| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira Antivir Guard startet langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2012, 00:22
| #1 |
 |  Avira Antivir Guard startet langsam Hallo, guten Abend! Als Entschuldigung für mögliche Fehler schicke ich mal voraus, dass es mein erster Post ist. Mein Problem ist, dass nach dem Neu-Aufsetzen meines Systems (Windows XP SP 3) der Antivir-Guard nach dem Hochfahren des Notebooks relativ langsam startet, zumindest im Vergleich zu früher. Es dauert etwa 40 Sekunden bis 2 Minuten. Auch blinkt die Sanduhr mehrfach und längere Zeit auf. Im Task-Manager sehe ich, dass die sogenannte avwsc.exe in dieser Zeit eine hohe CPU-Auslastung verursacht. Auch ist mir beim direkten Herunterfahren nach dem Hochfahren des Systems aufgefallen, dass Windows meldet, die "Avira Antivir systray" könne nicht beendet werden. Falls es von Bedeutung ist: Auch die Systemuhr ging plötzlich eine Stunde nach. Nach einmaliger Korrektur läuft sie bisher seitdem richtig. Zudem hab ich die Autorun-Funktionen mit Tweak Ui ausgeschaltet. Ich hatte nach der Windows-Neuinstallation ein O&O-Image aufgespielt, auf dem SP3 und einige wenige Programme bereits drauf waren / sind. Meine Frage und Sorge wäre, ob vielleicht etwas Schädliches die Ursache hierfür ist? Vielleicht guckt einer netterweise mal über das Logfile. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:21:23, on 13.12.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre7\bin\jqs.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\OO Software\DiskImage\oodiag.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Programme\TP-LINK\TL-WN821N\TWCU.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\dmadmin.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Opera\opera.exe C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [TWCU] C:\Programme\TP-LINK\TL-WN821N\TWCU.exe -nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1123561945-484763869-682003330-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Phase Omega') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355168424970 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: TP-LINK-Konfigurationsdienst (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: O&O DiskImage - Unknown owner - C:\Programme\OO Software\DiskImage\oodiag.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6788 bytes Geändert von IlMito (13.12.2012 um 00:45 Uhr) |
|
13.12.2012, 16:47
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira Antivir Guard startet langsam Hallo und
__________________ Bitte keine Hijackthis-Logfiles posten!!! Zitat:
Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
13.12.2012, 18:28
| #3 |
| | Avira Antivir Guard startet langsam Hi, danke für die Antwort! Ältere Logs von Malwarebytes Anti-Malware und Antivir hab ich noch recht viele:
__________________[code] Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 +++ :: NOTEBOOK [Administrator] 13.12.2012 11:26:14 mbam-log-2012-12-13 (11-26-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272534 Laufzeit: 1 Stunde(n), 7 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.12.2012 16:55:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\+++\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,16 Mb Total Physical Memory | 278,18 Mb Available Physical Memory | 31,11% Memory free 2,12 Gb Paging File | 1,49 Gb Available in Paging File | 70,41% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 17,58 Gb Total Space | 7,27 Gb Free Space | 41,33% Space Free | Partition Type: NTFS Drive D: | 56,94 Gb Total Space | 51,81 Gb Free Space | 90,99% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: +++ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.13 16:55:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\+++\Desktop\OTL.exe PRC - [2012.12.12 18:32:01 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.07.29 10:37:34 | 000,557,148 | ---- | M] (TP-LINK) -- C:\Programme\TP-LINK\TL-WN821N\TWCU.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.06.06 16:59:20 | 001,869,056 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodiag.exe PRC - [2008.05.27 04:21:04 | 000,467,029 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.24 21:20:30 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.07.17 08:59:48 | 000,401,552 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll MOD - [2009.07.15 11:19:36 | 000,163,840 | ---- | M] () -- C:\Programme\TP-LINK\TL-WN821N\oemresloc.dll MOD - [2008.06.06 16:59:50 | 000,111,872 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishi.dll MOD - [2008.06.06 16:59:20 | 001,869,056 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodiag.exe MOD - [2008.06.06 16:59:02 | 000,349,440 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishrs.dll MOD - [2008.06.06 16:58:54 | 001,537,280 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodiagrs.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 18:32:01 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008.06.06 16:59:20 | 001,869,056 | ---- | M] () [Auto | Running] -- C:\Programme\OO Software\DiskImage\oodiag.exe -- (O&O DiskImage) SRV - [2008.05.27 04:21:04 | 000,467,029 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.12.13 16:50:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.12.01 10:32:24 | 000,458,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK) DRV - [2008.06.06 17:03:52 | 000,031,240 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\oodivdh.sys -- (oodivdh) DRV - [2008.06.06 17:03:42 | 000,128,520 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\oodivd.sys -- (oodivd) DRV - [2008.06.06 17:03:30 | 000,028,680 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\oodisrh.sys -- (oodisrh) DRV - [2008.06.06 17:03:20 | 000,094,728 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\oodisr.sys -- (oodisr) DRV - [2007.12.13 20:31:02 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2005.04.05 21:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.03.25 15:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005.02.16 16:47:14 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.12.02 15:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=de IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "heute.de" FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.12 19:25:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.12 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Mozilla\Extensions [2012.12.12 19:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Mozilla\Firefox\Profiles\zq88ssky.default\extensions [2012.12.12 19:49:16 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Mozilla\Firefox\Profiles\zq88ssky.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.12.12 19:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.12 17:47:54 | 000,444,929 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15281 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TL-WN821N\TWCU.exe (TP-LINK) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355168424970 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9991D57A-2113-42BB-8803-DD0083A27728}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.06 13:10:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 16:55:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\+++\Desktop\OTL.exe [2012.12.13 16:50:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.12.13 14:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2012.12.13 14:51:18 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2012.12.13 14:50:55 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2012.12.13 14:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance [2012.12.13 14:09:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation [2012.12.13 14:04:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Windows 7 Upgrade Advisor [2012.12.12 22:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Avira [2012.12.12 22:34:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.12.12 22:34:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.12 22:33:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.12.12 22:33:50 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.12.12 22:33:50 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.12.12 22:33:50 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.12.12 22:33:49 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.12.12 22:33:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.12.12 19:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\QuickScan [2012.12.12 19:38:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\+++\Desktop\HiJackThis204.exe [2012.12.12 19:33:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Foxit Software [2012.12.12 19:31:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2012.12.12 19:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Eigene Dateien\Downloads [2012.12.12 19:25:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.12.12 19:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Mozilla [2012.12.12 19:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.12.12 19:25:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.12.12 19:25:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.12.12 18:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.12.12 18:04:05 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.12.12 18:03:58 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.12.12 18:03:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.11 11:14:10 | 000,000,000 | ---D | C] -- C:\bd_logs [2012.12.10 23:15:59 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.10 20:34:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.13 16:55:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\+++\Desktop\OTL.exe [2012.12.13 16:54:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\+++\defogger_reenable [2012.12.13 16:53:48 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\+++\Desktop\Defogger.exe [2012.12.13 16:50:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.12.13 16:46:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.13 16:33:47 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.13 15:00:02 | 000,526,724 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.13 15:00:02 | 000,501,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.13 15:00:02 | 000,104,746 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.13 15:00:02 | 000,087,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.13 14:15:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.13 14:04:52 | 000,001,834 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk [2012.12.12 22:34:30 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.12.12 19:38:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\+++\Desktop\HiJackThis204.exe [2012.12.12 18:05:10 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.12.12 17:50:03 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 17:47:54 | 000,444,929 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.12.12 17:35:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.13 16:54:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\+++\defogger_reenable [2012.12.13 16:53:47 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\+++\Desktop\Defogger.exe [2012.12.13 14:04:52 | 000,001,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows 7 Upgrade Advisor.lnk [2012.12.13 14:04:52 | 000,001,834 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk [2012.12.12 22:34:30 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.12.12 18:05:10 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.12.10 20:34:47 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf [2012.01.08 17:15:28 | 000,008,192 | ---- | C] () -- C:\Dokumente und Einstellungen\+++\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.07 15:02:13 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2012.01.07 15:01:57 | 000,401,552 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll [2012.01.07 14:28:11 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.01.07 14:19:53 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.01.06 19:44:46 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\+++\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.01.06 14:03:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012.01.06 14:03:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2012.01.06 13:34:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2012.01.06 13:34:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.01.06 13:34:56 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2012.01.06 13:19:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.06 13:15:29 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2012.01.06 13:06:43 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.06 12:53:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.06 12:52:08 | 000,132,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2012.01.06 13:13:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 21:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.12 18:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.01.07 14:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.01.06 15:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OO Software [2012.01.07 15:01:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2012.01.07 14:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.01.07 14:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Canneverbe Limited [2012.12.12 19:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Foxit Software [2012.01.07 13:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\OpenOffice.org [2012.01.06 23:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\Opera [2012.12.12 19:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\+++\Anwendungsdaten\QuickScan ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.12.2012 16:55:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\+++\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,16 Mb Total Physical Memory | 278,18 Mb Available Physical Memory | 31,11% Memory free
2,12 Gb Paging File | 1,49 Gb Available in Paging File | 70,41% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,58 Gb Total Space | 7,27 Gb Free Space | 41,33% Space Free | Partition Type: NTFS
Drive D: | 56,94 Gb Total Space | 51,81 Gb Free Space | 90,99% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: +++ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{534806D0-9B0B-41FA-A7BE-C294AAB7B31F}" = O&O DiskImage Professional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F55747-2B88-4F02-82FE-A7CD11FD9A7D}" = TL-WN821N-Drahtlos-Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E74A1D67-FFFE-4A15-9287-50B3C0465454}" = TL-WN821N-Drahtlos-Tool
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Foxit Reader_is1" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.11.1661" = Opera 12.11
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.1.11
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2012 18:35:57 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2722609
Error - 14.03.2012 18:35:57 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2722609
Error - 15.03.2012 08:29:26 | Computer Name = NOTEBOOK | Source = O&O DiskImage | ID = 2
Description =
Error - 15.03.2012 08:29:26 | Computer Name = NOTEBOOK | Source = O&O DiskImage | ID = 2
Description =
Error - 11.12.2012 04:54:49 | Computer Name = NOTEBOOK | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 11.12.2012 06:10:30 | Computer Name = NOTEBOOK | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 12.12.2012 03:25:42 | Computer Name = NOTEBOOK | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 12.12.2012 14:54:04 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 12.12.2012 14:54:11 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 13.12.2012 11:36:12 | Computer Name = NOTEBOOK | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
[ System Events ]
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:31:11 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 10.12.2012 15:40:36 | Computer Name = NOTEBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800703e3 fehlgeschlagen: Automatische Updates
Error - 10.12.2012 17:04:14 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "O&O DiskImage" wurde nicht ordnungsgemäß gestartet.
< End of report >
Ok, fahre dann jetzt mit Schritt 3 fort. Vielen Dank im Voraus! |
|
13.12.2012, 19:25
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsamZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.12.2012, 19:39
| #5 |
| | Avira Antivir Guard startet langsam Hi! Sry, hatte verstanden das Malwarebytes-Log so oder so posten, wenn eins vorhanden ist. Ein Befund hab ich nicht. Hatte mit Malwarebytes, Avira Antivir und Bitdefender Online-Scan scannen lassen, wurde nichts gefunden. Hab nur die beschriebenen Symptome, die mich etwas beunruhigen. Hab das Thema, wie angegeben, neu erstellt. hxxp://www.trojaner-board.de/128126-windows-avira-antivir-guard-starten-langsam.html#post972038 |
|
13.12.2012, 20:42
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsam Was soll denn ein neuer zum selben Thema, etwas sinnfrei oder!?  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Avira Antivir Guard startet langsam |
|
13.12.2012, 21:30
| #7 |
| | Avira Antivir Guard startet langsam Ok, kapiert  Hier die Gmer- und aswMBRr-Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-13 18:14:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2080AT rev.0022
Running: k3914zur.exe; Driver: C:\DOKUME~1\JA13B~1.EIS\LOKALE~1\Temp\kxroqpow.sys
---- System - GMER 1.0.15 ----
SSDT F7C22C84 ZwClose
SSDT F7C22C3E ZwCreateKey
SSDT F7C22C8E ZwCreateSection
SSDT F7C22C34 ZwCreateThread
SSDT F7C22C43 ZwDeleteKey
SSDT F7C22C4D ZwDeleteValueKey
SSDT F7C22C7F ZwDuplicateObject
SSDT F7C22C52 ZwLoadKey
SSDT F7C22C20 ZwOpenProcess
SSDT F7C22C25 ZwOpenThread
SSDT F7C22CA7 ZwQueryValueKey
SSDT F7C22C5C ZwReplaceKey
SSDT F7C22C98 ZwRequestWaitReplyPort
SSDT F7C22C57 ZwRestoreKey
SSDT F7C22C93 ZwSetContextThread
SSDT F7C22C9D ZwSetSecurityObject
SSDT F7C22C48 ZwSetValueKey
SSDT F7C22CA2 ZwSystemDebugControl
SSDT F7C22C2F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6FEA23F]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs oodisrh.sys (O&O DiskImage Snapshot/Restore Helper Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI03.00.00.01PRO CA2E6C23EC3C94153227B9DF66619B37701EC3498625605DB9C69E302D52328E9A1127560AA39EE66DD3239C6E30B0D9217DA0CE81E205F8CCD237F9B989235B9344084F2C69B80556D01E9F24ED8DE9BD7893DC1263DFF90E3D0533CA40FDC0C53663B110FB35939834877BEF039950B0EE1914ECA69029C24FCB30012EB289F63AE1A16470FC7E17780AC72D7AD0B69626861E3A5146926836A2CA72B2C8421F07FE494B7B8A72E57E299F2D85440DC34681A6192B4706AC0576DEA95059BBEAB58ED5DC79ECE1D00ABA9FB27618863E5B05DB18A36C1874AE87CCA32C158BBAC43279A36748055341E66C77C683FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6A0AC4980AC7933A6171C11EC38DE3DCC94067A9BF26CB8AF6255A130353938954CE8FB41151722EE94C69B2369E9FD184A5AF35B0D6666873D186F573382C709C72F57B1966FF3935DC8130AF4A07B9FF2E2A7E660E6E89B31271534D29EB5E67BE701C2236725E2C11C29623DEC5D8FA6F5B087AE46DA3A72823680055C313DD9DC3D3EF8E59C4E1271E92AEAF05CD8B1CF7F8A2FFEECF56A0FC67B2DAF80608A3B2AF44878D188D1DDB4609C72C733950E5B410E3161A5B7919167243279E6E691B3BAB5D1D20BB7DABE8BE3DA811
---- EOF - GMER 1.0.15 ----
--- --- --- Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-13 19:58:39
-----------------------------
19:58:39.890 OS Version: Windows 5.1.2600 Service Pack 3
19:58:39.890 Number of processors: 1 586 0x2402
19:58:39.890 ComputerName: NOTEBOOK UserName:
19:58:40.390 Initialize success
20:02:54.671 AVAST engine defs: 12121301
20:03:21.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:03:21.234 Disk 0 Vendor: FUJITSU_MHT2080AT 0022 Size: 76319MB BusType: 3
20:03:21.250 Disk 0 MBR read successfully
20:03:21.250 Disk 0 MBR scan
20:03:21.484 Disk 0 Windows XP default MBR code
20:03:21.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 18002 MB offset 63
20:03:21.578 Disk 0 Partition - 00 0F Extended LBA 58306 MB offset 36869175
20:03:21.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 58306 MB offset 36869238
20:03:21.687 Disk 0 scanning sectors +156280320
20:03:21.859 Disk 0 scanning C:\WINDOWS\system32\drivers
20:03:56.906 Service scanning
20:04:19.156 Modules scanning
20:04:34.328 Disk 0 trace - called modules:
20:04:34.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:04:34.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84952ab8]
20:04:34.859 3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\00000071[0x849939e8]
20:04:34.859 5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x849a9940]
20:04:35.265 AVAST engine scan C:\WINDOWS
20:05:13.265 AVAST engine scan C:\WINDOWS\system32
20:13:19.250 AVAST engine scan C:\WINDOWS\system32\drivers
20:13:48.656 AVAST engine scan C:\Dokumente und Einstellungen\+++
20:14:42.093 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:14:57.468 Scan finished successfully
20:17:46.656 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\+++\Desktop\MBR.dat"
20:17:46.656 The log file has been saved successfully to "C:\Dokumente und Einstellungen\+++\Desktop\aswMBR.txt"
|
|
14.12.2012, 09:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsam Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 11:31
| #9 |
| | Avira Antivir Guard startet langsam Mahlzeit! Da bin ich schon wieder. Ok, das Logfile (während des Scans Internetverbindung trennen, richtig?): Code:
ATTFilter 10:23:02.0187 3072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:23:02.0453 3072 ============================================================
10:23:02.0453 3072 Current date / time: 2012/12/14 10:23:02.0453
10:23:02.0453 3072 SystemInfo:
10:23:02.0453 3072
10:23:02.0453 3072 OS Version: 5.1.2600 ServicePack: 3.0
10:23:02.0453 3072 Product type: Workstation
10:23:02.0453 3072 ComputerName: NOTEBOOK
10:23:02.0453 3072 UserName: +++
10:23:02.0453 3072 Windows directory: C:\WINDOWS
10:23:02.0453 3072 System windows directory: C:\WINDOWS
10:23:02.0453 3072 Processor architecture: Intel x86
10:23:02.0453 3072 Number of processors: 1
10:23:02.0453 3072 Page size: 0x1000
10:23:02.0453 3072 Boot type: Normal boot
10:23:02.0453 3072 ============================================================
10:23:04.0734 3072 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:23:04.0734 3072 ============================================================
10:23:04.0734 3072 \Device\Harddisk0\DR0:
10:23:04.0734 3072 MBR partitions:
10:23:04.0734 3072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23293F8
10:23:04.0765 3072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2329476, BlocksNum 0x71E118A
10:23:04.0765 3072 ============================================================
10:23:04.0843 3072 C: <-> \Device\Harddisk0\DR0\Partition1
10:23:04.0875 3072 D: <-> \Device\Harddisk0\DR0\Partition2
10:23:04.0875 3072 ============================================================
10:23:04.0875 3072 Initialize success
10:23:04.0875 3072 ============================================================
10:23:33.0750 3312 ============================================================
10:23:33.0750 3312 Scan started
10:23:33.0750 3312 Mode: Manual; SigCheck; TDLFS;
10:23:33.0750 3312 ============================================================
10:23:34.0281 3312 ================ Scan system memory ========================
10:23:34.0281 3312 System memory - ok
10:23:34.0281 3312 ================ Scan services =============================
10:23:34.0531 3312 Abiosdsk - ok
10:23:34.0546 3312 abp480n5 - ok
10:23:34.0593 3312 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:23:36.0562 3312 ACPI - ok
10:23:36.0609 3312 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:23:36.0796 3312 ACPIEC - ok
10:23:36.0859 3312 [ 170BA964B612A9A62FADD5C71962429E ] ACS C:\WINDOWS\system32\acs.exe
10:23:36.0953 3312 ACS ( UnsignedFile.Multi.Generic ) - warning
10:23:36.0953 3312 ACS - detected UnsignedFile.Multi.Generic (1)
10:23:36.0968 3312 adpu160m - ok
10:23:37.0015 3312 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:23:37.0187 3312 aec - ok
10:23:37.0250 3312 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:23:37.0250 3312 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:23:37.0250 3312 AegisP - detected UnsignedFile.Multi.Generic (1)
10:23:37.0312 3312 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:23:37.0343 3312 AFD - ok
10:23:37.0359 3312 Aha154x - ok
10:23:37.0375 3312 aic78u2 - ok
10:23:37.0390 3312 aic78xx - ok
10:23:37.0578 3312 [ BEA942FF21154FEE4F71DDD477621C70 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:23:37.0953 3312 ALCXWDM - ok
10:23:37.0984 3312 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:23:38.0265 3312 Alerter - ok
10:23:38.0296 3312 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
10:23:38.0468 3312 ALG - ok
10:23:38.0484 3312 AliIde - ok
10:23:38.0515 3312 [ 9BA1213AAB7FF12AF30AE9DF2E0B4701 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:23:38.0562 3312 AmdK8 - ok
10:23:38.0578 3312 amsint - ok
10:23:38.0890 3312 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:23:38.0906 3312 AntiVirSchedulerService - ok
10:23:38.0937 3312 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:23:38.0953 3312 AntiVirService - ok
10:23:39.0031 3312 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:23:39.0062 3312 Apple Mobile Device - ok
10:23:39.0078 3312 AppMgmt - ok
10:23:39.0109 3312 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:23:39.0375 3312 Arp1394 - ok
10:23:39.0437 3312 [ D8AA72B3760402B4A30925D9778E4688 ] arusb(TP-LINK) C:\WINDOWS\system32\DRIVERS\arusb.sys
10:23:39.0515 3312 arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - warning
10:23:39.0515 3312 arusb(TP-LINK) - detected UnsignedFile.Multi.Generic (1)
10:23:39.0515 3312 asc - ok
10:23:39.0531 3312 asc3350p - ok
10:23:39.0546 3312 asc3550 - ok
10:23:39.0703 3312 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:23:39.0718 3312 aspnet_state - ok
10:23:39.0765 3312 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:23:39.0890 3312 AsyncMac - ok
10:23:39.0921 3312 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:23:40.0078 3312 atapi - ok
10:23:40.0078 3312 Atdisk - ok
10:23:40.0140 3312 [ 6BDB117F5CF40FE91FF50E1BB3F28184 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:23:40.0250 3312 Ati HotKey Poller - ok
10:23:40.0328 3312 [ E9EBF7DCA6C5EB9C597035A10A5A6A1B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:23:40.0421 3312 ati2mtag - ok
10:23:40.0468 3312 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:23:40.0640 3312 Atmarpc - ok
10:23:40.0687 3312 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:23:40.0843 3312 AudioSrv - ok
10:23:40.0890 3312 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:23:41.0046 3312 audstub - ok
10:23:41.0109 3312 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:23:41.0125 3312 avgntflt - ok
10:23:41.0156 3312 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:23:41.0187 3312 avipbb - ok
10:23:41.0218 3312 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:23:41.0234 3312 avkmgr - ok
10:23:41.0296 3312 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:23:41.0500 3312 Beep - ok
10:23:41.0562 3312 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
10:23:41.0734 3312 BITS - ok
10:23:41.0796 3312 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
10:23:41.0859 3312 Bonjour Service - ok
10:23:41.0890 3312 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
10:23:41.0968 3312 Browser - ok
10:23:42.0015 3312 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:23:42.0187 3312 cbidf2k - ok
10:23:42.0203 3312 cd20xrnt - ok
10:23:42.0250 3312 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:23:42.0421 3312 Cdaudio - ok
10:23:42.0453 3312 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:23:42.0593 3312 Cdfs - ok
10:23:42.0625 3312 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:23:42.0765 3312 Cdrom - ok
10:23:42.0781 3312 Changer - ok
10:23:42.0812 3312 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:23:42.0968 3312 CiSvc - ok
10:23:42.0984 3312 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:23:43.0125 3312 ClipSrv - ok
10:23:43.0484 3312 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:23:43.0562 3312 clr_optimization_v2.0.50727_32 - ok
10:23:43.0625 3312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:23:43.0750 3312 clr_optimization_v4.0.30319_32 - ok
10:23:43.0796 3312 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:23:44.0062 3312 CmBatt - ok
10:23:44.0062 3312 CmdIde - ok
10:23:44.0109 3312 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:23:44.0250 3312 Compbatt - ok
10:23:44.0250 3312 COMSysApp - ok
10:23:44.0281 3312 Cpqarray - ok
10:23:44.0312 3312 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:23:44.0453 3312 CryptSvc - ok
10:23:44.0468 3312 dac2w2k - ok
10:23:44.0484 3312 dac960nt - ok
10:23:44.0531 3312 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:23:44.0656 3312 DcomLaunch - ok
10:23:44.0687 3312 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:23:44.0843 3312 Dhcp - ok
10:23:44.0843 3312 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:23:45.0000 3312 Disk - ok
10:23:45.0015 3312 dmadmin - ok
10:23:45.0140 3312 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:23:45.0343 3312 dmboot - ok
10:23:45.0406 3312 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:23:45.0593 3312 dmio - ok
10:23:45.0640 3312 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:23:45.0796 3312 dmload - ok
10:23:45.0828 3312 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:23:45.0953 3312 dmserver - ok
10:23:46.0000 3312 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:23:46.0140 3312 DMusic - ok
10:23:46.0203 3312 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:23:46.0281 3312 Dnscache - ok
10:23:46.0343 3312 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:23:46.0781 3312 Dot3svc - ok
10:23:46.0796 3312 dpti2o - ok
10:23:46.0812 3312 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:23:47.0203 3312 drmkaud - ok
10:23:47.0250 3312 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:23:47.0406 3312 EapHost - ok
10:23:47.0453 3312 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:23:47.0609 3312 ERSvc - ok
10:23:47.0625 3312 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
10:23:47.0656 3312 Eventlog - ok
10:23:47.0718 3312 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
10:23:47.0750 3312 EventSystem - ok
10:23:47.0781 3312 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:23:47.0906 3312 Fastfat - ok
10:23:47.0953 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:23:48.0015 3312 FastUserSwitchingCompatibility - ok
10:23:48.0046 3312 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:23:48.0171 3312 Fdc - ok
10:23:48.0187 3312 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:23:48.0343 3312 Fips - ok
10:23:48.0343 3312 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:23:48.0515 3312 Flpydisk - ok
10:23:48.0562 3312 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:23:48.0718 3312 FltMgr - ok
10:23:48.0796 3312 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:23:48.0812 3312 FontCache3.0.0.0 - ok
10:23:48.0828 3312 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:23:49.0000 3312 Fs_Rec - ok
10:23:49.0015 3312 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:23:49.0203 3312 Ftdisk - ok
10:23:49.0265 3312 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:23:49.0281 3312 GEARAspiWDM - ok
10:23:49.0312 3312 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:23:49.0453 3312 Gpc - ok
10:23:49.0531 3312 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:23:49.0687 3312 helpsvc - ok
10:23:49.0687 3312 HidServ - ok
10:23:49.0718 3312 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:23:49.0859 3312 hidusb - ok
10:23:49.0906 3312 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:23:50.0046 3312 hkmsvc - ok
10:23:50.0062 3312 hpn - ok
10:23:50.0109 3312 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:23:50.0156 3312 HTTP - ok
10:23:50.0203 3312 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:23:50.0343 3312 HTTPFilter - ok
10:23:50.0359 3312 i2omgmt - ok
10:23:50.0375 3312 i2omp - ok
10:23:50.0406 3312 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:23:50.0546 3312 i8042prt - ok
10:23:50.0718 3312 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:23:50.0812 3312 idsvc - ok
10:23:50.0859 3312 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:23:51.0000 3312 Imapi - ok
10:23:51.0062 3312 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
10:23:51.0234 3312 ImapiService - ok
10:23:51.0265 3312 ini910u - ok
10:23:51.0281 3312 IntelIde - ok
10:23:51.0328 3312 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:23:51.0484 3312 Ip6Fw - ok
10:23:51.0515 3312 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:23:51.0671 3312 IpFilterDriver - ok
10:23:51.0703 3312 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:23:51.0828 3312 IpInIp - ok
10:23:51.0859 3312 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:23:52.0015 3312 IpNat - ok
10:23:52.0140 3312 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
10:23:52.0203 3312 iPod Service - ok
10:23:52.0250 3312 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:23:52.0390 3312 IPSec - ok
10:23:52.0406 3312 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:23:52.0546 3312 IRENUM - ok
10:23:52.0578 3312 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:23:52.0734 3312 isapnp - ok
10:23:52.0921 3312 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
10:23:52.0937 3312 JavaQuickStarterService - ok
10:23:52.0953 3312 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:23:53.0109 3312 Kbdclass - ok
10:23:53.0140 3312 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:23:53.0281 3312 kmixer - ok
10:23:53.0296 3312 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:23:53.0343 3312 KSecDD - ok
10:23:53.0375 3312 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:23:53.0421 3312 lanmanserver - ok
10:23:53.0484 3312 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:23:53.0515 3312 lanmanworkstation - ok
10:23:53.0531 3312 lbrtfdc - ok
10:23:53.0593 3312 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:23:53.0734 3312 LmHosts - ok
10:23:53.0765 3312 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:23:53.0921 3312 Messenger - ok
10:23:53.0968 3312 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:23:54.0140 3312 mnmdd - ok
10:23:54.0171 3312 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:23:54.0328 3312 mnmsrvc - ok
10:23:54.0375 3312 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:23:54.0546 3312 Modem - ok
10:23:54.0562 3312 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:23:54.0687 3312 Mouclass - ok
10:23:54.0718 3312 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:23:54.0875 3312 mouhid - ok
10:23:54.0890 3312 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:23:55.0015 3312 MountMgr - ok
10:23:55.0093 3312 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:23:55.0109 3312 MozillaMaintenance - ok
10:23:55.0125 3312 mraid35x - ok
10:23:55.0140 3312 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:23:55.0296 3312 MRxDAV - ok
10:23:55.0343 3312 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:23:55.0468 3312 MRxSmb - ok
10:23:55.0500 3312 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:23:55.0625 3312 MSDTC - ok
10:23:55.0656 3312 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:23:55.0812 3312 Msfs - ok
10:23:55.0828 3312 MSIServer - ok
10:23:55.0859 3312 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:23:55.0968 3312 MSKSSRV - ok
10:23:55.0984 3312 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:23:56.0125 3312 MSPCLOCK - ok
10:23:56.0125 3312 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:23:56.0296 3312 MSPQM - ok
10:23:56.0328 3312 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:23:56.0437 3312 mssmbios - ok
10:23:56.0484 3312 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:23:56.0515 3312 Mup - ok
10:23:56.0562 3312 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
10:23:56.0734 3312 napagent - ok
10:23:56.0765 3312 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:23:56.0921 3312 NDIS - ok
10:23:56.0953 3312 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:23:56.0984 3312 NdisTapi - ok
10:23:56.0984 3312 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:23:57.0140 3312 Ndisuio - ok
10:23:57.0156 3312 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:23:57.0296 3312 NdisWan - ok
10:23:57.0343 3312 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:23:57.0390 3312 NDProxy - ok
10:23:57.0421 3312 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:23:57.0578 3312 NetBIOS - ok
10:23:57.0593 3312 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:23:57.0734 3312 NetBT - ok
10:23:57.0781 3312 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
10:23:57.0921 3312 NetDDE - ok
10:23:57.0937 3312 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:23:58.0078 3312 NetDDEdsdm - ok
10:23:58.0125 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:23:58.0250 3312 Netlogon - ok
10:23:58.0328 3312 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
10:23:58.0468 3312 Netman - ok
10:23:58.0546 3312 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:23:58.0578 3312 NetTcpPortSharing - ok
10:23:58.0593 3312 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:23:58.0750 3312 NIC1394 - ok
10:23:58.0781 3312 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
10:23:58.0843 3312 Nla - ok
10:23:58.0921 3312 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
10:23:58.0937 3312 NMSAccess - ok
10:23:58.0968 3312 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:23:59.0093 3312 Npfs - ok
10:23:59.0156 3312 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:23:59.0343 3312 Ntfs - ok
10:23:59.0375 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:23:59.0500 3312 NtLmSsp - ok
10:23:59.0546 3312 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:23:59.0750 3312 NtmsSvc - ok
10:23:59.0781 3312 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:23:59.0953 3312 Null - ok
10:24:00.0000 3312 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:24:00.0203 3312 NwlnkFlt - ok
10:24:00.0218 3312 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:24:00.0390 3312 NwlnkFwd - ok
10:24:00.0515 3312 [ 9D7FE9CCBC367BBCF2CBC5B91B7D4185 ] O&O DiskImage C:\Programme\OO Software\DiskImage\oodiag.exe
10:24:00.0718 3312 O&O DiskImage - ok
10:24:00.0968 3312 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:24:01.0093 3312 ohci1394 - ok
10:24:01.0109 3312 [ 5A247B4BF9F3DFF87E58E6DE9C83D779 ] oodisr C:\WINDOWS\system32\DRIVERS\oodisr.sys
10:24:01.0140 3312 oodisr - ok
10:24:01.0156 3312 [ 1F1EE4BBCF96CD9D63BACB77AAA13ADD ] oodisrh C:\WINDOWS\system32\DRIVERS\oodisrh.sys
10:24:01.0171 3312 oodisrh - ok
10:24:01.0187 3312 [ 8C460A366D1CC039D6BA0688A8DBEF3B ] oodivd C:\WINDOWS\system32\DRIVERS\oodivd.sys
10:24:01.0218 3312 oodivd - ok
10:24:01.0218 3312 [ 28AE8EBEC5A8423562FE26BD7A4C4579 ] oodivdh C:\WINDOWS\system32\DRIVERS\oodivdh.sys
10:24:01.0250 3312 oodivdh - ok
10:24:01.0281 3312 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:24:01.0421 3312 Parport - ok
10:24:01.0437 3312 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:24:01.0562 3312 PartMgr - ok
10:24:01.0609 3312 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:24:01.0781 3312 ParVdm - ok
10:24:01.0796 3312 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:24:01.0921 3312 PCI - ok
10:24:01.0937 3312 PCIDump - ok
10:24:01.0968 3312 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:24:02.0140 3312 PCIIde - ok
10:24:02.0156 3312 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:24:02.0281 3312 Pcmcia - ok
10:24:02.0281 3312 PDCOMP - ok
10:24:02.0296 3312 PDFRAME - ok
10:24:02.0312 3312 PDRELI - ok
10:24:02.0328 3312 PDRFRAME - ok
10:24:02.0343 3312 perc2 - ok
10:24:02.0359 3312 perc2hib - ok
10:24:02.0421 3312 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
10:24:02.0453 3312 PlugPlay - ok
10:24:02.0453 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:24:02.0578 3312 PolicyAgent - ok
10:24:02.0609 3312 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:24:02.0734 3312 PptpMiniport - ok
10:24:02.0781 3312 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:24:02.0921 3312 Processor - ok
10:24:02.0921 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:24:03.0046 3312 ProtectedStorage - ok
10:24:03.0062 3312 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:24:03.0203 3312 PSched - ok
10:24:03.0218 3312 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:24:03.0406 3312 Ptilink - ok
10:24:03.0421 3312 ql1080 - ok
10:24:03.0421 3312 Ql10wnt - ok
10:24:03.0437 3312 ql12160 - ok
10:24:03.0453 3312 ql1240 - ok
10:24:03.0468 3312 ql1280 - ok
10:24:03.0500 3312 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:24:03.0671 3312 RasAcd - ok
10:24:03.0734 3312 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:24:03.0859 3312 RasAuto - ok
10:24:03.0890 3312 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:24:04.0046 3312 Rasl2tp - ok
10:24:04.0093 3312 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:24:04.0234 3312 RasMan - ok
10:24:04.0250 3312 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:24:04.0375 3312 RasPppoe - ok
10:24:04.0406 3312 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:24:04.0578 3312 Raspti - ok
10:24:04.0593 3312 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:24:04.0734 3312 Rdbss - ok
10:24:04.0765 3312 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:24:04.0921 3312 RDPCDD - ok
10:24:05.0000 3312 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:24:05.0062 3312 RDPWD - ok
10:24:05.0109 3312 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:24:05.0250 3312 RDSessMgr - ok
10:24:05.0281 3312 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:24:05.0406 3312 redbook - ok
10:24:05.0453 3312 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:24:05.0593 3312 RemoteAccess - ok
10:24:05.0609 3312 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:24:05.0750 3312 RpcLocator - ok
10:24:05.0796 3312 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:24:05.0812 3312 RpcSs - ok
10:24:05.0859 3312 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:24:06.0031 3312 RSVP - ok
10:24:06.0046 3312 [ 4A0AE7891FCF74ACC848B109294CB80F ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:24:06.0125 3312 RTL8023xp - ok
10:24:06.0156 3312 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:24:06.0281 3312 rtl8139 - ok
10:24:06.0312 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
10:24:06.0437 3312 SamSs - ok
10:24:06.0437 3312 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:24:06.0593 3312 SCardSvr - ok
10:24:06.0640 3312 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:24:06.0781 3312 Schedule - ok
10:24:06.0843 3312 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:24:06.0968 3312 Secdrv - ok
10:24:07.0015 3312 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
10:24:07.0140 3312 seclogon - ok
10:24:07.0156 3312 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
10:24:07.0296 3312 SENS - ok
10:24:07.0328 3312 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:24:07.0468 3312 Serial - ok
10:24:07.0515 3312 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:24:07.0656 3312 Sfloppy - ok
10:24:07.0718 3312 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:24:07.0890 3312 SharedAccess - ok
10:24:07.0921 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:24:07.0953 3312 ShellHWDetection - ok
10:24:07.0953 3312 Simbad - ok
10:24:07.0984 3312 Sparrow - ok
10:24:08.0015 3312 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:24:08.0140 3312 splitter - ok
10:24:08.0171 3312 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:24:08.0234 3312 Spooler - ok
10:24:08.0281 3312 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:24:08.0406 3312 sr - ok
10:24:08.0453 3312 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
10:24:08.0609 3312 srservice - ok
10:24:08.0671 3312 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:24:08.0703 3312 Srv - ok
10:24:08.0765 3312 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:24:08.0906 3312 SSDPSRV - ok
10:24:08.0953 3312 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:24:08.0968 3312 ssmdrv - ok
10:24:08.0984 3312 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
10:24:09.0015 3312 StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:24:09.0015 3312 StarOpen - detected UnsignedFile.Multi.Generic (1)
10:24:09.0062 3312 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:24:09.0250 3312 stisvc - ok
10:24:09.0281 3312 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:24:09.0421 3312 swenum - ok
10:24:09.0453 3312 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:24:09.0593 3312 swmidi - ok
10:24:09.0609 3312 SwPrv - ok
10:24:09.0625 3312 symc810 - ok
10:24:09.0640 3312 symc8xx - ok
10:24:09.0656 3312 sym_hi - ok
10:24:09.0671 3312 sym_u3 - ok
10:24:09.0703 3312 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:24:09.0812 3312 sysaudio - ok
10:24:09.0859 3312 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:24:10.0000 3312 SysmonLog - ok
10:24:10.0046 3312 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:24:10.0187 3312 TapiSrv - ok
10:24:10.0218 3312 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:24:10.0265 3312 Tcpip - ok
10:24:10.0312 3312 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:24:10.0453 3312 TDPIPE - ok
10:24:10.0484 3312 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:24:10.0625 3312 TDTCP - ok
10:24:10.0656 3312 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:24:10.0796 3312 TermDD - ok
10:24:10.0828 3312 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
10:24:11.0000 3312 TermService - ok
10:24:11.0015 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:24:11.0046 3312 Themes - ok
10:24:11.0078 3312 [ 467FF7FB078DCEC24C3F4DB602190E3D ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
10:24:11.0125 3312 tifm21 - ok
10:24:11.0125 3312 TosIde - ok
10:24:11.0187 3312 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:24:11.0328 3312 TrkWks - ok
10:24:11.0375 3312 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:24:11.0515 3312 Udfs - ok
10:24:11.0531 3312 ultra - ok
10:24:11.0593 3312 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:24:11.0781 3312 Update - ok
10:24:11.0843 3312 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:24:12.0000 3312 upnphost - ok
10:24:12.0046 3312 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
10:24:12.0187 3312 UPS - ok
10:24:12.0250 3312 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:24:12.0265 3312 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
10:24:12.0265 3312 USBAAPL - detected UnsignedFile.Multi.Generic (1)
10:24:12.0296 3312 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:24:12.0421 3312 usbehci - ok
10:24:12.0468 3312 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:24:12.0609 3312 usbhub - ok
10:24:12.0625 3312 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:24:12.0781 3312 usbohci - ok
10:24:12.0796 3312 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:24:12.0937 3312 USBSTOR - ok
10:24:12.0953 3312 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:24:13.0093 3312 VgaSave - ok
10:24:13.0093 3312 ViaIde - ok
10:24:13.0109 3312 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:24:13.0250 3312 VolSnap - ok
10:24:13.0281 3312 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
10:24:13.0437 3312 VSS - ok
10:24:13.0468 3312 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
10:24:13.0609 3312 W32Time - ok
10:24:13.0640 3312 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:24:13.0765 3312 Wanarp - ok
10:24:13.0781 3312 WDICA - ok
10:24:13.0796 3312 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:24:13.0937 3312 wdmaud - ok
10:24:13.0984 3312 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:24:14.0140 3312 WebClient - ok
10:24:14.0250 3312 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:24:14.0390 3312 winmgmt - ok
10:24:14.0421 3312 wltrysvc - ok
10:24:14.0453 3312 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:24:14.0578 3312 WmdmPmSN - ok
10:24:14.0625 3312 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:24:14.0750 3312 WmiAcpi - ok
10:24:14.0781 3312 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:24:14.0937 3312 WmiApSrv - ok
10:24:15.0140 3312 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:24:15.0203 3312 WPFFontCache_v0400 - ok
10:24:15.0265 3312 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:24:15.0421 3312 wscsvc - ok
10:24:15.0484 3312 [ 43F767D59BFC25D8F4FC2EB42043EC1E ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
10:24:15.0500 3312 WSIMD ( UnsignedFile.Multi.Generic ) - warning
10:24:15.0500 3312 WSIMD - detected UnsignedFile.Multi.Generic (1)
10:24:15.0531 3312 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:24:15.0671 3312 wuauserv - ok
10:24:15.0734 3312 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:24:15.0937 3312 WZCSVC - ok
10:24:15.0968 3312 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:24:16.0125 3312 xmlprov - ok
10:24:16.0125 3312 ================ Scan global ===============================
10:24:16.0187 3312 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:24:16.0250 3312 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:24:16.0265 3312 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:24:16.0296 3312 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:24:16.0312 3312 [Global] - ok
10:24:16.0312 3312 ================ Scan MBR ==================================
10:24:16.0343 3312 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:24:16.0687 3312 \Device\Harddisk0\DR0 - ok
10:24:16.0703 3312 ================ Scan VBR ==================================
10:24:16.0703 3312 [ 33B0393441EB4201E7BC54352273AEEF ] \Device\Harddisk0\DR0\Partition1
10:24:16.0703 3312 \Device\Harddisk0\DR0\Partition1 - ok
10:24:16.0718 3312 [ B91CE51BC860E2258AE87C58027E98A9 ] \Device\Harddisk0\DR0\Partition2
10:24:16.0718 3312 \Device\Harddisk0\DR0\Partition2 - ok
10:24:16.0734 3312 ============================================================
10:24:16.0734 3312 Scan finished
10:24:16.0734 3312 ============================================================
10:24:16.0859 3256 Detected object count: 6
10:24:16.0859 3256 Actual detected object count: 6
|
|
14.12.2012, 11:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsam Log ist leider unvollständig, die untere Zusammenfassung fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 11:46
| #11 |
| | Avira Antivir Guard startet langsam Ok, nochmal: Code:
ATTFilter 10:23:02.0187 3072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:23:02.0453 3072 ============================================================
10:23:02.0453 3072 Current date / time: 2012/12/14 10:23:02.0453
10:23:02.0453 3072 SystemInfo:
10:23:02.0453 3072
10:23:02.0453 3072 OS Version: 5.1.2600 ServicePack: 3.0
10:23:02.0453 3072 Product type: Workstation
10:23:02.0453 3072 ComputerName: NOTEBOOK
10:23:02.0453 3072 UserName: +++
10:23:02.0453 3072 Windows directory: C:\WINDOWS
10:23:02.0453 3072 System windows directory: C:\WINDOWS
10:23:02.0453 3072 Processor architecture: Intel x86
10:23:02.0453 3072 Number of processors: 1
10:23:02.0453 3072 Page size: 0x1000
10:23:02.0453 3072 Boot type: Normal boot
10:23:02.0453 3072 ============================================================
10:23:04.0734 3072 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:23:04.0734 3072 ============================================================
10:23:04.0734 3072 \Device\Harddisk0\DR0:
10:23:04.0734 3072 MBR partitions:
10:23:04.0734 3072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23293F8
10:23:04.0765 3072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2329476, BlocksNum 0x71E118A
10:23:04.0765 3072 ============================================================
10:23:04.0843 3072 C: <-> \Device\Harddisk0\DR0\Partition1
10:23:04.0875 3072 D: <-> \Device\Harddisk0\DR0\Partition2
10:23:04.0875 3072 ============================================================
10:23:04.0875 3072 Initialize success
10:23:04.0875 3072 ============================================================
10:23:33.0750 3312 ============================================================
10:23:33.0750 3312 Scan started
10:23:33.0750 3312 Mode: Manual; SigCheck; TDLFS;
10:23:33.0750 3312 ============================================================
10:23:34.0281 3312 ================ Scan system memory ========================
10:23:34.0281 3312 System memory - ok
10:23:34.0281 3312 ================ Scan services =============================
10:23:34.0531 3312 Abiosdsk - ok
10:23:34.0546 3312 abp480n5 - ok
10:23:34.0593 3312 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:23:36.0562 3312 ACPI - ok
10:23:36.0609 3312 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:23:36.0796 3312 ACPIEC - ok
10:23:36.0859 3312 [ 170BA964B612A9A62FADD5C71962429E ] ACS C:\WINDOWS\system32\acs.exe
10:23:36.0953 3312 ACS ( UnsignedFile.Multi.Generic ) - warning
10:23:36.0953 3312 ACS - detected UnsignedFile.Multi.Generic (1)
10:23:36.0968 3312 adpu160m - ok
10:23:37.0015 3312 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:23:37.0187 3312 aec - ok
10:23:37.0250 3312 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:23:37.0250 3312 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:23:37.0250 3312 AegisP - detected UnsignedFile.Multi.Generic (1)
10:23:37.0312 3312 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:23:37.0343 3312 AFD - ok
10:23:37.0359 3312 Aha154x - ok
10:23:37.0375 3312 aic78u2 - ok
10:23:37.0390 3312 aic78xx - ok
10:23:37.0578 3312 [ BEA942FF21154FEE4F71DDD477621C70 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:23:37.0953 3312 ALCXWDM - ok
10:23:37.0984 3312 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:23:38.0265 3312 Alerter - ok
10:23:38.0296 3312 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
10:23:38.0468 3312 ALG - ok
10:23:38.0484 3312 AliIde - ok
10:23:38.0515 3312 [ 9BA1213AAB7FF12AF30AE9DF2E0B4701 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:23:38.0562 3312 AmdK8 - ok
10:23:38.0578 3312 amsint - ok
10:23:38.0890 3312 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:23:38.0906 3312 AntiVirSchedulerService - ok
10:23:38.0937 3312 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:23:38.0953 3312 AntiVirService - ok
10:23:39.0031 3312 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:23:39.0062 3312 Apple Mobile Device - ok
10:23:39.0078 3312 AppMgmt - ok
10:23:39.0109 3312 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:23:39.0375 3312 Arp1394 - ok
10:23:39.0437 3312 [ D8AA72B3760402B4A30925D9778E4688 ] arusb(TP-LINK) C:\WINDOWS\system32\DRIVERS\arusb.sys
10:23:39.0515 3312 arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - warning
10:23:39.0515 3312 arusb(TP-LINK) - detected UnsignedFile.Multi.Generic (1)
10:23:39.0515 3312 asc - ok
10:23:39.0531 3312 asc3350p - ok
10:23:39.0546 3312 asc3550 - ok
10:23:39.0703 3312 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:23:39.0718 3312 aspnet_state - ok
10:23:39.0765 3312 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:23:39.0890 3312 AsyncMac - ok
10:23:39.0921 3312 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:23:40.0078 3312 atapi - ok
10:23:40.0078 3312 Atdisk - ok
10:23:40.0140 3312 [ 6BDB117F5CF40FE91FF50E1BB3F28184 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:23:40.0250 3312 Ati HotKey Poller - ok
10:23:40.0328 3312 [ E9EBF7DCA6C5EB9C597035A10A5A6A1B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:23:40.0421 3312 ati2mtag - ok
10:23:40.0468 3312 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:23:40.0640 3312 Atmarpc - ok
10:23:40.0687 3312 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:23:40.0843 3312 AudioSrv - ok
10:23:40.0890 3312 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:23:41.0046 3312 audstub - ok
10:23:41.0109 3312 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:23:41.0125 3312 avgntflt - ok
10:23:41.0156 3312 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:23:41.0187 3312 avipbb - ok
10:23:41.0218 3312 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:23:41.0234 3312 avkmgr - ok
10:23:41.0296 3312 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:23:41.0500 3312 Beep - ok
10:23:41.0562 3312 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
10:23:41.0734 3312 BITS - ok
10:23:41.0796 3312 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
10:23:41.0859 3312 Bonjour Service - ok
10:23:41.0890 3312 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
10:23:41.0968 3312 Browser - ok
10:23:42.0015 3312 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:23:42.0187 3312 cbidf2k - ok
10:23:42.0203 3312 cd20xrnt - ok
10:23:42.0250 3312 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:23:42.0421 3312 Cdaudio - ok
10:23:42.0453 3312 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:23:42.0593 3312 Cdfs - ok
10:23:42.0625 3312 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:23:42.0765 3312 Cdrom - ok
10:23:42.0781 3312 Changer - ok
10:23:42.0812 3312 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:23:42.0968 3312 CiSvc - ok
10:23:42.0984 3312 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:23:43.0125 3312 ClipSrv - ok
10:23:43.0484 3312 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:23:43.0562 3312 clr_optimization_v2.0.50727_32 - ok
10:23:43.0625 3312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:23:43.0750 3312 clr_optimization_v4.0.30319_32 - ok
10:23:43.0796 3312 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:23:44.0062 3312 CmBatt - ok
10:23:44.0062 3312 CmdIde - ok
10:23:44.0109 3312 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:23:44.0250 3312 Compbatt - ok
10:23:44.0250 3312 COMSysApp - ok
10:23:44.0281 3312 Cpqarray - ok
10:23:44.0312 3312 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:23:44.0453 3312 CryptSvc - ok
10:23:44.0468 3312 dac2w2k - ok
10:23:44.0484 3312 dac960nt - ok
10:23:44.0531 3312 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:23:44.0656 3312 DcomLaunch - ok
10:23:44.0687 3312 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:23:44.0843 3312 Dhcp - ok
10:23:44.0843 3312 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:23:45.0000 3312 Disk - ok
10:23:45.0015 3312 dmadmin - ok
10:23:45.0140 3312 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:23:45.0343 3312 dmboot - ok
10:23:45.0406 3312 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:23:45.0593 3312 dmio - ok
10:23:45.0640 3312 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:23:45.0796 3312 dmload - ok
10:23:45.0828 3312 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:23:45.0953 3312 dmserver - ok
10:23:46.0000 3312 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:23:46.0140 3312 DMusic - ok
10:23:46.0203 3312 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:23:46.0281 3312 Dnscache - ok
10:23:46.0343 3312 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:23:46.0781 3312 Dot3svc - ok
10:23:46.0796 3312 dpti2o - ok
10:23:46.0812 3312 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:23:47.0203 3312 drmkaud - ok
10:23:47.0250 3312 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:23:47.0406 3312 EapHost - ok
10:23:47.0453 3312 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:23:47.0609 3312 ERSvc - ok
10:23:47.0625 3312 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
10:23:47.0656 3312 Eventlog - ok
10:23:47.0718 3312 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
10:23:47.0750 3312 EventSystem - ok
10:23:47.0781 3312 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:23:47.0906 3312 Fastfat - ok
10:23:47.0953 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:23:48.0015 3312 FastUserSwitchingCompatibility - ok
10:23:48.0046 3312 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:23:48.0171 3312 Fdc - ok
10:23:48.0187 3312 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:23:48.0343 3312 Fips - ok
10:23:48.0343 3312 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:23:48.0515 3312 Flpydisk - ok
10:23:48.0562 3312 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:23:48.0718 3312 FltMgr - ok
10:23:48.0796 3312 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:23:48.0812 3312 FontCache3.0.0.0 - ok
10:23:48.0828 3312 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:23:49.0000 3312 Fs_Rec - ok
10:23:49.0015 3312 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:23:49.0203 3312 Ftdisk - ok
10:23:49.0265 3312 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:23:49.0281 3312 GEARAspiWDM - ok
10:23:49.0312 3312 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:23:49.0453 3312 Gpc - ok
10:23:49.0531 3312 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:23:49.0687 3312 helpsvc - ok
10:23:49.0687 3312 HidServ - ok
10:23:49.0718 3312 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:23:49.0859 3312 hidusb - ok
10:23:49.0906 3312 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:23:50.0046 3312 hkmsvc - ok
10:23:50.0062 3312 hpn - ok
10:23:50.0109 3312 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:23:50.0156 3312 HTTP - ok
10:23:50.0203 3312 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:23:50.0343 3312 HTTPFilter - ok
10:23:50.0359 3312 i2omgmt - ok
10:23:50.0375 3312 i2omp - ok
10:23:50.0406 3312 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:23:50.0546 3312 i8042prt - ok
10:23:50.0718 3312 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:23:50.0812 3312 idsvc - ok
10:23:50.0859 3312 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:23:51.0000 3312 Imapi - ok
10:23:51.0062 3312 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
10:23:51.0234 3312 ImapiService - ok
10:23:51.0265 3312 ini910u - ok
10:23:51.0281 3312 IntelIde - ok
10:23:51.0328 3312 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:23:51.0484 3312 Ip6Fw - ok
10:23:51.0515 3312 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:23:51.0671 3312 IpFilterDriver - ok
10:23:51.0703 3312 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:23:51.0828 3312 IpInIp - ok
10:23:51.0859 3312 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:23:52.0015 3312 IpNat - ok
10:23:52.0140 3312 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
10:23:52.0203 3312 iPod Service - ok
10:23:52.0250 3312 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:23:52.0390 3312 IPSec - ok
10:23:52.0406 3312 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:23:52.0546 3312 IRENUM - ok
10:23:52.0578 3312 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:23:52.0734 3312 isapnp - ok
10:23:52.0921 3312 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
10:23:52.0937 3312 JavaQuickStarterService - ok
10:23:52.0953 3312 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:23:53.0109 3312 Kbdclass - ok
10:23:53.0140 3312 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:23:53.0281 3312 kmixer - ok
10:23:53.0296 3312 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:23:53.0343 3312 KSecDD - ok
10:23:53.0375 3312 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:23:53.0421 3312 lanmanserver - ok
10:23:53.0484 3312 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:23:53.0515 3312 lanmanworkstation - ok
10:23:53.0531 3312 lbrtfdc - ok
10:23:53.0593 3312 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:23:53.0734 3312 LmHosts - ok
10:23:53.0765 3312 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:23:53.0921 3312 Messenger - ok
10:23:53.0968 3312 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:23:54.0140 3312 mnmdd - ok
10:23:54.0171 3312 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:23:54.0328 3312 mnmsrvc - ok
10:23:54.0375 3312 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:23:54.0546 3312 Modem - ok
10:23:54.0562 3312 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:23:54.0687 3312 Mouclass - ok
10:23:54.0718 3312 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:23:54.0875 3312 mouhid - ok
10:23:54.0890 3312 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:23:55.0015 3312 MountMgr - ok
10:23:55.0093 3312 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:23:55.0109 3312 MozillaMaintenance - ok
10:23:55.0125 3312 mraid35x - ok
10:23:55.0140 3312 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:23:55.0296 3312 MRxDAV - ok
10:23:55.0343 3312 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:23:55.0468 3312 MRxSmb - ok
10:23:55.0500 3312 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:23:55.0625 3312 MSDTC - ok
10:23:55.0656 3312 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:23:55.0812 3312 Msfs - ok
10:23:55.0828 3312 MSIServer - ok
10:23:55.0859 3312 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:23:55.0968 3312 MSKSSRV - ok
10:23:55.0984 3312 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:23:56.0125 3312 MSPCLOCK - ok
10:23:56.0125 3312 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:23:56.0296 3312 MSPQM - ok
10:23:56.0328 3312 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:23:56.0437 3312 mssmbios - ok
10:23:56.0484 3312 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:23:56.0515 3312 Mup - ok
10:23:56.0562 3312 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
10:23:56.0734 3312 napagent - ok
10:23:56.0765 3312 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:23:56.0921 3312 NDIS - ok
10:23:56.0953 3312 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:23:56.0984 3312 NdisTapi - ok
10:23:56.0984 3312 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:23:57.0140 3312 Ndisuio - ok
10:23:57.0156 3312 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:23:57.0296 3312 NdisWan - ok
10:23:57.0343 3312 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:23:57.0390 3312 NDProxy - ok
10:23:57.0421 3312 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:23:57.0578 3312 NetBIOS - ok
10:23:57.0593 3312 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:23:57.0734 3312 NetBT - ok
10:23:57.0781 3312 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
10:23:57.0921 3312 NetDDE - ok
10:23:57.0937 3312 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:23:58.0078 3312 NetDDEdsdm - ok
10:23:58.0125 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:23:58.0250 3312 Netlogon - ok
10:23:58.0328 3312 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
10:23:58.0468 3312 Netman - ok
10:23:58.0546 3312 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:23:58.0578 3312 NetTcpPortSharing - ok
10:23:58.0593 3312 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:23:58.0750 3312 NIC1394 - ok
10:23:58.0781 3312 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
10:23:58.0843 3312 Nla - ok
10:23:58.0921 3312 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
10:23:58.0937 3312 NMSAccess - ok
10:23:58.0968 3312 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:23:59.0093 3312 Npfs - ok
10:23:59.0156 3312 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:23:59.0343 3312 Ntfs - ok
10:23:59.0375 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:23:59.0500 3312 NtLmSsp - ok
10:23:59.0546 3312 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:23:59.0750 3312 NtmsSvc - ok
10:23:59.0781 3312 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:23:59.0953 3312 Null - ok
10:24:00.0000 3312 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:24:00.0203 3312 NwlnkFlt - ok
10:24:00.0218 3312 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:24:00.0390 3312 NwlnkFwd - ok
10:24:00.0515 3312 [ 9D7FE9CCBC367BBCF2CBC5B91B7D4185 ] O&O DiskImage C:\Programme\OO Software\DiskImage\oodiag.exe
10:24:00.0718 3312 O&O DiskImage - ok
10:24:00.0968 3312 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:24:01.0093 3312 ohci1394 - ok
10:24:01.0109 3312 [ 5A247B4BF9F3DFF87E58E6DE9C83D779 ] oodisr C:\WINDOWS\system32\DRIVERS\oodisr.sys
10:24:01.0140 3312 oodisr - ok
10:24:01.0156 3312 [ 1F1EE4BBCF96CD9D63BACB77AAA13ADD ] oodisrh C:\WINDOWS\system32\DRIVERS\oodisrh.sys
10:24:01.0171 3312 oodisrh - ok
10:24:01.0187 3312 [ 8C460A366D1CC039D6BA0688A8DBEF3B ] oodivd C:\WINDOWS\system32\DRIVERS\oodivd.sys
10:24:01.0218 3312 oodivd - ok
10:24:01.0218 3312 [ 28AE8EBEC5A8423562FE26BD7A4C4579 ] oodivdh C:\WINDOWS\system32\DRIVERS\oodivdh.sys
10:24:01.0250 3312 oodivdh - ok
10:24:01.0281 3312 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:24:01.0421 3312 Parport - ok
10:24:01.0437 3312 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:24:01.0562 3312 PartMgr - ok
10:24:01.0609 3312 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:24:01.0781 3312 ParVdm - ok
10:24:01.0796 3312 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:24:01.0921 3312 PCI - ok
10:24:01.0937 3312 PCIDump - ok
10:24:01.0968 3312 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:24:02.0140 3312 PCIIde - ok
10:24:02.0156 3312 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:24:02.0281 3312 Pcmcia - ok
10:24:02.0281 3312 PDCOMP - ok
10:24:02.0296 3312 PDFRAME - ok
10:24:02.0312 3312 PDRELI - ok
10:24:02.0328 3312 PDRFRAME - ok
10:24:02.0343 3312 perc2 - ok
10:24:02.0359 3312 perc2hib - ok
10:24:02.0421 3312 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
10:24:02.0453 3312 PlugPlay - ok
10:24:02.0453 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:24:02.0578 3312 PolicyAgent - ok
10:24:02.0609 3312 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:24:02.0734 3312 PptpMiniport - ok
10:24:02.0781 3312 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:24:02.0921 3312 Processor - ok
10:24:02.0921 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:24:03.0046 3312 ProtectedStorage - ok
10:24:03.0062 3312 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:24:03.0203 3312 PSched - ok
10:24:03.0218 3312 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:24:03.0406 3312 Ptilink - ok
10:24:03.0421 3312 ql1080 - ok
10:24:03.0421 3312 Ql10wnt - ok
10:24:03.0437 3312 ql12160 - ok
10:24:03.0453 3312 ql1240 - ok
10:24:03.0468 3312 ql1280 - ok
10:24:03.0500 3312 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:24:03.0671 3312 RasAcd - ok
10:24:03.0734 3312 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:24:03.0859 3312 RasAuto - ok
10:24:03.0890 3312 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:24:04.0046 3312 Rasl2tp - ok
10:24:04.0093 3312 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:24:04.0234 3312 RasMan - ok
10:24:04.0250 3312 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:24:04.0375 3312 RasPppoe - ok
10:24:04.0406 3312 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:24:04.0578 3312 Raspti - ok
10:24:04.0593 3312 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:24:04.0734 3312 Rdbss - ok
10:24:04.0765 3312 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:24:04.0921 3312 RDPCDD - ok
10:24:05.0000 3312 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:24:05.0062 3312 RDPWD - ok
10:24:05.0109 3312 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:24:05.0250 3312 RDSessMgr - ok
10:24:05.0281 3312 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:24:05.0406 3312 redbook - ok
10:24:05.0453 3312 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:24:05.0593 3312 RemoteAccess - ok
10:24:05.0609 3312 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:24:05.0750 3312 RpcLocator - ok
10:24:05.0796 3312 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:24:05.0812 3312 RpcSs - ok
10:24:05.0859 3312 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:24:06.0031 3312 RSVP - ok
10:24:06.0046 3312 [ 4A0AE7891FCF74ACC848B109294CB80F ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:24:06.0125 3312 RTL8023xp - ok
10:24:06.0156 3312 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:24:06.0281 3312 rtl8139 - ok
10:24:06.0312 3312 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
10:24:06.0437 3312 SamSs - ok
10:24:06.0437 3312 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:24:06.0593 3312 SCardSvr - ok
10:24:06.0640 3312 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:24:06.0781 3312 Schedule - ok
10:24:06.0843 3312 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:24:06.0968 3312 Secdrv - ok
10:24:07.0015 3312 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
10:24:07.0140 3312 seclogon - ok
10:24:07.0156 3312 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
10:24:07.0296 3312 SENS - ok
10:24:07.0328 3312 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:24:07.0468 3312 Serial - ok
10:24:07.0515 3312 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:24:07.0656 3312 Sfloppy - ok
10:24:07.0718 3312 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:24:07.0890 3312 SharedAccess - ok
10:24:07.0921 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:24:07.0953 3312 ShellHWDetection - ok
10:24:07.0953 3312 Simbad - ok
10:24:07.0984 3312 Sparrow - ok
10:24:08.0015 3312 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:24:08.0140 3312 splitter - ok
10:24:08.0171 3312 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:24:08.0234 3312 Spooler - ok
10:24:08.0281 3312 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:24:08.0406 3312 sr - ok
10:24:08.0453 3312 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
10:24:08.0609 3312 srservice - ok
10:24:08.0671 3312 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:24:08.0703 3312 Srv - ok
10:24:08.0765 3312 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:24:08.0906 3312 SSDPSRV - ok
10:24:08.0953 3312 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:24:08.0968 3312 ssmdrv - ok
10:24:08.0984 3312 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
10:24:09.0015 3312 StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:24:09.0015 3312 StarOpen - detected UnsignedFile.Multi.Generic (1)
10:24:09.0062 3312 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:24:09.0250 3312 stisvc - ok
10:24:09.0281 3312 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:24:09.0421 3312 swenum - ok
10:24:09.0453 3312 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:24:09.0593 3312 swmidi - ok
10:24:09.0609 3312 SwPrv - ok
10:24:09.0625 3312 symc810 - ok
10:24:09.0640 3312 symc8xx - ok
10:24:09.0656 3312 sym_hi - ok
10:24:09.0671 3312 sym_u3 - ok
10:24:09.0703 3312 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:24:09.0812 3312 sysaudio - ok
10:24:09.0859 3312 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:24:10.0000 3312 SysmonLog - ok
10:24:10.0046 3312 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:24:10.0187 3312 TapiSrv - ok
10:24:10.0218 3312 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:24:10.0265 3312 Tcpip - ok
10:24:10.0312 3312 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:24:10.0453 3312 TDPIPE - ok
10:24:10.0484 3312 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:24:10.0625 3312 TDTCP - ok
10:24:10.0656 3312 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:24:10.0796 3312 TermDD - ok
10:24:10.0828 3312 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
10:24:11.0000 3312 TermService - ok
10:24:11.0015 3312 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:24:11.0046 3312 Themes - ok
10:24:11.0078 3312 [ 467FF7FB078DCEC24C3F4DB602190E3D ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
10:24:11.0125 3312 tifm21 - ok
10:24:11.0125 3312 TosIde - ok
10:24:11.0187 3312 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:24:11.0328 3312 TrkWks - ok
10:24:11.0375 3312 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:24:11.0515 3312 Udfs - ok
10:24:11.0531 3312 ultra - ok
10:24:11.0593 3312 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:24:11.0781 3312 Update - ok
10:24:11.0843 3312 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:24:12.0000 3312 upnphost - ok
10:24:12.0046 3312 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
10:24:12.0187 3312 UPS - ok
10:24:12.0250 3312 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:24:12.0265 3312 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
10:24:12.0265 3312 USBAAPL - detected UnsignedFile.Multi.Generic (1)
10:24:12.0296 3312 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:24:12.0421 3312 usbehci - ok
10:24:12.0468 3312 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:24:12.0609 3312 usbhub - ok
10:24:12.0625 3312 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:24:12.0781 3312 usbohci - ok
10:24:12.0796 3312 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:24:12.0937 3312 USBSTOR - ok
10:24:12.0953 3312 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:24:13.0093 3312 VgaSave - ok
10:24:13.0093 3312 ViaIde - ok
10:24:13.0109 3312 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:24:13.0250 3312 VolSnap - ok
10:24:13.0281 3312 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
10:24:13.0437 3312 VSS - ok
10:24:13.0468 3312 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
10:24:13.0609 3312 W32Time - ok
10:24:13.0640 3312 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:24:13.0765 3312 Wanarp - ok
10:24:13.0781 3312 WDICA - ok
10:24:13.0796 3312 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:24:13.0937 3312 wdmaud - ok
10:24:13.0984 3312 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:24:14.0140 3312 WebClient - ok
10:24:14.0250 3312 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:24:14.0390 3312 winmgmt - ok
10:24:14.0421 3312 wltrysvc - ok
10:24:14.0453 3312 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:24:14.0578 3312 WmdmPmSN - ok
10:24:14.0625 3312 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:24:14.0750 3312 WmiAcpi - ok
10:24:14.0781 3312 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:24:14.0937 3312 WmiApSrv - ok
10:24:15.0140 3312 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:24:15.0203 3312 WPFFontCache_v0400 - ok
10:24:15.0265 3312 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:24:15.0421 3312 wscsvc - ok
10:24:15.0484 3312 [ 43F767D59BFC25D8F4FC2EB42043EC1E ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
10:24:15.0500 3312 WSIMD ( UnsignedFile.Multi.Generic ) - warning
10:24:15.0500 3312 WSIMD - detected UnsignedFile.Multi.Generic (1)
10:24:15.0531 3312 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:24:15.0671 3312 wuauserv - ok
10:24:15.0734 3312 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:24:15.0937 3312 WZCSVC - ok
10:24:15.0968 3312 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:24:16.0125 3312 xmlprov - ok
10:24:16.0125 3312 ================ Scan global ===============================
10:24:16.0187 3312 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:24:16.0250 3312 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:24:16.0265 3312 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:24:16.0296 3312 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:24:16.0312 3312 [Global] - ok
10:24:16.0312 3312 ================ Scan MBR ==================================
10:24:16.0343 3312 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:24:16.0687 3312 \Device\Harddisk0\DR0 - ok
10:24:16.0703 3312 ================ Scan VBR ==================================
10:24:16.0703 3312 [ 33B0393441EB4201E7BC54352273AEEF ] \Device\Harddisk0\DR0\Partition1
10:24:16.0703 3312 \Device\Harddisk0\DR0\Partition1 - ok
10:24:16.0718 3312 [ B91CE51BC860E2258AE87C58027E98A9 ] \Device\Harddisk0\DR0\Partition2
10:24:16.0718 3312 \Device\Harddisk0\DR0\Partition2 - ok
10:24:16.0734 3312 ============================================================
10:24:16.0734 3312 Scan finished
10:24:16.0734 3312 ============================================================
10:24:16.0859 3256 Detected object count: 6
10:24:16.0859 3256 Actual detected object count: 6
10:35:32.0937 3256 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0937 3256 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:32.0937 3256 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0937 3256 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:32.0937 3256 arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0937 3256 arusb(TP-LINK) ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:32.0937 3256 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0937 3256 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:32.0953 3256 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0953 3256 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:32.0953 3256 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
10:35:32.0953 3256 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:00.0703 3104 Deinitialize success
|
|
14.12.2012, 11:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsam Ist alles unauffällig. Du hast ja auch ei Image zurückgespielt vorher....
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 12:08
| #13 |
| | Avira Antivir Guard startet langsam Das klingt beruhigend. Vielen Dank für die Mühe bis hierher! Ja, hatte ein Image aufgespielt, aber dieses Flackern der Sanduhr, das lange Starten des Antivr-Guards und die immer wieder um eine Stunde verstellte Systemuhr haben mich besorgt. Zumal ich externe Festplatten wieder anschließen will und die natürlich nicht infizieren möchte. Über letztere hatte ich mit Malwarebytes sowie den Rescue-CD's von Kasperski, Avira, Bitdefender und F-Secure scannen lassen - ohne Befund. Werde sie also mal anschließen und dann hoffen, das alles gesund bleibt. Noch eine Frage: Sollte ein Schadprogramm auf den externen Platten laufen, wäre der Weg mit den Live-CD's der Richtige? |
|
14.12.2012, 13:15
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira Antivir Guard startet langsamZitat:
Mit welchem OS du die Dateien löschst ist sowas von wumpe...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 14:18
| #15 |
| | Avira Antivir Guard startet langsam Das ist klar, hatte mich missverständlich ausgedrückt. Aber sie können das System ja "re-infizieren", wenn sie drangesteckt werden. Naja, aber denke mal sie müssten der fünf befundfreien Scans zufolge sauber sein. Bis hierher nochmal besten Dank! |
|
| Themen zu Avira Antivir Guard startet langsam |
| antivir, antivir guard, avira, bho, blinkt, bonjour, cdburnerxp, desktop, echtzeit-scanner, einstellungen, explorer, fehler, frage, herunterfahren, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, langsam, mozilla, plug-in, problem, sanduhr, sekunden, software, task-manager, windows, windows xp |
