:40.0651 4908 FileInfo - ok
15:09:40.0666 4908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:09:40.0666 4908 Filetrace - ok
15:09:40.0760 4908 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:09:40.0838 4908 FirebirdServerMAGIXInstance - ok
15:09:40.0854 4908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:40.0854 4908 flpydisk - ok
15:09:40.0900 4908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:09:40.0900 4908 FltMgr - ok
15:09:40.0978 4908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:09:40.0994 4908 FontCache - ok
15:09:41.0072 4908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:09:41.0072 4908 FontCache3.0.0.0 - ok
15:09:41.0088 4908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:09:41.0088 4908 Fs_Rec - ok
15:09:41.0103 4908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:09:41.0119 4908 gagp30kx - ok
15:09:41.0197 4908 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:09:41.0197 4908 GoogleDesktopManager-051210-111108 - ok
15:09:41.0259 4908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:09:41.0259 4908 gpsvc - ok
15:09:41.0368 4908 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:41.0368 4908 gupdate - ok
15:09:41.0368 4908 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:41.0368 4908 gupdatem - ok
15:09:41.0431 4908 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:09:41.0446 4908 gusvc - ok
15:09:41.0493 4908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:09:41.0509 4908 HdAudAddService - ok
15:09:41.0540 4908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:09:41.0571 4908 HDAudBus - ok
15:09:41.0602 4908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:09:41.0602 4908 HidBth - ok
15:09:41.0618 4908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:09:41.0618 4908 HidIr - ok
15:09:41.0649 4908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:09:41.0649 4908 hidserv - ok
15:09:41.0696 4908 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:09:41.0696 4908 HidUsb - ok
15:09:41.0727 4908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:09:41.0727 4908 hkmsvc - ok
15:09:41.0743 4908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:09:41.0743 4908 HpCISSs - ok
15:09:41.0883 4908 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:09:41.0883 4908 hpqcxs08 - ok
15:09:41.0914 4908 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:09:41.0914 4908 hpqddsvc - ok
15:09:41.0961 4908 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:09:41.0961 4908 HTTP - ok
15:09:41.0992 4908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:09:41.0992 4908 i2omp - ok
15:09:42.0039 4908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:09:42.0039 4908 i8042prt - ok
15:09:42.0086 4908 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:09:42.0086 4908 IAANTMON - ok
15:09:42.0102 4908 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:09:42.0102 4908 iaStor - ok
15:09:42.0133 4908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:09:42.0148 4908 iaStorV - ok
15:09:42.0242 4908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:09:42.0273 4908 idsvc - ok
15:09:42.0304 4908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:09:42.0320 4908 iirsp - ok
15:09:42.0382 4908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:09:42.0382 4908 IKEEXT - ok
15:09:42.0476 4908 [ 219CA9A36D6DE2EC04F958C907673436 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:09:42.0538 4908 IntcAzAudAddService - ok
15:09:42.0554 4908 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:09:42.0554 4908 intelide - ok
15:09:42.0601 4908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:09:42.0601 4908 intelppm - ok
15:09:42.0616 4908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:09:42.0616 4908 IPBusEnum - ok
15:09:42.0648 4908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:42.0648 4908 IpFilterDriver - ok
15:09:42.0648 4908 IpInIp - ok
15:09:42.0694 4908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:09:42.0694 4908 IPMIDRV - ok
15:09:42.0710 4908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:09:42.0710 4908 IPNAT - ok
15:09:42.0726 4908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:09:42.0726 4908 IRENUM - ok
15:09:42.0757 4908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:09:42.0757 4908 isapnp - ok
15:09:42.0772 4908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:09:42.0772 4908 iScsiPrt - ok
15:09:42.0804 4908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:09:42.0804 4908 iteatapi - ok
15:09:42.0850 4908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:09:42.0850 4908 iteraid - ok
15:09:42.0866 4908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:09:42.0866 4908 kbdclass - ok
15:09:42.0913 4908 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:09:42.0913 4908 kbdhid - ok
15:09:42.0944 4908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:09:42.0944 4908 KeyIso - ok
15:09:42.0975 4908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:09:42.0991 4908 KSecDD - ok
15:09:43.0022 4908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:09:43.0038 4908 KtmRm - ok
15:09:43.0069 4908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:09:43.0069 4908 LanmanServer - ok
15:09:43.0100 4908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:09:43.0116 4908 LanmanWorkstation - ok
15:09:43.0116 4908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:09:43.0116 4908 lltdio - ok
15:09:43.0162 4908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:09:43.0162 4908 lltdsvc - ok
15:09:43.0178 4908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:09:43.0178 4908 lmhosts - ok
15:09:43.0194 4908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:09:43.0209 4908 LSI_FC - ok
15:09:43.0225 4908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:09:43.0225 4908 LSI_SAS - ok
15:09:43.0256 4908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:09:43.0272 4908 LSI_SCSI - ok
15:09:43.0287 4908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:09:43.0287 4908 luafv - ok
15:09:43.0318 4908 massfilter - ok
15:09:43.0365 4908 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:09:43.0365 4908 MBAMProtector - ok
15:09:43.0412 4908 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:09:43.0428 4908 MBAMScheduler - ok
15:09:43.0459 4908 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:09:43.0474 4908 MBAMService - ok
15:09:43.0506 4908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:09:43.0506 4908 Mcx2Svc - ok
15:09:43.0537 4908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:09:43.0537 4908 megasas - ok
15:09:43.0584 4908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:09:43.0599 4908 MegaSR - ok
15:09:43.0615 4908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:09:43.0615 4908 MMCSS - ok
15:09:43.0646 4908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:09:43.0646 4908 Modem - ok
15:09:43.0662 4908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:09:43.0662 4908 monitor - ok
15:09:43.0677 4908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:09:43.0677 4908 mouclass - ok
15:09:43.0693 4908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:09:43.0693 4908 mouhid - ok
15:09:43.0708 4908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:09:43.0708 4908 MountMgr - ok
15:09:43.0755 4908 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:09:43.0771 4908 MozillaMaintenance - ok
15:09:43.0802 4908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:09:43.0802 4908 mpio - ok
15:09:43.0833 4908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:09:43.0833 4908 mpsdrv - ok
15:09:43.0864 4908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:09:43.0864 4908 Mraid35x - ok
15:09:43.0896 4908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:09:43.0896 4908 MRxDAV - ok
15:09:43.0942 4908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:09:43.0942 4908 mrxsmb - ok
15:09:43.0958 4908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:09:43.0974 4908 mrxsmb10 - ok
15:09:43.0989 4908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:09:43.0989 4908 mrxsmb20 - ok
15:09:44.0020 4908 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:09:44.0020 4908 msahci - ok
15:09:44.0036 4908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:09:44.0036 4908 msdsm - ok
15:09:44.0052 4908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:09:44.0067 4908 MSDTC - ok
15:09:44.0098 4908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:09:44.0098 4908 Msfs - ok
15:09:44.0130 4908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:09:44.0130 4908 msisadrv - ok
15:09:44.0161 4908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:09:44.0161 4908 MSiSCSI - ok
15:09:44.0176 4908 msiserver - ok
15:09:44.0208 4908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:09:44.0208 4908 MSKSSRV - ok
15:09:44.0239 4908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:09:44.0239 4908 MSPCLOCK - ok
15:09:44.0254 4908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:09:44.0254 4908 MSPQM - ok
15:09:44.0270 4908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:09:44.0270 4908 MsRPC - ok
15:09:44.0286 4908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:09:44.0286 4908 mssmbios - ok
15:09:44.0301 4908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:09:44.0301 4908 MSTEE - ok
15:09:44.0395 4908 [ 036300114255B3C78BFB616CE8BC7AD9 ] MTOnlPktAlyX C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
15:09:44.0395 4908 MTOnlPktAlyX - ok
15:09:44.0426 4908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:09:44.0426 4908 Mup - ok
15:09:44.0457 4908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:09:44.0457 4908 napagent - ok
15:09:44.0504 4908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:09:44.0504 4908 NativeWifiP - ok
15:09:44.0535 4908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:09:44.0566 4908 NDIS - ok
15:09:44.0598 4908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:09:44.0598 4908 NdisTapi - ok
15:09:44.0613 4908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:09:44.0613 4908 Ndisuio - ok
15:09:44.0660 4908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:09:44.0660 4908 NdisWan - ok
15:09:44.0676 4908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:09:44.0691 4908 NDProxy - ok
15:09:44.0738 4908 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
15:09:44.0785 4908 Nero BackItUp Scheduler 3 - ok
15:09:44.0847 4908 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:09:44.0847 4908 Net Driver HPZ12 - ok
15:09:44.0863 4908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:09:44.0878 4908 NetBIOS - ok
15:09:44.0956 4908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:09:44.0972 4908 netbt - ok
15:09:44.0972 4908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:09:44.0972 4908 Netlogon - ok
15:09:45.0019 4908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:09:45.0066 4908 Netman - ok
15:09:45.0097 4908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:09:45.0097 4908 netprofm - ok
15:09:45.0144 4908 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:09:45.0159 4908 NetTcpPortSharing - ok
15:09:45.0300 4908 [ 9108A918F84E18915968076FFAE943E5 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
15:09:45.0346 4908 Netzmanager Service - ok
15:09:45.0362 4908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:09:45.0362 4908 nfrd960 - ok
15:09:45.0393 4908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:09:45.0393 4908 NlaSvc - ok
15:09:45.0456 4908 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
15:09:45.0471 4908 NMIndexingService - ok
15:09:45.0502 4908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:09:45.0502 4908 Npfs - ok
15:09:45.0518 4908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:09:45.0518 4908 nsi - ok
15:09:45.0518 4908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:09:45.0518 4908 nsiproxy - ok
15:09:45.0580 4908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:09:45.0612 4908 Ntfs - ok
15:09:45.0627 4908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:09:45.0627 4908 ntrigdigi - ok
15:09:45.0627 4908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:09:45.0627 4908 Null - ok
15:09:45.0814 4908 [ 440690DA4358D9682DBCC56DA7D419AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:09:45.0970 4908 nvlddmkm - ok
15:09:45.0986 4908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:09:46.0002 4908 nvraid - ok
15:09:46.0017 4908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:09:46.0017 4908 nvstor - ok
15:09:46.0033 4908 [ 11E1DC466C3E384C1A697B95DC5AA785 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:09:46.0033 4908 nvsvc - ok
15:09:46.0064 4908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:09:46.0095 4908 nv_agp - ok
15:09:46.0095 4908 NwlnkFlt - ok
15:09:46.0111 4908 NwlnkFwd - ok
15:09:46.0204 4908 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:09:46.0220 4908 odserv - ok
15:09:46.0298 4908 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:09:46.0298 4908 ohci1394 - ok
15:09:46.0329 4908 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:09:46.0329 4908 ose - ok
15:09:46.0392 4908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:09:46.0407 4908 p2pimsvc - ok
15:09:46.0423 4908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:09:46.0438 4908 p2psvc - ok
15:09:46.0454 4908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:09:46.0454 4908 Parport - ok
15:09:46.0485 4908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:09:46.0485 4908 partmgr - ok
15:09:46.0501 4908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:09:46.0516 4908 Parvdm - ok
15:09:46.0532 4908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:09:46.0532 4908 PcaSvc - ok
15:09:46.0579 4908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:09:46.0594 4908 pci - ok
15:09:46.0610 4908 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:09:46.0610 4908 pciide - ok
15:09:46.0626 4908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:09:46.0626 4908 pcmcia - ok
15:09:46.0672 4908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:09:46.0688 4908 PEAUTH - ok
15:09:46.0735 4908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:09:46.0782 4908 pla - ok
15:09:46.0813 4908 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
15:09:46.0813 4908 PLFlash DeviceIoControl Service - ok
15:09:46.0860 4908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:09:46.0860 4908 PlugPlay - ok
15:09:46.0906 4908 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:09:46.0906 4908 Pml Driver HPZ12 - ok
15:09:46.0922 4908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:09:46.0922 4908 PNRPAutoReg - ok
15:09:46.0938 4908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:09:46.0938 4908 PNRPsvc - ok
15:09:46.0984 4908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:09:46.0984 4908 PolicyAgent - ok
15:09:47.0031 4908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:09:47.0031 4908 PptpMiniport - ok
15:09:47.0062 4908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:09:47.0062 4908 Processor - ok
15:09:47.0109 4908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:09:47.0109 4908 ProfSvc - ok
15:09:47.0125 4908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:09:47.0125 4908 ProtectedStorage - ok
15:09:47.0156 4908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:09:47.0172 4908 PSched - ok
15:09:47.0218 4908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:09:47.0250 4908 ql2300 - ok
15:09:47.0296 4908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:09:47.0296 4908 ql40xx - ok
15:09:47.0328 4908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:09:47.0328 4908 QWAVE - ok
15:09:47.0343 4908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:09:47.0343 4908 QWAVEdrv - ok
15:09:47.0343 4908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:09:47.0343 4908 RasAcd - ok
15:09:47.0374 4908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:09:47.0374 4908 RasAuto - ok
15:09:47.0390 4908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:47.0390 4908 Rasl2tp - ok
15:09:47.0437 4908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:09:47.0437 4908 RasMan - ok
15:09:47.0468 4908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:47.0468 4908 RasPppoe - ok
15:09:47.0515 4908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:09:47.0515 4908 RasSstp - ok
15:09:47.0562 4908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:09:47.0562 4908 rdbss - ok
15:09:47.0577 4908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:47.0577 4908 RDPCDD - ok
15:09:47.0608 4908 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:09:47.0608 4908 rdpdr - ok
15:09:47.0608 4908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:09:47.0624 4908 RDPENCDD - ok
15:09:47.0655 4908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:09:47.0655 4908 RDPWD - ok
15:09:47.0733 4908 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
15:09:47.0733 4908 RealNetworks Downloader Resolver Service - ok
15:09:47.0764 4908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:09:47.0764 4908 RemoteAccess - ok
15:09:47.0811 4908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:09:47.0827 4908 RemoteRegistry - ok
15:09:47.0842 4908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:09:47.0842 4908 RpcLocator - ok
15:09:47.0858 4908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:09:47.0874 4908 RpcSs - ok
15:09:47.0874 4908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:09:47.0874 4908 rspndr - ok
15:09:47.0874 4908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:09:47.0874 4908 SamSs - ok
15:09:47.0905 4908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:09:47.0905 4908 sbp2port - ok
15:09:47.0936 4908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:09:47.0936 4908 SCardSvr - ok
15:09:47.0998 4908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:09:48.0014 4908 Schedule - ok
15:09:48.0045 4908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:09:48.0045 4908 SCPolicySvc - ok
15:09:48.0061 4908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:09:48.0061 4908 SDRSVC - ok
15:09:48.0092 4908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:09:48.0092 4908 secdrv - ok
15:09:48.0092 4908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:09:48.0092 4908 seclogon - ok
15:09:48.0123 4908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:09:48.0123 4908 SENS - ok
15:09:48.0139 4908 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:09:48.0154 4908 Serenum - ok
15:09:48.0154 4908 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:09:48.0154 4908 Serial - ok
15:09:48.0186 4908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:09:48.0186 4908 sermouse - ok
15:09:48.0217 4908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:09:48.0217 4908 SessionEnv - ok
15:09:48.0232 4908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:09:48.0232 4908 sffdisk - ok
15:09:48.0248 4908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:09:48.0248 4908 sffp_mmc - ok
15:09:48.0264 4908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:09:48.0264 4908 sffp_sd - ok
15:09:48.0310 4908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:09:48.0310 4908 sfloppy - ok
15:09:48.0342 4908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:09:48.0342 4908 ShellHWDetection - ok
15:09:48.0373 4908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:09:48.0373 4908 sisagp - ok
15:09:48.0388 4908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:09:48.0388 4908 SiSRaid2 - ok
15:09:48.0404 4908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:09:48.0404 4908 SiSRaid4 - ok
15:09:48.0513 4908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:09:48.0576 4908 slsvc - ok
15:09:48.0591 4908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:09:48.0591 4908 SLUINotify - ok
15:09:48.0638 4908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:09:48.0638 4908 Smb - ok
15:09:48.0654 4908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:09:48.0654 4908 SNMPTRAP - ok
15:09:48.0669 4908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:09:48.0669 4908 spldr - ok
15:09:48.0716 4908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:09:48.0716 4908 Spooler - ok
15:09:48.0763 4908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:09:48.0763 4908 srv - ok
15:09:48.0794 4908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:09:48.0810 4908 srv2 - ok
15:09:48.0841 4908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:09:48.0856 4908 srvnet - ok
15:09:48.0872 4908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:09:48.0872 4908 SSDPSRV - ok
15:09:48.0934 4908 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:09:48.0934 4908 ssmdrv - ok
15:09:48.0966 4908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:09:48.0966 4908 SstpSvc - ok
15:09:48.0997 4908 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
15:09:48.0997 4908 ssudmdm - ok
15:09:49.0090 4908 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
15:09:49.0106 4908 StarMoney 8.0 OnlineUpdate - ok
15:09:49.0168 4908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:09:49.0184 4908 stisvc - ok
15:09:49.0215 4908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:09:49.0215 4908 swenum - ok
15:09:49.0262 4908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:09:49.0278 4908 swprv - ok
15:09:49.0293 4908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:09:49.0293 4908 Symc8xx - ok
15:09:49.0324 4908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:09:49.0324 4908 Sym_hi - ok
15:09:49.0356 4908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:09:49.0356 4908 Sym_u3 - ok
15:09:49.0402 4908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:09:49.0418 4908 SysMain - ok
15:09:49.0434 4908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:09:49.0465 4908 TabletInputService - ok
15:09:49.0512 4908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:09:49.0512 4908 TapiSrv - ok
15:09:49.0527 4908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:09:49.0527 4908 TBS - ok
15:09:49.0590 4908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:09:49.0605 4908 Tcpip - ok
15:09:49.0621 4908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:09:49.0636 4908 Tcpip6 - ok
15:09:49.0683 4908 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:09:49.0683 4908 tcpipreg - ok
15:09:49.0683 4908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:09:49.0699 4908 TDPIPE - ok
15:09:49.0761 4908 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files\DSL-Manager\DslMgrSvc.exe
15:09:49.0761 4908 TDslMgrService - ok
15:09:49.0808 4908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:09:49.0808 4908 TDTCP - ok
15:09:49.0839 4908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:09:49.0855 4908 tdx - ok
15:09:49.0948 4908 [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
15:09:49.0948 4908 TelekomNM3 - ok
15:09:49.0980 4908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:09:49.0980 4908 TermDD - ok
15:09:50.0011 4908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:09:50.0011 4908 TermService - ok
15:09:50.0026 4908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:09:50.0042 4908 Themes - ok
15:09:50.0058 4908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:09:50.0058 4908 THREADORDER - ok
15:09:50.0167 4908 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:09:50.0167 4908 TomTomHOMEService - ok
15:09:50.0214 4908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:09:50.0214 4908 TrkWks - ok
15:09:50.0292 4908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:09:50.0292 4908 TrustedInstaller - ok
15:09:50.0323 4908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:09:50.0323 4908 tssecsrv - ok
15:09:50.0354 4908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:09:50.0354 4908 tunmp - ok
15:09:50.0385 4908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:09:50.0401 4908 tunnel - ok
15:09:50.0416 4908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:09:50.0416 4908 uagp35 - ok
15:09:50.0463 4908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:09:50.0463 4908 udfs - ok
15:09:50.0494 4908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:09:50.0494 4908 UI0Detect - ok
15:09:50.0526 4908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:09:50.0526 4908 uliagpkx - ok
15:09:50.0541 4908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:09:50.0557 4908 uliahci - ok
15:09:50.0572 4908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:09:50.0572 4908 UlSata - ok
15:09:50.0588 4908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:09:50.0588 4908 ulsata2 - ok
15:09:50.0619 4908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:09:50.0619 4908 umbus - ok
15:09:50.0635 4908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:09:50.0635 4908 upnphost - ok
15:09:50.0682 4908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:09:50.0682 4908 usbccgp - ok
15:09:50.0697 4908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:09:50.0697 4908 usbcir - ok
15:09:50.0744 4908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:09:50.0744 4908 usbehci - ok
15:09:50.0760 4908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:09:50.0775 4908 usbhub - ok
15:09:50.0791 4908 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:09:50.0791 4908 usbohci - ok
15:09:50.0806 4908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:09:50.0806 4908 usbprint - ok
15:09:50.0838 4908 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:09:50.0838 4908 usbscan - ok
15:09:50.0900 4908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:09:50.0900 4908 USBSTOR - ok
15:09:50.0931 4908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:09:50.0931 4908 usbuhci - ok
15:09:50.0978 4908 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
15:09:50.0978 4908 usb_rndisx - ok
15:09:50.0994 4908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:09:50.0994 4908 UxSms - ok
15:09:51.0056 4908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:09:51.0072 4908 vds - ok
15:09:51.0103 4908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:09:51.0103 4908 vga - ok
15:09:51.0134 4908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:09:51.0134 4908 VgaSave - ok
15:09:51.0150 4908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:09:51.0150 4908 viaagp - ok
15:09:51.0165 4908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:09:51.0181 4908 ViaC7 - ok
15:09:51.0196 4908 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:09:51.0196 4908 viaide - ok
15:09:51.0196 4908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:09:51.0196 4908 volmgr - ok
15:09:51.0259 4908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:09:51.0274 4908 volmgrx - ok
15:09:51.0321 4908 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:09:51.0321 4908 volsnap - ok
15:09:51.0337 4908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:09:51.0337 4908 vsmraid - ok
15:09:51.0399 4908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:09:51.0399 4908 VSS - ok
15:09:51.0446 4908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:09:51.0446 4908 W32Time - ok
15:09:51.0477 4908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:09:51.0477 4908 WacomPen - ok
15:09:51.0493 4908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:09:51.0493 4908 Wanarp - ok
15:09:51.0508 4908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:09:51.0508 4908 Wanarpv6 - ok
15:09:51.0524 4908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:09:51.0540 4908 wcncsvc - ok
15:09:51.0571 4908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:09:51.0571 4908 WcsPlugInService - ok
15:09:51.0602 4908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:09:51.0602 4908 Wd - ok
15:09:51.0649 4908 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:09:51.0664 4908 Wdf01000 - ok
15:09:51.0696 4908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:09:51.0711 4908 WdiServiceHost - ok
15:09:51.0711 4908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:09:51.0711 4908 WdiSystemHost - ok
15:09:51.0758 4908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:09:51.0758 4908 WebClient - ok
15:09:51.0805 4908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:09:51.0836 4908 Wecsvc - ok
15:09:51.0852 4908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:09:51.0852 4908 wercplsupport - ok
15:09:51.0898 4908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:09:51.0914 4908 WerSvc - ok
15:09:51.0914 4908 WinHttpAutoProxySvc - ok
15:09:51.0992 4908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:09:51.0992 4908 Winmgmt - ok
15:09:52.0054 4908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:09:52.0117 4908 WinRM - ok
15:09:52.0179 4908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:09:52.0195 4908 Wlansvc - ok
15:09:52.0226 4908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:09:52.0226 4908 WmiAcpi - ok
15:09:52.0288 4908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:09:52.0288 4908 wmiApSrv - ok
15:09:52.0398 4908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:09:52.0429 4908 WMPNetworkSvc - ok
15:09:52.0476 4908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:09:52.0476 4908 WPCSvc - ok
15:09:52.0522 4908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:09:52.0522 4908 WPDBusEnum - ok
15:09:52.0585 4908 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:09:52.0585 4908 WpdUsb - ok
15:09:52.0772 4908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:09:52.0772 4908 WPFFontCache_v0400 - ok
15:09:52.0803 4908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:09:52.0803 4908 ws2ifsl - ok
15:09:52.0819 4908 WSearch - ok
15:09:52.0897 4908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:09:52.0959 4908 wuauserv - ok
15:09:53.0006 4908 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:09:53.0006 4908 WudfPf - ok
15:09:53.0022 4908 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:53.0022 4908 WUDFRd - ok
15:09:53.0053 4908 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:09:53.0068 4908 wudfsvc - ok
15:09:53.0068 4908 ZTEusbmdm6k - ok
15:09:53.0084 4908 ZTEusbnmea - ok
15:09:53.0100 4908 ZTEusbser6k - ok
15:09:53.0115 4908 ================ Scan global ===============================
15:09:53.0146 4908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:09:53.0178 4908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:09:53.0240 4908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:09:53.0318 4908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:09:53.0318 4908 [Global] - ok
15:09:53.0318 4908 ================ Scan MBR ==================================
15:09:53.0349 4908 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:09:53.0770 4908 \Device\Harddisk0\DR0 - ok
15:09:53.0770 4908 ================ Scan VBR ==================================
15:09:53.0770 4908 [ E25B3AAB48ECC19F2AC0CE98A6B28A01 ] \Device\Harddisk0\DR0\Partition1
15:09:53.0770 4908 \Device\Harddisk0\DR0\Partition1 - ok
15:09:53.0786 4908 [ 3EFBB88140444DC6A427FACCEE1B5E6E ] \Device\Harddisk0\DR0\Partition2
15:09:53.0786 4908 \Device\Harddisk0\DR0\Partition2 - ok
15:09:53.0786 4908 ============================================================
15:09:53.0786 4908 Scan finished
15:09:53.0786 4908 ============================================================
15:09:53.0802 2660 Detected object count: 0
15:09:53.0802 2660 Actual detected object count: 0
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31
Run by Alle at 15:15:54 on 2012-12-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1678 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DSL-Manager\DslMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\DSL-Manager\DslMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\checkt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://www.aldi.com/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-440B-97EF-BD3256820418}
mDefault_Page_URL = hxxp://www.aldi.com/
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [T-Online_Software_6\WLAN-Access Finder] c:\program files\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ALDI_SUED_FotoSuite_Download] "c:\program files\aldi sued foto service\aldi_foto_service\FotoSuite.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [T-Online_Software_6\WLAN-Access Finder] c:\program files\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
StartupFolder: c:\users\alle\appdata\roaming\micros~1\windows\startm~1\programs\startup\dreamm~1.lnk - d:\dreammail4\DM2005.exe
StartupFolder: c:\users\alle\appdata\roaming\micros~1\windows\startm~1\programs\startup\dsl-ma~1.lnk - c:\program files\dsl-manager\DslMgr.exe
StartupFolder: c:\users\alle\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\alle\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Inhaltsverzeichnis.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://212.77.163.114/+CSCOL+/relayp.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://www.csk-klein.de/webcam/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} - hxxps://212.77.163.114/+CSCO+09756767633A2F2F656F74663537356E2E706A30312E70626167766A6E612E70627A3A38303830++/vminet_images/vmi660ie.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{EA0869C6-AF4B-4B4B-B6B2-F877B7A4AFD4} : DHCPNameServer = 192.168.178.1
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alle\appdata\roaming\mozilla\firefox\profiles\xns6q1uz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-440B-97EF-BD3256820418}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010006&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprm3d.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: SweetPacks Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2012-10-9 112584]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-9 36552]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\drivers\dslmnlwf.sys [2011-8-25 16448]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2012-10-9 656672]
R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2012-10-9 400160]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-9 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-9 109344]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-10-9 565024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-9 83944]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-2-3 1155072]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-30 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-30 682344]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2011-3-24 2404864]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\starmoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-7-15 692432]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2012-10-9 92008]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-30 21104]
R3 TDslMgrService;DSL-Manager;c:\program files\dsl-manager\DslMgrSvc.exe [2011-8-25 307200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-8-18 80824]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [2011-8-25 26816]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-1 30192]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\t-online\t-onli~1\basis-~1\basis1\MTOnlPktAlyX.SYS [2008-11-2 19200]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-8-18 181432]
S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\netzmanager\nminfrais2\driver\TelekomNM3.sys [2010-9-16 35040]
.
=============== Created Last 30 ================
.
2012-12-30 18:22:22 -------- d-----w- c:\users\alle\appdata\roaming\Malwarebytes
2012-12-30 18:22:12 -------- d-----w- c:\programdata\Malwarebytes
2012-12-30 18:22:11 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-30 18:22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-30 13:19:06 -------- d-----w- c:\users\alle\appdata\local\{00EBC635-1A00-2A14-FC4D-BFC7DC10AB04}
2012-12-22 09:07:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:07:49 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:07:10 -------- d-----w- c:\users\alle\appdata\roaming\RealNetworks
2012-12-22 09:05:51 -------- d-----w- c:\program files\RealNetworks
2012-12-22 09:05:48 -------- d-----w- c:\programdata\RealNetworks
2012-12-22 09:05:32 -------- d-----w- c:\program files\common files\xing shared
2012-12-22 09:05:16 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-12-22 09:05:02 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-12-12 08:57:20 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 08:57:12 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 08:57:12 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 08:57:12 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 08:57:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 08:57:12 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 08:57:11 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 08:57:11 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 08:57:09 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 08:57:09 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 08:57:09 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-12 08:57:09 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 08:06:18 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 08:06:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 08:06:17 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 08:06:16 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 08:06:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-22 09:04:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 09:04:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-15 17:26:14 19 ----a-w- c:\users\alle\appdata\roaming\mdbu.bin
2012-12-12 08:54:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 08:54:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:04:08 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 10:46:46 92008 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-12-11 10:46:46 112584 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-11-14 19:38:37 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-25 02:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 15:16:37,71 ===============
--- --- --- Attach Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01.11.2008 18:14:11 System Uptime: 31.12.2012 10:58:22 (5 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502 Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2667/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 576 GiB total, 397,463 GiB free. D: is FIXED (FAT32) - 20 GiB total, 12,307 GiB free. E: is CDROM () J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP957: 06.11.2012 20:23:06 - Geplanter Prüfpunkt RP958: 08.11.2012 21:18:37 - Geplanter Prüfpunkt RP959: 10.11.2012 12:35:37 - Geplanter Prüfpunkt RP960: 17.11.2012 09:02:54 - Windows Update RP961: 18.11.2012 19:56:58 - Geplanter Prüfpunkt RP962: 19.11.2012 10:40:04 - Geplanter Prüfpunkt RP963: 21.11.2012 20:57:07 - Geplanter Prüfpunkt RP964: 23.11.2012 16:08:25 - Geplanter Prüfpunkt RP965: 11.12.2012 11:34:55 - Geplanter Prüfpunkt RP966: 12.12.2012 09:47:58 - Geplanter Prüfpunkt RP967: 12.12.2012 09:53:59 - Windows Update RP968: 15.12.2012 12:30:46 - Geplanter Prüfpunkt RP969: 16.12.2012 11:46:38 - Geplanter Prüfpunkt RP970: 17.12.2012 00:00:47 - Geplanter Prüfpunkt RP971: 22.12.2012 10:04:45 - Windows Update RP972: 23.12.2012 00:00:05 - Geplanter Prüfpunkt RP973: 24.12.2012 12:26:12 - Geplanter Prüfpunkt RP974: 25.12.2012 11:32:19 - Geplanter Prüfpunkt RP975: 26.12.2012 19:27:43 - Geplanter Prüfpunkt RP976: 27.12.2012 16:04:21 - Geplanter Prüfpunkt RP977: 28.12.2012 14:06:21 - Geplanter Prüfpunkt RP978: 29.12.2012 16:30:59 - Geplanter Prüfpunkt RP979: 30.12.2012 22:45:11 - Geplanter Prüfpunkt RP980: 31.12.2012 11:49:27 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 3D RealityMaps Viewer 1.2.3.2 Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Reader X (10.1.4) - Deutsch Adobe Shockwave Player 11 AIO_Scan ALDI Foto Manager Free Sued ALDI Online Druck Service 3.4.3.0 (D) ALDI Süd Foto Manager Free ALDI Süd Foto Service Aldi Süd Fotoservice ALDI Süd Online Druck Service ALDI Sued Foto Service Apple Application Support Apple Software Update Avira Internet Security AVM FRITZ!Box Dokumentation AVM FRITZ!Box Druckeranschluss Bonjour BufferChm C4380 C4380_doccd C4380_Help Compatibility Pack für 2007 Office System Copy CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DHTML Editing Component DocProc DocProcQFolder DSL-Manager ElsterFormular-Upgrade ElsterFormular 2007/2008 ElsterFormular 2008/2009 eSupportQFolder Fax Firebird SQL Server - MAGIX Edition FormsForWeb® Filler 3.1 Google Chrome Google Desktop Google Earth Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Customer Participation Program 9.0 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Product Assistant HP Smart Web Printing HP Solution Center 9.0 HP Update HPProductAssistant HPSSupply iCloud Intel(R) Network Connections 13.5.32.0 Intel® Matrix Storage Manager Internet Explorer Toolbar 4.6 by SweetPacks Java Auto Updater Java(TM) 6 Update 31 Java(TM) 6 Update 7 JDownloader 0.9 LetsTrade Komponenten Malwarebytes Anti-Malware Version 1.70.0.1100 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works Microsoft WSE 3.0 Runtime Mozilla Firefox (3.0.19) Mozilla Maintenance Service Mozilla Thunderbird 17.0 (x86 de) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec MyTomTom 3.2.0.700 Nero 8 Essentials neroxml Netzmanager NVIDIA Drivers PanoStandAlone PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_min PSSWCORE QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Samsung Kies SAMSUNG USB Driver for Mobile Phones Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Serena VM Web Client 8,1,4,464 SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 StarMoney StarMoney 8.0 Status SweetIM for Messenger 3.7 SweetPacks bundle uninstaller T-Online 6.0 T-Online WLAN-Access Finder TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Toolbox TOP 50 (Version 1.2) TrayApp Ulead PhotoImpact 12 UnloadSupport Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update Manager for SweetPacks 1.1 VCRedistSetup VideoToolkit01 Visual Studio C++ 10.0 Runtime WebReg WISO Mein Geld 2008 Professional XNavigator . ==== End Of File =========================== |
|
31.12.2012, 16:35
| #4 | ||
| /// TB-Ausbilder | ATRAPS.gen2 von AVIRA gemeldet Ja gut soweit und weiter; Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Temporäre Dateien löschen mit TFC Schritt 3: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
31.12.2012, 17:54
| #5 |
| | ATRAPS.gen2 von AVIRA gemeldet Superschnelle Antwort, echt toll. Hier die nächsten Logfiles: Adwcleaner Code:
ATTFilter # AdwCleaner v2.104 - Datei am 31/12/2012 um 16:44:28 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Alle - ALLE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alle\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Alle\Desktop\Search The Web.url
Datei Gelöscht : C:\Users\Alle\Desktop\sweetpcfix.url
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Alle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Alle\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gelöscht : C:\Users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\f0f226c7bc68a20c
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\Software\SweetIM
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-440B-97EF-BD3256820418} --> hxxp://www.google.com
-\\ Mozilla Firefox v3.0.19 (de)
Datei : C:\Users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\prefs.js
C:\Users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-4[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010006&q=");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.ht[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history", "pfarrgemeinde%20marktredwitz,pfarrgemeinde%20waldershof[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{B088CFF6-857B-440B-97EF-BD3256820418}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-8[...]
Gelöscht : user_pref("sweetim.toolbar.version", "1.6.0.3");
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Alle\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.12] : homepage = "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-440B-97EF-BD325682041[...]
Gelöscht [l.16] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857[...]
Gelöscht [l.42] : keyword = "search.sweetim.com",
Gelöscht [l.45] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid=[...]
Gelöscht [l.793] : homepage = "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-440B-97EF-BD3256820418}"[...]
Gelöscht [l.1097] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006&barid={B088CFF6-857B-4[...]
*************************
AdwCleaner[S1].txt - [13969 octets] - [31/12/2012 16:44:28]
########## EOF - C:\AdwCleaner[S1].txt - [14030 octets] ##########
Code:
ATTFilter ComboFix 12-12-31.01 - Alle 31.12.2012 17:06:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1959 [GMT 1:00]
ausgeführt von:: c:\users\Alle\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alle\avira_antivir_personal_de.exe
c:\windows\IsUn0407.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-31 ))))))))))))))))))))))))))))))
.
.
2012-12-31 16:13 . 2012-12-31 16:17 -------- d-----w- c:\users\Alle\AppData\Local\temp
2012-12-30 18:22 . 2012-12-30 18:22 -------- d-----w- c:\users\Alle\AppData\Roaming\Malwarebytes
2012-12-30 18:22 . 2012-12-30 18:22 -------- d-----w- c:\programdata\Malwarebytes
2012-12-30 18:22 . 2012-12-30 18:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-30 18:22 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 09:07 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:07 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:07 . 2012-12-22 09:07 -------- d-----w- c:\users\Alle\AppData\Roaming\RealNetworks
2012-12-22 09:05 . 2012-12-22 09:05 -------- d-----w- c:\program files\RealNetworks
2012-12-22 09:05 . 2012-12-22 09:05 -------- d-----w- c:\programdata\RealNetworks
2012-12-22 09:05 . 2012-12-22 09:05 -------- d-----w- c:\program files\Common Files\xing shared
2012-12-22 09:05 . 2012-12-22 09:05 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-12-22 09:05 . 2012-12-22 09:05 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-12-12 08:57 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 08:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 08:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 08:57 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 08:57 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 08:57 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 08:57 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 08:57 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 08:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 08:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 08:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 08:57 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-12 08:06 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 08:06 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 08:06 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 08:06 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 08:06 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 09:04 . 2008-08-04 10:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 09:04 . 2008-08-04 10:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-15 17:26 . 2009-12-05 19:20 19 ----a-w- c:\users\Alle\AppData\Roaming\mdbu.bin
2012-12-12 08:54 . 2012-04-18 18:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 08:54 . 2011-05-21 08:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 21:04 . 2012-10-09 18:14 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 21:04 . 2012-10-09 18:14 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 10:46 . 2012-10-09 18:14 92008 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-12-11 10:46 . 2012-10-09 18:14 112584 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-11-14 19:38 . 2012-10-09 18:14 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-10 15:37 . 2010-02-13 16:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-10 30192]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-12-22 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
.
c:\users\Alle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DreamMail.lnk - d:\dreammail4\DM2005.exe [N/A]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-8-25 1085440]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2008-12-21 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-8-25 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 08:54]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-28 08:10]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-28 08:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} - hxxps://212.77.163.114/+CSCO+09756767633A2F2F656F74663537356E2E706A30312E70626167766A6E612E70627A3A38303830++/vminet_images/vmi660ie.cab
FF - ProfilePath - c:\users\Alle\AppData\Roaming\Mozilla\Firefox\Profiles\xns6q1uz.default\
FF - prefs.js: browser.search.defaulturl -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-DeInst_dotexcrd1.2 - c:\windows\unin0407.exe
AddRemove-RealPlayer 16.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-31 17:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avfwsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\avmailc.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DSL-Manager\DslMgrSvc.exe
c:\program files\Common Files\Marmiko Shared\MWLaMaS.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-31 17:23:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-31 16:22
.
Vor Suchlauf: 10 Verzeichnis(se), 434.821.410.816 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 438.615.891.968 Bytes frei
.
- - End Of File - - 81125F4341386E4DD8088A6DFD516629
Vielen Dank für die Hilfe |
|
31.12.2012, 18:06
| #6 | |
| /// TB-Ausbilder | ATRAPS.gen2 von AVIRA gemeldet Ja kommt schon mal vor und jetzt gibts ein Jahresabschlussessen  Viel Spass beim Scannen ... Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ --> ATRAPS.gen2 von AVIRA gemeldet |
|
01.01.2013, 17:12
| #7 |
| | ATRAPS.gen2 von AVIRA gemeldet Erst einmal ein Gutes Neues Jahr, ich hoffe du bist wie ich gut hineingerutscht. Hab die Scans durchgeführt, hier die Ergebnisse: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.01.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Alle :: ALLE-PC [Administrator] Schutz: Deaktiviert 01.01.2013 14:17:18 mbam-log-2013-01-01 (14-17-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213424 Laufzeit: 6 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 31 Java(TM) 6 Update 7 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (3.0.19) Firefox out of Date! Mozilla Thunderbird (17.0.) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe T-Online WLAN-Access Finder ToWLaAcF.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
01.01.2013, 17:29
| #8 |
| /// TB-Ausbilder | ATRAPS.gen2 von AVIRA gemeldet Dann zu den Updates: Schritt 1: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 2: Lade dir die neuste Version von Firefox herunter und installiere sie drüber. Mozilla - Herunterladen Schritt 3: Deinstalliere die alten Versionen vom Adobe Reader Schritt 4: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
01.01.2013, 19:07
| #9 |
| | ATRAPS.gen2 von AVIRA gemeldet Anbei der neueste Security Check: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 10 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Mozilla Thunderbird (17.0.) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe T-Online WLAN-Access Finder ToWLaAcF.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Beste Grüsse |
|
01.01.2013, 20:51
| #10 | ||||
| /// TB-Ausbilder | ATRAPS.gen2 von AVIRA gemeldet Es gibt auch in diesem Tool einen Bug ... Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
01.01.2013, 22:21
| #11 |
| | ATRAPS.gen2 von AVIRA gemeldet Klasse, vielen Dank, ist alles erledigt! Großes Dankeschön für die klaren, verständlichen Anweisungen, die es mir als Amateur die Sache sehr erleichtert haben (und das an Sylvester und Neujahr). Werde eure Hinweise künftig beherzigen! |
|
01.01.2013, 23:14
| #12 |
| /// TB-Ausbilder | ATRAPS.gen2 von AVIRA gemeldet Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu ATRAPS.gen2 von AVIRA gemeldet |
| atraps.gen, atraps.gen2, avira, gemeldet, heute, könntet, logdateien, scans, trojan.0access, trojan.lameshield.124, win32:zbot-qgo |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
