| |
| |||||||
Log-Analyse und Auswertung: vista > nach Virenelimination verdammt trägeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2013, 15:46
| #1 |
 |  vista > nach Virenelimination verdammt träge Hallo, man sollte besser nicht über Eure hervorragende Arbeit sprechen, denn dann bekommt man zu hören, "...ja, bei mir habe ich auch Probleme..." oder "...mein Computer meldet auch immer Virenfunde..." usw. Also hier kann ich berichten besser nicht dem Motto >> Tue gutes und Berichte darüber << folgen Hier der Laptop meiner Eltern (nein, nicht Schwiegereltern), bei dem meine Mutter schon häufiger auf viele Knöpfe bei AVIRA-Meldungen und Meldungen von Spybot S&D gedrückt hat und z.B. AVIRA seit dem eher "nicht aktiv" war....  Virensignatur erneuert, und laufen lassen > nichts gefunden und nun die logs weil ich auch das Gefühl nicht los werde, dass dort was ist. Code:
ATTFilter OTL logfile created on: 04.07.2013 11:11:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,05% Memory free 4,22 Gb Paging File | 2,92 Gb Available in Paging File | 69,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 51,36 Gb Free Space | 41,90% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 14,68 Gb Free Space | 55,53% Space Free | Partition Type: FAT32 Computer Name: DIDI-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.04 10:24:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2013.07.02 08:30:55 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.02 08:30:40 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.07.02 08:30:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.02 08:30:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.04 10:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.04 12:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.09.03 18:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.09 20:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 11:11:06 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll MOD - [2013.05.23 11:11:05 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll MOD - [2013.05.23 11:11:03 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll MOD - [2013.05.23 11:11:02 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll MOD - [2013.05.23 11:10:59 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll MOD - [2013.05.23 11:10:23 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll MOD - [2013.05.23 11:08:08 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.23 11:08:06 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013.05.23 11:08:02 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll MOD - [2013.05.23 10:42:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.23 10:42:10 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.23 10:42:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.23 10:41:50 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.23 10:41:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.23 10:41:39 | 000,749,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\aaf1949171dfbfcd4669ed8ba6cd3f10\System.Security.ni.dll MOD - [2013.05.23 10:41:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.01.21 20:43:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.21 20:43:09 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.21 20:22:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.21 20:22:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.21 20:22:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.21 20:22:18 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.21 20:22:08 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2007.09.04 12:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.09.04 12:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.09.04 12:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.09.04 12:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.09.04 12:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.09.04 12:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.09.04 12:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVM\de_serv.exe -- (de_serv) SRV - [2013.07.02 08:30:55 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.02 08:30:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.09.04 12:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\PDNSp50.sys -- (PDNSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\PDNMp50.sys -- (PDNMp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.30 02:56:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 02:56:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 02:56:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.24 18:43:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.08 12:49:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.02.05 19:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 19:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 19:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.08.08 09:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.07.03 03:04:00 | 000,851,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfhubase.sys -- (bfhubase) DRV - [2007.07.03 03:04:00 | 000,374,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\capi_cip.sys -- (CAPI_CIP) DRV - [2007.07.03 03:04:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2007.07.03 03:04:00 | 000,061,952 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmbtpar.sys -- (AVMBTPARALLEL) DRV - [2007.07.03 03:04:00 | 000,060,928 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmbtser.sys -- (AVMBTSERIAL) DRV - [2007.05.23 23:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) DRV - [2003.12.16 02:00:00 | 000,548,224 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bapdbase.sys -- (BAPDBASE) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=NsaxL77vGfMl-6pPufYE_TfDUks?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.247.247.33 129.247.247.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 129.247.247.33 129.247.247.39 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\wallpaper2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\wallpaper2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 10:24:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.07.03 19:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.07.03 19:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.07.03 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira ========== Files - Modified Within 30 Days ========== [2013.07.04 11:10:33 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.07.04 11:05:37 | 000,377,856 | ---- | M] () -- C:\Users\Admin\Desktop\gmer_2.1.19163.exe [2013.07.04 10:24:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.07.04 10:24:16 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2013.07.04 09:33:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 09:33:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 09:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 20:07:24 | 000,638,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.03 20:07:24 | 000,604,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.03 20:07:24 | 000,130,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.03 20:07:24 | 000,108,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.03 19:16:16 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2013.07.04 11:10:33 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.07.04 11:05:37 | 000,377,856 | ---- | C] () -- C:\Users\Admin\Desktop\gmer_2.1.19163.exe [2013.07.04 10:24:16 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2008.10.02 12:35:35 | 000,025,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.23 22:15:45 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat [2008.01.12 23:33:02 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.29 09:23:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Garmin [2012.06.08 21:49:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2010.07.24 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 11:11:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,05% Memory free
4,22 Gb Paging File | 2,92 Gb Available in Paging File | 69,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 51,36 Gb Free Space | 41,90% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 14,68 Gb Free Space | 55,53% Space Free | Partition Type: FAT32
Computer Name: DIDI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2670825878-3188729077-2627626819-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2670825878-3188729077-2627626819-1005]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A525F5C-5BFB-4024-9A17-693D8C680C81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F3E4A2A-7C25-48BF-A19A-41976DC76635}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23619F77-4228-4E95-807B-2951ED823F5B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{43978C33-0533-4C09-93C6-59DAC4C7736B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C45F298-6AA9-447D-8189-BE34CE8707AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F7BE734-80DE-4222-8DBE-31EF572CB0CB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AAAFA887-52A7-4780-A527-0BF963D83F77}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD2005CE-6F18-416A-8091-DA54181C0FE1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D03FB2ED-2622-420C-AD87-270A0787651A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D34CE02B-4070-4368-93F2-83213C802A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{167986B4-42CF-4771-99E8-2962C83858D2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2E9D9C0B-0137-483D-B92A-CD530592F3E6}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{38558ECB-1A04-4A42-B3C0-4EAB7C3B8706}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BA65083-3F97-464C-9EF6-4EA2B59F3CCD}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{42A3D98C-CD76-4DD6-8187-B7322960B4AC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{65800D36-08E0-4B4F-AB5B-81BD6BCF75E5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{743DB5CF-6BFC-4878-8635-0B602ADBA432}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{79E98606-5FC3-4865-A268-0B6F387A81AD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A09338A2-CC74-4A5A-9F57-928168995000}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{CDBEB067-3760-4F26-9C32-2F4450F24E14}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{DD662494-BD46-41B1-9947-AAF6B7E5AB06}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{EDFA641E-28AF-4F01-8758-7E5472A29EFD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F3289106-9270-44C2-A8C5-5B3A4BDB0EFF}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe |
"{F88D2146-E7DB-4AD7-A844-DCD4E2292B3C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{86524DA7-39A9-407A-BC85-522F453E99A4}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{5F38BE33-902D-4489-8FE3-B926259C7F09}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}" = AuthenTec Fingerprint Sensor Minimum Install
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.74
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"XnView_is1" = XnView 1.97.6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.02.2011 07:57:34 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x8f4, Anwendungsstartzeit 01cbc9e2dc73a770.
Error - 13.02.2011 11:32:46 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x370, Anwendungsstartzeit 01cbcb932a973a00.
Error - 13.02.2011 11:35:17 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.4016, Zeitstempel
0x49cc5361, Ausnahmecode 0xc0000005, Fehleroffset 0x0001459b, Prozess-ID 0x660,
Anwendungsstartzeit 01cbcb931a163870.
Error - 13.02.2011 11:36:31 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.4016, Zeitstempel
0x49cc5361, Ausnahmecode 0xc0000005, Fehleroffset 0x0001459b, Prozess-ID 0x1124,
Anwendungsstartzeit 01cbcb93a1b6dcd0.
Error - 13.02.2011 11:38:46 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.4016, Zeitstempel
0x49cc5361, Ausnahmecode 0xc0000005, Fehleroffset 0x0001459b, Prozess-ID 0x1720,
Anwendungsstartzeit 01cbcb93cd8e4ff0.
Error - 14.02.2011 06:55:09 | Computer Name = DIDI-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 378 Anfangszeit: 01cbcc2da4aa2600 Zeitpunkt
der Beendigung: 0
Error - 23.02.2011 12:07:20 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x7e0, Anwendungsstartzeit 01cbd373bdc53970.
Error - 10.03.2011 14:31:11 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xdec, Anwendungsstartzeit 01cbdf513f5ba9e0.
Error - 10.03.2011 14:32:58 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.4016, Zeitstempel
0x49cc5361, Ausnahmecode 0xc0000005, Fehleroffset 0x0001459b, Prozess-ID 0xce0,
Anwendungsstartzeit 01cbdf512d166310.
Error - 17.03.2011 07:35:42 | Computer Name = DIDI-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 10.0.6866.0, Zeitstempel
0x4c6486a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003de2d, Prozess-ID 0x840, Anwendungsstartzeit
01cbe4976c0af860.
[ System Events ]
Error - 03.07.2013 14:15:47 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 03.07.2013 14:18:03 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 03.07.2013 14:21:13 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 03.07.2013 14:39:22 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 03.07.2013 14:41:36 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 04.07.2013 03:33:37 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 04.07.2013 03:34:33 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 04.07.2013 03:48:01 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 04.07.2013 03:50:00 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 04.07.2013 03:52:14 | Computer Name = DIDI-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
< End of report >
Beim Durchlauf von GMER habe ich bereits recht füh mehrfach die Meldung erhalten, dass "Es befindet sich kein Datenträgerim Laufwerk. Legen Sie einen ... in \Device\Harddisk1\DR1 ein" Ich konnte Abbrechen, wiederholen oder weiter auswählen. Scheinbar hat aber nichts geholfen. Bei einer weiteren Meldung habe ich dann viele male einen Buttom gedrück und der scan dann irgendwann weiter ging...... Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-04 16:05:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwtdapod.sys
---- System - GMER 2.1 ----
SSDT 8DCEB9E6 ZwCreateSection
SSDT 8DCEB9F0 ZwRequestWaitReplyPort
SSDT 8DCEB9EB ZwSetContextThread
SSDT 8DCEB9F5 ZwSetSecurityObject
SSDT 8DCEB9FA ZwSystemDebugControl
SSDT 8DCEB987 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824E87E0 4 Bytes [E6, B9, CE, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 824E8B04 4 Bytes [F0, B9, CE, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 824E8B38 4 Bytes [EB, B9, CE, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 824E8B9C 4 Bytes [F5, B9, CE, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 824E8BE4 4 Bytes [FA, B9, CE, 8D]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823
---- EOF - GMER 2.1 ----
|
|
04.07.2013, 15:50
| #2 |
| /// Malware-holic   | vista > nach Virenelimination verdammt träge Hi, poste mal alle Avira und sonstigen Fundlogs.
__________________http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
04.07.2013, 22:44
| #3 |
| | vista > nach Virenelimination verdammt träge Hi markusg,
__________________danke für Dein Einsatz mir zu helfen. Die alten Logs habe ich nicht mehr, da ich spybot S&D vor Beginn runtergeschmissen habe und Avira (nicht die Signatur) auf die neuste Version gebracht habe. Ja, sag bitte nicht's.  ... und nun??? |
|
05.07.2013, 13:08
| #4 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge avira speichert die logs automatisch, da du nicht geupdatet hast wurden sie auch nicht durch ein evtl. upgrade gelöscht, posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.07.2013, 20:04
| #5 |
| | vista > nach Virenelimination verdammt träge Hi markusg, würde ich gerne machen, aber ich habe die alte version komplett runter geschmissen und manuell noch alles was da war. Anschließend habe ich die aktuelle Version draufgespielt. Ich habe keine logs im Programm und auch im Verzeichnis gesucht und auch bei Euch die Anleitung zum Auffinden der logs genutzt, leider ohne Erfolg. Ein aktuelle Durchlauf hat keine Ergebnisse mehr gezeigt. LG Käthe |
|
08.07.2013, 13:19
| #6 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> vista > nach Virenelimination verdammt träge |
|
08.07.2013, 16:43
| #7 |
| | vista > nach Virenelimination verdammt träge Hi markusg, hier die log. Code:
ATTFilter 17:18:27.0565 1088 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:18:27.0787 1088 ============================================================
17:18:27.0787 1088 Current date / time: 2013/07/08 17:18:27.0787
17:18:27.0787 1088 SystemInfo:
17:18:27.0787 1088
17:18:27.0787 1088 OS Version: 6.0.6002 ServicePack: 2.0
17:18:27.0787 1088 Product type: Workstation
17:18:27.0787 1088 ComputerName: DIDI-PC
17:18:27.0787 1088 UserName: Admin
17:18:27.0787 1088 Windows directory: C:\Windows
17:18:27.0788 1088 System windows directory: C:\Windows
17:18:27.0788 1088 Processor architecture: Intel x86
17:18:27.0788 1088 Number of processors: 2
17:18:27.0788 1088 Page size: 0x1000
17:18:27.0788 1088 Boot type: Normal boot
17:18:27.0788 1088 ============================================================
17:18:28.0546 1088 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:18:28.0568 1088 ============================================================
17:18:28.0568 1088 \Device\Harddisk0\DR0:
17:18:28.0568 1088 MBR partitions:
17:18:28.0670 1088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xF52DB02, BlocksNum 0x34EAFBF
17:18:28.0670 1088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF52DA84
17:18:28.0670 1088 ============================================================
17:18:28.0713 1088 C: <-> \Device\Harddisk0\DR0\Partition2
17:18:28.0762 1088 D: <-> \Device\Harddisk0\DR0\Partition1
17:18:28.0762 1088 ============================================================
17:18:28.0762 1088 Initialize success
17:18:28.0762 1088 ============================================================
17:20:07.0690 5828 ============================================================
17:20:07.0690 5828 Scan started
17:20:07.0690 5828 Mode: Manual; SigCheck; TDLFS;
17:20:07.0690 5828 ============================================================
17:20:10.0355 5828 ================ Scan system memory ========================
17:20:10.0355 5828 System memory - ok
17:20:10.0356 5828 ================ Scan services =============================
17:20:11.0118 5828 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:20:11.0264 5828 ACPI - ok
17:20:11.0476 5828 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:20:11.0535 5828 adp94xx - ok
17:20:11.0581 5828 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:20:11.0616 5828 adpahci - ok
17:20:11.0641 5828 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:20:11.0668 5828 adpu160m - ok
17:20:11.0704 5828 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:20:11.0734 5828 adpu320 - ok
17:20:11.0823 5828 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:20:12.0007 5828 AeLookupSvc - ok
17:20:12.0123 5828 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:20:12.0249 5828 AFD - ok
17:20:12.0289 5828 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:20:12.0371 5828 AgereModemAudio - ok
17:20:12.0445 5828 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
17:20:12.0635 5828 AgereSoftModem - ok
17:20:12.0691 5828 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:20:12.0719 5828 aic78xx - ok
17:20:12.0920 5828 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:20:13.0086 5828 ALG - ok
17:20:13.0146 5828 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
17:20:13.0172 5828 aliide - ok
17:20:13.0219 5828 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:20:13.0245 5828 amdagp - ok
17:20:13.0276 5828 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
17:20:13.0300 5828 amdide - ok
17:20:13.0324 5828 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:20:13.0612 5828 AmdK7 - ok
17:20:13.0643 5828 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:20:13.0791 5828 AmdK8 - ok
17:20:13.0978 5828 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:20:13.0995 5828 AntiVirSchedulerService - ok
17:20:14.0070 5828 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:20:14.0085 5828 AntiVirService - ok
17:20:14.0134 5828 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:20:14.0207 5828 Appinfo - ok
17:20:14.0228 5828 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
17:20:14.0253 5828 arc - ok
17:20:14.0310 5828 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:20:14.0335 5828 arcsas - ok
17:20:14.0455 5828 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:14.0550 5828 AsyncMac - ok
17:20:14.0602 5828 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:20:14.0629 5828 atapi - ok
17:20:14.0687 5828 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
17:20:14.0721 5828 ATSWPDRV - ok
17:20:14.0796 5828 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:20:14.0880 5828 AudioEndpointBuilder - ok
17:20:14.0919 5828 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:20:14.0954 5828 Audiosrv - ok
17:20:15.0175 5828 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:20:15.0203 5828 avgntflt - ok
17:20:15.0285 5828 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:20:15.0305 5828 avipbb - ok
17:20:15.0452 5828 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:20:15.0479 5828 avkmgr - ok
17:20:15.0569 5828 [ 5860CF10ACE95AE25733B24467D655AA ] AVMBTPARALLEL C:\Windows\system32\DRIVERS\avmbtpar.sys
17:20:15.0633 5828 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - warning
17:20:15.0633 5828 AVMBTPARALLEL - detected UnsignedFile.Multi.Generic (1)
17:20:15.0670 5828 [ F9466C032337B3BF6F7323B55B8BD32F ] AVMBTSERIAL C:\Windows\system32\DRIVERS\avmbtser.sys
17:20:15.0744 5828 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - warning
17:20:15.0744 5828 AVMBTSERIAL - detected UnsignedFile.Multi.Generic (1)
17:20:15.0784 5828 [ 5685E9F471135E6675D981D5D45C9935 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
17:20:15.0853 5828 AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning
17:20:15.0854 5828 AVMCOWAN - detected UnsignedFile.Multi.Generic (1)
17:20:15.0894 5828 [ 02568A764EF2C37CFA6F9C471E67D475 ] AVMPORT C:\Windows\System32\drivers\avmport.sys
17:20:15.0941 5828 AVMPORT ( UnsignedFile.Multi.Generic ) - warning
17:20:15.0941 5828 AVMPORT - detected UnsignedFile.Multi.Generic (1)
17:20:15.0988 5828 [ 19D6EAC8AF2693C6BDFD5F37150AC10D ] BAPDBASE C:\Windows\system32\DRIVERS\bapdbase.sys
17:20:16.0082 5828 BAPDBASE ( UnsignedFile.Multi.Generic ) - warning
17:20:16.0082 5828 BAPDBASE - detected UnsignedFile.Multi.Generic (1)
17:20:16.0169 5828 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:20:16.0248 5828 Beep - ok
17:20:16.0350 5828 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:20:16.0458 5828 BFE - ok
17:20:16.0573 5828 [ A3C1AA107EE7149F931265201CF44C81 ] bfhubase C:\Windows\system32\DRIVERS\bfhubase.sys
17:20:16.0765 5828 bfhubase ( UnsignedFile.Multi.Generic ) - warning
17:20:16.0765 5828 bfhubase - detected UnsignedFile.Multi.Generic (1)
17:20:16.0844 5828 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:20:16.0965 5828 BITS - ok
17:20:16.0972 5828 blbdrive - ok
17:20:17.0036 5828 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:20:17.0146 5828 bowser - ok
17:20:17.0186 5828 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:20:17.0269 5828 BrFiltLo - ok
17:20:17.0479 5828 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:20:17.0566 5828 BrFiltUp - ok
17:20:17.0644 5828 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:20:17.0738 5828 Browser - ok
17:20:17.0777 5828 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:20:17.0881 5828 Brserid - ok
17:20:18.0172 5828 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:20:18.0287 5828 BrSerWdm - ok
17:20:18.0405 5828 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:20:18.0518 5828 BrUsbMdm - ok
17:20:18.0624 5828 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:20:18.0710 5828 BrUsbSer - ok
17:20:18.0735 5828 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:20:18.0828 5828 BTHMODEM - ok
17:20:18.0892 5828 [ 51B327292408B5F3A42E295BCE055859 ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
17:20:18.0919 5828 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
17:20:18.0919 5828 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
17:20:19.0041 5828 [ 48F64A84054771B2FEF55606ADF57557 ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys
17:20:19.0139 5828 Cam5607 - ok
17:20:19.0191 5828 [ A1340504561B78E086BA5BC8DAD41212 ] CAPI_CIP C:\Windows\system32\DRIVERS\capi_cip.sys
17:20:19.0266 5828 CAPI_CIP ( UnsignedFile.Multi.Generic ) - warning
17:20:19.0266 5828 CAPI_CIP - detected UnsignedFile.Multi.Generic (1)
17:20:19.0306 5828 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:20:19.0447 5828 cdfs - ok
17:20:19.0507 5828 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:20:19.0574 5828 cdrom - ok
17:20:19.0623 5828 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:20:19.0680 5828 CertPropSvc - ok
17:20:19.0723 5828 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
17:20:19.0792 5828 circlass - ok
17:20:19.0892 5828 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:20:19.0933 5828 CLFS - ok
17:20:20.0017 5828 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:20.0045 5828 clr_optimization_v2.0.50727_32 - ok
17:20:20.0300 5828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:20.0427 5828 clr_optimization_v4.0.30319_32 - ok
17:20:20.0509 5828 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:20.0571 5828 CmBatt - ok
17:20:20.0607 5828 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:20:20.0633 5828 cmdide - ok
17:20:20.0693 5828 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:20:20.0719 5828 Compbatt - ok
17:20:20.0727 5828 COMSysApp - ok
17:20:20.0820 5828 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:20:20.0845 5828 crcdisk - ok
17:20:20.0880 5828 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:20:21.0009 5828 Crusoe - ok
17:20:21.0103 5828 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:20:21.0194 5828 CryptSvc - ok
17:20:21.0298 5828 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:20:21.0452 5828 DcomLaunch - ok
17:20:21.0523 5828 de_serv - ok
17:20:21.0581 5828 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:20:21.0717 5828 DfsC - ok
17:20:21.0840 5828 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:20:22.0460 5828 DFSR - ok
17:20:22.0530 5828 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:20:22.0594 5828 Dhcp - ok
17:20:22.0672 5828 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:20:22.0712 5828 disk - ok
17:20:22.0791 5828 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:20:22.0888 5828 Dnscache - ok
17:20:22.0925 5828 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:20:22.0960 5828 dot3svc - ok
17:20:23.0018 5828 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:20:23.0102 5828 DPS - ok
17:20:23.0146 5828 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:20:23.0195 5828 drmkaud - ok
17:20:23.0520 5828 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:20:23.0572 5828 DXGKrnl - ok
17:20:23.0638 5828 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:20:23.0759 5828 E1G60 - ok
17:20:23.0801 5828 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:20:23.0900 5828 EapHost - ok
17:20:23.0997 5828 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:20:24.0033 5828 Ecache - ok
17:20:24.0127 5828 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:20:24.0236 5828 ehRecvr - ok
17:20:24.0272 5828 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:20:24.0391 5828 ehSched - ok
17:20:24.0454 5828 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:20:24.0543 5828 ehstart - ok
17:20:24.0619 5828 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:20:24.0657 5828 elxstor - ok
17:20:24.0902 5828 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:20:25.0024 5828 EMDMgmt - ok
17:20:25.0158 5828 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:20:25.0229 5828 EventSystem - ok
17:20:25.0315 5828 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:20:25.0463 5828 exfat - ok
17:20:25.0537 5828 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:20:25.0587 5828 fastfat - ok
17:20:25.0617 5828 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:20:25.0696 5828 fdc - ok
17:20:25.0799 5828 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:20:25.0836 5828 fdPHost - ok
17:20:25.0937 5828 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:20:26.0013 5828 FDResPub - ok
17:20:26.0048 5828 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
17:20:26.0136 5828 FETNDIS - ok
17:20:26.0185 5828 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:20:26.0214 5828 FileInfo - ok
17:20:26.0426 5828 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:20:26.0504 5828 Filetrace - ok
17:20:26.0796 5828 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
17:20:27.0015 5828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:20:27.0016 5828 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:20:27.0054 5828 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:27.0162 5828 flpydisk - ok
17:20:27.0228 5828 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:20:27.0268 5828 FltMgr - ok
17:20:27.0343 5828 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:20:27.0435 5828 FontCache - ok
17:20:27.0755 5828 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:27.0791 5828 FontCache3.0.0.0 - ok
17:20:27.0867 5828 [ 574CEA4D3510EC905C0163C42D305BA5 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:20:27.0893 5828 fssfltr - ok
17:20:28.0063 5828 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:20:28.0158 5828 fsssvc - ok
17:20:28.0183 5828 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:20:28.0247 5828 Fs_Rec - ok
17:20:28.0367 5828 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:20:28.0405 5828 gagp30kx - ok
17:20:28.0559 5828 [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
17:20:28.0587 5828 Garmin Core Update Service - ok
17:20:29.0373 5828 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
17:20:29.0423 5828 GnabService ( UnsignedFile.Multi.Generic ) - warning
17:20:29.0423 5828 GnabService - detected UnsignedFile.Multi.Generic (1)
17:20:29.0562 5828 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:20:29.0583 5828 GoogleDesktopManager-051210-111108 - ok
17:20:29.0701 5828 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:20:29.0821 5828 gpsvc - ok
17:20:30.0008 5828 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:20:30.0183 5828 HdAudAddService - ok
17:20:30.0273 5828 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:20:30.0319 5828 HDAudBus - ok
17:20:30.0377 5828 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:20:30.0482 5828 HidBth - ok
17:20:30.0571 5828 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:20:30.0658 5828 HidIr - ok
17:20:30.0705 5828 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:20:30.0764 5828 hidserv - ok
17:20:30.0839 5828 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:20:30.0872 5828 HidUsb - ok
17:20:30.0940 5828 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:20:31.0080 5828 hkmsvc - ok
17:20:31.0161 5828 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
17:20:31.0190 5828 Hotkey ( UnsignedFile.Multi.Generic ) - warning
17:20:31.0191 5828 Hotkey - detected UnsignedFile.Multi.Generic (1)
17:20:31.0228 5828 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:20:31.0254 5828 HpCISSs - ok
17:20:31.0378 5828 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:20:31.0465 5828 HTTP - ok
17:20:31.0519 5828 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:20:31.0545 5828 i2omp - ok
17:20:31.0634 5828 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:20:31.0709 5828 i8042prt - ok
17:20:32.0497 5828 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:20:32.0535 5828 IAANTMON - ok
17:20:32.0622 5828 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:20:32.0642 5828 iaStor - ok
17:20:32.0744 5828 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:20:32.0778 5828 iaStorV - ok
17:20:32.0926 5828 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:33.0072 5828 idsvc - ok
17:20:33.0189 5828 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:20:33.0558 5828 igfx - ok
17:20:33.0632 5828 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:20:33.0655 5828 iirsp - ok
17:20:33.0732 5828 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:20:33.0775 5828 IKEEXT - ok
17:20:33.0927 5828 [ 0F16D98C3AF2138FABFA20ADDE4E01FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:20:34.0176 5828 IntcAzAudAddService - ok
17:20:34.0257 5828 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:20:34.0284 5828 intelide - ok
17:20:34.0321 5828 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:20:34.0408 5828 intelppm - ok
17:20:34.0555 5828 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:20:34.0649 5828 IPBusEnum - ok
17:20:34.0699 5828 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:34.0788 5828 IpFilterDriver - ok
17:20:34.0860 5828 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:20:34.0964 5828 iphlpsvc - ok
17:20:34.0971 5828 IpInIp - ok
17:20:35.0035 5828 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:20:35.0111 5828 IPMIDRV - ok
17:20:35.0174 5828 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:20:35.0224 5828 IPNAT - ok
17:20:35.0382 5828 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:20:35.0491 5828 IRENUM - ok
17:20:35.0635 5828 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:20:35.0675 5828 isapnp - ok
17:20:35.0741 5828 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:20:35.0765 5828 iScsiPrt - ok
17:20:35.0781 5828 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:20:35.0810 5828 iteatapi - ok
17:20:35.0868 5828 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:20:35.0894 5828 iteraid - ok
17:20:36.0096 5828 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:36.0173 5828 kbdclass - ok
17:20:36.0270 5828 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:20:36.0339 5828 kbdhid - ok
17:20:36.0397 5828 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:20:36.0586 5828 KeyIso - ok
17:20:36.0672 5828 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:20:36.0731 5828 KSecDD - ok
17:20:36.0807 5828 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:20:36.0923 5828 KtmRm - ok
17:20:37.0141 5828 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:20:37.0225 5828 LanmanServer - ok
17:20:37.0296 5828 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:20:37.0398 5828 LanmanWorkstation - ok
17:20:37.0446 5828 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
17:20:37.0470 5828 Lbd - ok
17:20:37.0569 5828 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:20:37.0621 5828 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:20:37.0621 5828 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:20:37.0663 5828 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:20:37.0755 5828 lltdio - ok
17:20:37.0812 5828 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:20:37.0909 5828 lltdsvc - ok
17:20:37.0971 5828 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:20:38.0069 5828 lmhosts - ok
17:20:38.0126 5828 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:20:38.0155 5828 LSI_FC - ok
17:20:38.0180 5828 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:20:38.0207 5828 LSI_SAS - ok
17:20:38.0226 5828 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:20:38.0254 5828 LSI_SCSI - ok
17:20:38.0427 5828 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:20:38.0471 5828 luafv - ok
17:20:38.0554 5828 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:20:38.0628 5828 Mcx2Svc - ok
17:20:38.0670 5828 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
17:20:38.0694 5828 megasas - ok
17:20:38.0814 5828 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:20:38.0903 5828 MMCSS - ok
17:20:38.0948 5828 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:20:38.0997 5828 Modem - ok
17:20:39.0043 5828 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:20:39.0082 5828 monitor - ok
17:20:39.0108 5828 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:20:39.0136 5828 mouclass - ok
17:20:39.0193 5828 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:20:39.0235 5828 mouhid - ok
17:20:39.0333 5828 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:20:39.0362 5828 MountMgr - ok
17:20:39.0440 5828 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
17:20:39.0471 5828 mpio - ok
17:20:39.0527 5828 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:20:39.0615 5828 mpsdrv - ok
17:20:39.0662 5828 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:20:39.0741 5828 MpsSvc - ok
17:20:39.0792 5828 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:20:39.0820 5828 Mraid35x - ok
17:20:40.0027 5828 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:20:40.0089 5828 MRxDAV - ok
17:20:40.0148 5828 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:40.0282 5828 mrxsmb - ok
17:20:40.0463 5828 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:40.0541 5828 mrxsmb10 - ok
17:20:40.0550 5828 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:40.0579 5828 mrxsmb20 - ok
17:20:40.0617 5828 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
17:20:40.0641 5828 msahci - ok
17:20:40.0702 5828 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:20:40.0730 5828 msdsm - ok
17:20:40.0785 5828 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:20:40.0876 5828 MSDTC - ok
17:20:40.0922 5828 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:20:41.0001 5828 Msfs - ok
17:20:41.0065 5828 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:20:41.0099 5828 msisadrv - ok
17:20:41.0164 5828 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:20:41.0238 5828 MSiSCSI - ok
17:20:41.0245 5828 msiserver - ok
17:20:41.0315 5828 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:20:41.0370 5828 MSKSSRV - ok
17:20:41.0444 5828 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:41.0513 5828 MSPCLOCK - ok
17:20:41.0574 5828 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:20:41.0616 5828 MSPQM - ok
17:20:41.0660 5828 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:20:41.0692 5828 MsRPC - ok
17:20:41.0720 5828 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:20:41.0740 5828 mssmbios - ok
17:20:41.0786 5828 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:20:41.0846 5828 MSTEE - ok
17:20:41.0886 5828 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:20:41.0914 5828 Mup - ok
17:20:42.0002 5828 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:20:42.0076 5828 napagent - ok
17:20:42.0151 5828 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:20:42.0219 5828 NativeWifiP - ok
17:20:42.0288 5828 [ 9576CC8E84F7CEDA9189CDDA1CFD4BC1 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:20:42.0454 5828 NBService ( UnsignedFile.Multi.Generic ) - warning
17:20:42.0454 5828 NBService - detected UnsignedFile.Multi.Generic (1)
17:20:42.0514 5828 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:20:42.0554 5828 NDIS - ok
17:20:42.0606 5828 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:42.0661 5828 NdisTapi - ok
17:20:42.0715 5828 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:42.0755 5828 Ndisuio - ok
17:20:42.0822 5828 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:42.0860 5828 NdisWan - ok
17:20:42.0915 5828 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:20:43.0002 5828 NDProxy - ok
17:20:43.0039 5828 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:20:43.0102 5828 NetBIOS - ok
17:20:43.0161 5828 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:20:43.0242 5828 netbt - ok
17:20:43.0248 5828 NETFRITZ - ok
17:20:43.0273 5828 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:20:43.0294 5828 Netlogon - ok
17:20:43.0321 5828 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:20:43.0366 5828 Netman - ok
17:20:43.0494 5828 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:20:43.0588 5828 netprofm - ok
17:20:43.0631 5828 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:43.0675 5828 NetTcpPortSharing - ok
17:20:43.0775 5828 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
17:20:44.0016 5828 NETw3v32 - ok
17:20:44.0121 5828 [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
17:20:44.0527 5828 NETw4v32 - ok
17:20:44.0647 5828 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\Windows\system32\DRIVERS\NETw4x32.sys
17:20:44.0851 5828 NETw4x32 - ok
17:20:44.0878 5828 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:20:44.0902 5828 nfrd960 - ok
17:20:44.0966 5828 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:20:45.0056 5828 NlaSvc - ok
17:20:45.0172 5828 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:20:45.0229 5828 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
17:20:45.0229 5828 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
17:20:45.0272 5828 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:20:45.0328 5828 Npfs - ok
17:20:45.0448 5828 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:20:45.0507 5828 nsi - ok
17:20:45.0592 5828 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:20:45.0646 5828 nsiproxy - ok
17:20:45.0802 5828 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:20:45.0918 5828 Ntfs - ok
17:20:45.0981 5828 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:20:46.0086 5828 ntrigdigi - ok
17:20:46.0141 5828 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:20:46.0232 5828 Null - ok
17:20:46.0289 5828 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:20:46.0328 5828 nvraid - ok
17:20:46.0434 5828 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:20:46.0462 5828 nvstor - ok
17:20:46.0503 5828 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:20:46.0531 5828 nv_agp - ok
17:20:46.0538 5828 NwlnkFlt - ok
17:20:46.0549 5828 NwlnkFwd - ok
17:20:46.0585 5828 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:20:46.0678 5828 ohci1394 - ok
17:20:46.0743 5828 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:20:46.0862 5828 p2pimsvc - ok
17:20:46.0877 5828 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:20:46.0913 5828 p2psvc - ok
17:20:46.0934 5828 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:20:47.0031 5828 Parport - ok
17:20:47.0076 5828 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:20:47.0106 5828 partmgr - ok
17:20:47.0169 5828 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:20:47.0246 5828 Parvdm - ok
17:20:47.0284 5828 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:20:47.0336 5828 PcaSvc - ok
17:20:47.0482 5828 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:20:47.0517 5828 pci - ok
17:20:47.0555 5828 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
17:20:47.0599 5828 pciide - ok
17:20:47.0643 5828 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:20:47.0677 5828 pcmcia - ok
17:20:47.0684 5828 PDNMp50 - ok
17:20:47.0693 5828 PDNSp50 - ok
17:20:47.0759 5828 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:20:47.0924 5828 PEAUTH - ok
17:20:47.0995 5828 [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap C:\Windows\system32\DRIVERS\PhilCap.sys
17:20:48.0094 5828 PhilCap - ok
17:20:48.0183 5828 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:20:48.0357 5828 pla - ok
17:20:48.0439 5828 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:20:48.0498 5828 PlugPlay - ok
17:20:48.0554 5828 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:20:48.0591 5828 PNRPAutoReg - ok
17:20:48.0631 5828 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:20:48.0668 5828 PNRPsvc - ok
17:20:48.0764 5828 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:20:48.0822 5828 PolicyAgent - ok
17:20:48.0883 5828 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:20:48.0940 5828 PptpMiniport - ok
17:20:49.0001 5828 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
17:20:49.0109 5828 Processor - ok
17:20:49.0162 5828 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:20:49.0220 5828 ProfSvc - ok
17:20:49.0249 5828 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:20:49.0270 5828 ProtectedStorage - ok
17:20:49.0428 5828 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:20:49.0508 5828 PSched - ok
17:20:49.0595 5828 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:20:49.0711 5828 ql2300 - ok
17:20:49.0776 5828 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:20:49.0817 5828 ql40xx - ok
17:20:49.0893 5828 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:20:49.0923 5828 QWAVE - ok
17:20:49.0979 5828 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:20:50.0005 5828 QWAVEdrv - ok
17:20:50.0156 5828 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:20:50.0487 5828 R300 - ok
17:20:50.0620 5828 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:20:50.0674 5828 RapiMgr - ok
17:20:50.0722 5828 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:20:50.0807 5828 RasAcd - ok
17:20:50.0862 5828 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:20:50.0920 5828 RasAuto - ok
17:20:50.0962 5828 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:51.0033 5828 Rasl2tp - ok
17:20:51.0078 5828 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:20:51.0129 5828 RasMan - ok
17:20:51.0180 5828 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:51.0216 5828 RasPppoe - ok
17:20:51.0260 5828 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:20:51.0350 5828 RasSstp - ok
17:20:51.0420 5828 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:20:51.0498 5828 rdbss - ok
17:20:51.0550 5828 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:51.0640 5828 RDPCDD - ok
17:20:51.0698 5828 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:20:51.0802 5828 rdpdr - ok
17:20:51.0833 5828 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:20:51.0922 5828 RDPENCDD - ok
17:20:51.0990 5828 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:20:52.0088 5828 RDPWD - ok
17:20:52.0148 5828 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:20:52.0198 5828 RemoteAccess - ok
17:20:52.0262 5828 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:20:52.0295 5828 RemoteRegistry - ok
17:20:52.0421 5828 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:20:52.0445 5828 RichVideo - ok
17:20:52.0505 5828 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:20:52.0584 5828 ROOTMODEM - ok
17:20:52.0635 5828 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:20:52.0733 5828 RpcLocator - ok
17:20:52.0769 5828 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:20:52.0814 5828 RpcSs - ok
17:20:52.0900 5828 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:20:52.0947 5828 rspndr - ok
17:20:53.0029 5828 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:20:53.0069 5828 RTL8169 - ok
17:20:53.0104 5828 [ D1FB9A678BD6C2B1129FCB09D5FEB6DD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
17:20:53.0170 5828 RTSTOR - ok
17:20:53.0193 5828 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:20:53.0215 5828 SamSs - ok
17:20:53.0267 5828 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:20:53.0296 5828 sbp2port - ok
17:20:53.0405 5828 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:20:53.0463 5828 SCardSvr - ok
17:20:53.0540 5828 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:20:53.0634 5828 Schedule - ok
17:20:53.0681 5828 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:20:53.0727 5828 SCPolicySvc - ok
17:20:53.0797 5828 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:20:53.0903 5828 SDRSVC - ok
17:20:53.0964 5828 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:20:54.0039 5828 secdrv - ok
17:20:54.0098 5828 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:20:54.0180 5828 seclogon - ok
17:20:54.0213 5828 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:20:54.0269 5828 SENS - ok
17:20:54.0341 5828 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:20:54.0424 5828 Serenum - ok
17:20:54.0483 5828 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:20:54.0576 5828 Serial - ok
17:20:54.0615 5828 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:20:54.0658 5828 sermouse - ok
17:20:54.0719 5828 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:20:54.0760 5828 SessionEnv - ok
17:20:54.0818 5828 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:20:54.0935 5828 sffdisk - ok
17:20:54.0968 5828 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:20:55.0034 5828 sffp_mmc - ok
17:20:55.0063 5828 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:20:55.0195 5828 sffp_sd - ok
17:20:55.0223 5828 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:20:55.0313 5828 sfloppy - ok
17:20:55.0347 5828 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:20:55.0456 5828 SharedAccess - ok
17:20:55.0526 5828 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:20:55.0603 5828 ShellHWDetection - ok
17:20:55.0670 5828 [ 93BEACC3815A4653A655C8BD7622FF63 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
17:20:55.0690 5828 Si3531 - ok
17:20:55.0741 5828 [ 165448BC832D424B97270C8D1276E24A ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
17:20:55.0761 5828 SiFilter - ok
17:20:55.0769 5828 [ 9BE8EA3A8C7E6D47E710F6FA14B7442B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
17:20:55.0788 5828 SiRemFil - ok
17:20:55.0820 5828 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:20:55.0843 5828 SiSRaid2 - ok
17:20:55.0890 5828 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:20:55.0916 5828 SiSRaid4 - ok
17:20:56.0057 5828 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:20:56.0386 5828 slsvc - ok
17:20:56.0461 5828 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:20:56.0507 5828 SLUINotify - ok
17:20:56.0549 5828 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:20:56.0601 5828 Smb - ok
17:20:56.0647 5828 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:20:56.0669 5828 SNMPTRAP - ok
17:20:56.0730 5828 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:20:56.0758 5828 spldr - ok
17:20:56.0822 5828 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:20:56.0945 5828 Spooler - ok
17:20:56.0984 5828 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:20:57.0095 5828 srv - ok
17:20:57.0149 5828 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:20:57.0207 5828 srv2 - ok
17:20:57.0333 5828 [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
17:20:57.0477 5828 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
17:20:57.0477 5828 srvcPVR - detected UnsignedFile.Multi.Generic (1)
17:20:57.0543 5828 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:20:57.0574 5828 srvnet - ok
17:20:57.0657 5828 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:20:57.0718 5828 SSDPSRV - ok
17:20:57.0783 5828 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:20:57.0852 5828 ssmdrv - ok
17:20:57.0921 5828 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:20:58.0002 5828 SstpSvc - ok
17:20:58.0081 5828 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:20:58.0134 5828 stisvc - ok
17:20:58.0169 5828 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:20:58.0196 5828 swenum - ok
17:20:58.0265 5828 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:20:58.0348 5828 swprv - ok
17:20:58.0451 5828 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:20:58.0476 5828 Symc8xx - ok
17:20:58.0528 5828 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:20:58.0552 5828 Sym_hi - ok
17:20:58.0591 5828 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:20:58.0618 5828 Sym_u3 - ok
17:20:58.0654 5828 [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:20:58.0687 5828 SynTP - ok
17:20:58.0785 5828 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:20:58.0860 5828 SysMain - ok
17:20:58.0908 5828 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:20:58.0948 5828 TabletInputService - ok
17:20:59.0043 5828 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:20:59.0113 5828 TapiSrv - ok
17:20:59.0168 5828 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:20:59.0211 5828 TBS - ok
17:20:59.0306 5828 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:20:59.0470 5828 Tcpip - ok
17:20:59.0507 5828 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:20:59.0572 5828 Tcpip6 - ok
17:20:59.0605 5828 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:20:59.0811 5828 tcpipreg - ok
17:20:59.0840 5828 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:20:59.0884 5828 TDPIPE - ok
17:20:59.0944 5828 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:21:00.0046 5828 TDTCP - ok
17:21:00.0083 5828 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:21:00.0121 5828 tdx - ok
17:21:00.0298 5828 [ B357451A6958E2B7B506FB1D08271BE6 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
17:21:00.0500 5828 TeamViewer6 - ok
17:21:00.0528 5828 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:21:00.0565 5828 TermDD - ok
17:21:00.0635 5828 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:21:00.0682 5828 TermService - ok
17:21:00.0724 5828 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:21:00.0753 5828 Themes - ok
17:21:00.0808 5828 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:21:00.0846 5828 THREADORDER - ok
17:21:00.0889 5828 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:21:00.0971 5828 TrkWks - ok
17:21:01.0053 5828 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:01.0095 5828 TrustedInstaller - ok
17:21:01.0156 5828 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:01.0217 5828 tssecsrv - ok
17:21:01.0283 5828 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:21:01.0360 5828 tunmp - ok
17:21:01.0414 5828 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:21:01.0467 5828 tunnel - ok
17:21:01.0527 5828 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:21:01.0554 5828 uagp35 - ok
17:21:01.0613 5828 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:21:01.0666 5828 udfs - ok
17:21:01.0711 5828 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:21:01.0764 5828 UI0Detect - ok
17:21:01.0789 5828 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:21:01.0817 5828 uliagpkx - ok
17:21:01.0872 5828 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:21:01.0905 5828 uliahci - ok
17:21:01.0920 5828 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:21:01.0947 5828 UlSata - ok
17:21:02.0012 5828 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:21:02.0041 5828 ulsata2 - ok
17:21:02.0083 5828 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:21:02.0143 5828 umbus - ok
17:21:02.0211 5828 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:21:02.0258 5828 upnphost - ok
17:21:02.0294 5828 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:02.0358 5828 usbccgp - ok
17:21:02.0386 5828 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:21:02.0463 5828 usbcir - ok
17:21:02.0504 5828 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:21:02.0558 5828 usbehci - ok
17:21:02.0628 5828 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:21:02.0671 5828 usbhub - ok
17:21:02.0695 5828 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:21:02.0782 5828 usbohci - ok
17:21:02.0823 5828 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:21:02.0904 5828 usbprint - ok
17:21:02.0955 5828 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:21:03.0009 5828 usbscan - ok
17:21:03.0031 5828 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:03.0078 5828 USBSTOR - ok
17:21:03.0178 5828 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:03.0208 5828 usbuhci - ok
17:21:03.0272 5828 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:21:03.0390 5828 usbvideo - ok
17:21:03.0455 5828 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:21:03.0501 5828 UxSms - ok
17:21:03.0550 5828 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:21:03.0624 5828 vds - ok
17:21:03.0671 5828 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:03.0756 5828 vga - ok
17:21:03.0801 5828 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:21:03.0878 5828 VgaSave - ok
17:21:03.0933 5828 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:21:03.0958 5828 viaagp - ok
17:21:04.0001 5828 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:21:04.0111 5828 ViaC7 - ok
17:21:04.0193 5828 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
17:21:04.0228 5828 viaide - ok
17:21:04.0294 5828 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:21:04.0322 5828 volmgr - ok
17:21:04.0381 5828 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:21:04.0426 5828 volmgrx - ok
17:21:04.0499 5828 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:21:04.0538 5828 volsnap - ok
17:21:04.0581 5828 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:21:04.0612 5828 vsmraid - ok
17:21:04.0726 5828 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:21:04.0857 5828 VSS - ok
17:21:04.0916 5828 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:21:04.0974 5828 W32Time - ok
17:21:05.0037 5828 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:21:05.0112 5828 WacomPen - ok
17:21:05.0178 5828 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:21:05.0234 5828 Wanarp - ok
17:21:05.0240 5828 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:21:05.0271 5828 Wanarpv6 - ok
17:21:05.0316 5828 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:21:05.0418 5828 WcesComm - ok
17:21:05.0479 5828 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:21:05.0553 5828 wcncsvc - ok
17:21:05.0605 5828 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:05.0660 5828 WcsPlugInService - ok
17:21:05.0716 5828 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
17:21:05.0740 5828 Wd - ok
17:21:05.0796 5828 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:21:05.0836 5828 Wdf01000 - ok
17:21:05.0931 5828 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:21:05.0988 5828 WdiServiceHost - ok
17:21:05.0994 5828 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:21:06.0033 5828 WdiSystemHost - ok
17:21:06.0069 5828 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:21:06.0113 5828 WebClient - ok
17:21:06.0183 5828 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:21:06.0287 5828 Wecsvc - ok
17:21:06.0312 5828 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:21:06.0348 5828 wercplsupport - ok
17:21:06.0445 5828 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:21:06.0478 5828 WerSvc - ok
17:21:06.0654 5828 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:21:06.0691 5828 WinDefend - ok
17:21:06.0701 5828 WinHttpAutoProxySvc - ok
17:21:06.0839 5828 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:21:06.0893 5828 Winmgmt - ok
17:21:07.0027 5828 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:21:07.0148 5828 WinRM - ok
17:21:07.0220 5828 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
17:21:07.0258 5828 winusb - ok
17:21:07.0313 5828 [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
17:21:07.0336 5828 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
17:21:07.0336 5828 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
17:21:07.0390 5828 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:21:07.0507 5828 Wlansvc - ok
17:21:07.0646 5828 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:21:07.0876 5828 wlidsvc - ok
17:21:07.0924 5828 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:21:07.0969 5828 WmiAcpi - ok
17:21:08.0012 5828 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:21:08.0042 5828 wmiApSrv - ok
17:21:08.0154 5828 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:21:08.0274 5828 WMPNetworkSvc - ok
17:21:08.0284 5828 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:21:08.0361 5828 WPCSvc - ok
17:21:08.0397 5828 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:21:08.0497 5828 WPDBusEnum - ok
17:21:08.0544 5828 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:21:08.0593 5828 WpdUsb - ok
17:21:08.0751 5828 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:21:08.0788 5828 WPFFontCache_v0400 - ok
17:21:08.0846 5828 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:21:08.0909 5828 ws2ifsl - ok
17:21:08.0993 5828 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:21:09.0031 5828 wscsvc - ok
17:21:09.0038 5828 WSearch - ok
17:21:09.0156 5828 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:21:09.0348 5828 wuauserv - ok
17:21:09.0462 5828 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:21:09.0495 5828 WudfPf - ok
17:21:09.0534 5828 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:09.0566 5828 WUDFRd - ok
17:21:09.0639 5828 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:21:09.0664 5828 wudfsvc - ok
17:21:09.0710 5828 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
17:21:09.0732 5828 X10Hid - ok
17:21:09.0828 5828 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:21:09.0853 5828 x10nets ( UnsignedFile.Multi.Generic ) - warning
17:21:09.0853 5828 x10nets - detected UnsignedFile.Multi.Generic (1)
17:21:09.0938 5828 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
17:21:09.0953 5828 XUIF - ok
17:21:10.0021 5828 ================ Scan global ===============================
17:21:10.0052 5828 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:21:10.0106 5828 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:21:10.0184 5828 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:21:10.0270 5828 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:21:10.0275 5828 [Global] - ok
17:21:10.0276 5828 ================ Scan MBR ==================================
17:21:10.0329 5828 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:21:11.0441 5828 \Device\Harddisk0\DR0 - ok
17:21:11.0441 5828 ================ Scan VBR ==================================
17:21:11.0511 5828 [ B4C4917E8BA6BA8E80EE85DDB113C87F ] \Device\Harddisk0\DR0\Partition1
17:21:11.0513 5828 \Device\Harddisk0\DR0\Partition1 - ok
17:21:11.0551 5828 [ F5BBA773CC17D10C649B6715D81D63AD ] \Device\Harddisk0\DR0\Partition2
17:21:11.0554 5828 \Device\Harddisk0\DR0\Partition2 - ok
17:21:11.0554 5828 ============================================================
17:21:11.0554 5828 Scan finished
17:21:11.0554 5828 ============================================================
17:21:11.0570 4016 Detected object count: 17
17:21:11.0570 4016 Actual detected object count: 17
17:42:12.0366 4016 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0366 4016 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0369 4016 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0369 4016 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0372 4016 AVMCOWAN ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0372 4016 AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0375 4016 AVMPORT ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0376 4016 AVMPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0376 4016 BAPDBASE ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0376 4016 BAPDBASE ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0380 4016 bfhubase ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0381 4016 bfhubase ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0384 4016 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0384 4016 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0387 4016 CAPI_CIP ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0387 4016 CAPI_CIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0390 4016 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0390 4016 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0397 4016 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0397 4016 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0398 4016 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0398 4016 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0398 4016 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0399 4016 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0401 4016 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0401 4016 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0404 4016 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0404 4016 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0406 4016 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0406 4016 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0409 4016 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0412 4016 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:12.0412 4016 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:12.0412 4016 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:22.0632 0220 Deinitialize success
|
|
08.07.2013, 17:06
| #8 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 21:10
| #9 |
| | vista > nach Virenelimination verdammt träge Hi hier die log aber das Sicherheitscenter meldet nun, dass avira nicht aktiv ist, obwohl der "Schirm" aufgespannt ist und es überwacht.... Code:
ATTFilter ComboFix 13-07-08.02 - Admin 08.07.2013 18:16:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.988 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 16:27 . 2013-07-08 16:27 -------- d-----w- c:\users\Schächer\AppData\Local\temp
2013-07-08 16:27 . 2013-07-08 16:27 -------- d-----w- c:\users\Dörthe\AppData\Local\temp
2013-07-08 16:27 . 2013-07-08 16:27 -------- d-----w- c:\users\DIDI\AppData\Local\temp
2013-07-08 16:27 . 2013-07-08 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 16:27 . 2013-07-08 16:27 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-07-08 15:26 . 2013-06-17 00:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A910A639-9686-417F-AF77-10FA329E8BD7}\mpengine.dll
2013-07-05 07:25 . 2013-07-05 07:25 -------- d-----w- c:\users\Admin\AppData\Local\Garmin
2013-07-05 07:17 . 2013-07-05 07:17 -------- d-----w- c:\programdata\Package Cache
2013-07-04 21:52 . 2013-07-04 21:52 -------- d-----w- c:\program files\ESET
2013-07-03 17:12 . 2013-07-03 17:12 -------- d-----w- c:\program files\Common Files\Java
2013-07-03 17:12 . 2013-07-03 17:11 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-03 17:12 . 2013-07-03 17:11 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-03 17:11 . 2013-07-03 17:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 17:00 . 2013-07-03 17:00 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2013-06-13 09:26 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 09:26 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 09:26 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 09:26 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 09:26 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 09:26 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 09:26 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 09:26 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 09:26 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 09:25 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 09:25 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2009-10-03 14:35 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 12:03 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 12:03 37376 ----a-w- c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-02 345144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2670825878-3188729077-2627626819-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2670825878-3188729077-2627626819-1005]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.netcologne.de
mWindow Title = Internet Explorer bereitgestellt von NetCologne
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4
TCP: DhcpNameServer = 192.168.178.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-08 18:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2013-07-08 18:43:10
ComboFix-quarantined-files.txt 2013-07-08 16:43
.
Vor Suchlauf: 8 Verzeichnis(se), 54.830.075.904 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 62.108.532.736 Bytes frei
.
- - End Of File - - D05711269F136D6E706E64606A98479A
5C616939100B85E558DA92B899A0FC36
|
|
08.07.2013, 21:17
| #10 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge Hi, Auch nach Neustart? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 06:32
| #11 |
| | vista > nach Virenelimination verdammt träge Guten Morgen markusg, ja auch nach einem Neustart ist avira angeblich wieder inaktiv - was nicht stimmt - und der W-Defender wieder abgeschaltet, den hatte ich zuvor als Admin eingeschaltet..... Erstes kann man doch in der regedit irgendow fixen, weiß bloß nicht mehr wo und wie.. hier die log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.08.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: DIDI-PC [Administrator] Schutz: Aktiviert 08.07.2013 22:29:02 mbam-log-2013-07-08 (22-29-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473248 Laufzeit: 1 Stunde(n), 52 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von käthe-ig (09.07.2013 um 06:42 Uhr) |
|
09.07.2013, 10:41
| #12 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge Hi, jetzt schaun wir erst mal welche Avira Version etc du hast. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 19:04
| #13 |
| | vista > nach Virenelimination verdammt träge Hi markusg, ich habe versucht, die Liste durchzugehen. Dabei ist mir aufgefallen, dass ich einiges, was da drin steht einfach immer als "so muss das schon" betrachtet habe. Daher gibt es relativ viele Einträge mit unbekannt. Kann natürlich sein, dass die unbedingt notwendig sind. Es gibt aber auch Einträge mit "unnötig", kann aber sein, dass das Programm aber eines Eurer Empfehlungen ist, aber erst einmal nicht unbedingt notwendig für mich.... Auch wenn ich in der Liste ein Programm als unbedingt notwendig markiert habe, bitte einen Hinweis, wenn ich mir das nocheinmal überlegen sollte. Beratungsresistent sind doch immer alle Anderen  Code:
ATTFilter notwendig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 02.11.2007 122MB notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 23.02.2013 11.6.602.168 notwendig Adobe Reader 8.1.3 - Deutsch Adobe Systems Incorporated 23.02.2013 99,7MB 8.1.3 notwendig Adobe Shockwave Player Adobe Systems, Inc. 02.11.2007 10.2.0.23 unbekannt Agere Systems HDA Modem Agere Systems 18.09.2007 unnötig AuthenTec Fingerprint Sensor Minimum Install AuthenTec 18.09.2007 2,34MB 7.9.0 notwendig Avira Free Antivirus Avira 02.07.2013 64,8MB 13.0.0.3737 notwendig Brother MFL-Pro Suite Brother Industries, Ltd. 05.12.2008 9,77MB 1.00 notwendig CCleaner Piriform 19.06.2013 5,64MB 4.03 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 20.01.2013 174MB 12.0.6612.1000 unnötig EA SPORTS online 2008 25.06.2008 2,93MB unbekannt Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 24.09.2007 6,57MB 2.0.0.1 notwendig Garmin Communicator Plugin Garmin Ltd or its subsidiaries 23.11.2012 14,6MB 4.0.3 notwendig Garmin Express Garmin Ltd or its subsidiaries 05.07.2013 848KB 2.1.13 notwendig Garmin Lifetime Updater Garmin 23.11.2012 43,0MB 2.1.11 unnötig Google Desktop Google 28.06.2010 17,0MB 5.9.1005.12335 unbekannt Intel(R) Graphics Media Accelerator Driver 02.11.2007 unbekannt Intel(R) Matrix Storage Manager 02.11.2007 3,77MB unnötig IrfanView (remove only) Irfan Skiljan 24.07.2010 1,66MB 4.27 unbekannt Java 7 Update 25 Oracle 03.07.2013 129MB 7.0.250 unbekannt Launch Manager V1.4.8 Wistron Corp. 18.09.2007 0,98MB 1.4.8 unbekannt LetsTrade Komponenten 02.11.2007 11,6MB unbekannt MakeDisc CyberLink Corporation 02.11.2007 98,8MB 3.0.1924c2 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 08.07.2013 13,3MB 1.75.0.1300 unnötig MediaShow CyberLink Corporation 02.11.2007 33,0MB 3.0.4226 unnötig MEDIONbox Medion 18.09.2007 26,9MB 1.09.0000.00050 unbekannt Microsoft .NET Framework 1.1 18.09.2007 unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 25.04.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 28.02.2009 36,9MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.06.2010 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.06.2010 24,5MB 4.0.30319 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 13.06.2010 506KB 2.0.4024.1 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 20.01.2013 76,3MB 12.0.6612.1000 notwendig Microsoft Office XP Professional mit FrontPage Microsoft Corporation 23.06.2011 317MB 10.0.6626.0 unbekannt Microsoft Silverlight Microsoft Corporation 21.03.2013 1,15MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.04.2009 1,74MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 25.04.2009 624KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 25.04.2009 1,44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 22.08.2009 251KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.06.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 22.08.2009 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.05.2011 592KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.03.2009 586KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2010 588KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 23.06.2011 594KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.06.2012 11,1MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 13.10.2012 378MB 9.7.0621 unbekannt MSXML 4.0 SP2 (KB925672) Microsoft Corporation 18.09.2007 1,23MB 4.20.9839.0 unbekannt MSXML 4.0 SP2 (KB927978) Microsoft Corporation 18.09.2007 1,23MB 4.20.9841.0 unbekannt MSXML 4.0 SP2 (KB936181) Microsoft Corporation 18.09.2007 1,26MB 4.20.9848.0 unbekannt MSXML 4.0 SP2 (KB941833) Microsoft Corporation 07.01.2008 1,26MB 4.20.9849.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 05.12.2008 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 notwendig Nero 7 Essentials Nero AG 18.09.2007 512MB 7.02.5182 notwendig Paint.NET v3.5.5 dotPDN LLC 24.07.2010 10,2MB 3.55.0 unbekannt PaperPort Image Printer Nuance Communications, Inc. 05.12.2008 389KB 1.00.0000 unnötig PhotoNow! 1.0 CyberLink Corporation 02.11.2007 1,57MB 3.0.4310 notwendig PowerDirector 02.11.2007 130MB notwendig PowerDV CyberLink Corp. 02.11.2007 51,6MB 2.0 notwendig PowerDVD CyberLink Corporation 02.11.2007 89,4MB 7.0.3118.0 notwendig PowerProducer 02.11.2007 162MB notwendig Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 18.09.2007 680KB 1.00.0000 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.09.2007 15,4MB 6.0.1.5477 notwendig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 18.09.2007 2,84MB unbekannt ScanSoft PaperPort 11 Nuance Communications, Inc. 05.12.2008 128MB 11.1.0000 unbekannt Sceneo AbsolutTV 02.11.2007 4,79MB unbekannt Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 29.07.2008 32,5MB 8.0.0 notwendig Synaptics Pointing Device Driver Synaptics 18.09.2007 13,6MB 10.0.14.0 notwendig TeamViewer 6 TeamViewer GmbH 28.08.2011 16,1MB 6.0.11052 unbekannt TVsweeper Sonavis 18.09.2007 4,02MB 3.0.2 unnötig Ulead PhotoImpact 12 Ulead System 02.11.2007 389MB 12.0 unbekannt Windows Live Essentials Microsoft Corporation 25.04.2009 103MB 14.0.8064.0206 unbekannt Windows Live ID-Anmelde-Assistent Microsoft Corporation 13.06.2010 4,68MB 6.500.3165.0 unbekannt Windows Live Sync Microsoft Corporation 25.04.2009 2,79MB 14.0.8064.206 unbekannt Windows Live-Uploadtool Microsoft Corporation 25.04.2009 225KB 14.0.8014.1029 unbekannt X10 Hardware(TM) 02.11.2007 28,0KB unbekannt XnView 1.97.6 Gougelet Pierre-e 24.07.2010 6,85MB 1.97.6 |
|
09.07.2013, 21:08
| #14 |
| /// Malware-holic | vista > nach Virenelimination verdammt träge Hi, bitte alle Arbeitsschritte ausführen, wenn sie Problemlos verlaufen, und beide Logs zusammen posten 1. ^deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AuthenTec EA Google Desktop IrfanView LetsTrade Malwarebytes MediaShow MEDIONbox PhotoNow Sceneo Spelling TVsweeper Ulead Windows Live : alle für dich unnötigen 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
neustarten. 3. Hitmanpro laden,: Hitman Pro - Download - Filepony Doppelklicken, Scan klicken. Nichts löschen, Log speichern unter und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.07.2013, 23:21
| #15 |
| | vista > nach Virenelimination verdammt träge Guten Abend markusg, war die letzten Tage schwer eingespannt, aber hier die Logs: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 14/07/2013 um 00:03:45 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Admin - DIDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [715 octets] - [14/07/2013 00:03:45]
########## EOF - C:\AdwCleaner[S1].txt - [774 octets] ##########
Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : DIDI-PC
Windows . . . . . . . : 6.0.2.6002.X86/2
User name . . . . . . : DIDI-PC\Admin
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-14 00:12:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 30
Objects scanned . . . : 2.041.068
Files scanned . . . . : 32.712
Remnants scanned . . : 561.020 files / 1.447.336 keys
Cookies _____________________________________________________________________
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5ZCEP0LV.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\60QA5WVW.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CZ6HF627.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ERLX446Y.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G8FI4WRX.txt
|
|
| Themen zu vista > nach Virenelimination verdammt träge |
| adobe, antivir, autorun, avg, bho, computer, defender, ebay, error, excel, explorer, firefox, flash player, format, home, install.exe, intranet, launch, logfile, msvcr80.dll, ntdll.dll, plug-in, realtek, registry, rundll, scan, software, svchost.exe, temp, udp, vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
