| |
| |||||||
Log-Analyse und Auswertung: Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,,Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.08.2012, 12:35
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.startup.homepage: "https://webstore.isotx.com/igmaraudersL.html"
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3476872522-825892699-1154334834-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Max-alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - HKU\S-1-5-21-3476872522-825892699-1154334834-1003 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
:Files
C:\Windows.old\Users\Max Gleißberg\Downloads\Softonic*
C:\Users\Max.Gleißberg-PC\AppData\Roaming\OpenCandy
C:\Program Files (x86)\SearchCore for Browsers
C:\Program Files (x86)\Reviversoft
C:\Program Files (x86)\BabylonToolbar
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\U
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\L
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\N
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\@
C:\Users\Max.Gleißberg-PC\AppData\Local\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\@
C:\ProgramData\2FCD808706.sys
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.08.2012, 13:09
| #17 |
 | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Und hier ist der Log:
__________________Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Max-alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:expstart.exe deleted successfully.
C:\Windows\expstart.exe moved successfully.
========== FILES ==========
C:\Windows.old\Users\Max Gleißberg\Downloads\SoftonicDownloader17614(2).exe moved successfully.
C:\Windows.old\Users\Max Gleißberg\Downloads\SoftonicDownloader17614.exe moved successfully.
C:\Windows.old\Users\Max Gleißberg\Downloads\SoftonicDownloader47285.exe moved successfully.
C:\Windows.old\Users\Max Gleißberg\Downloads\SoftonicDownloader48960.exe moved successfully.
C:\Users\Max.Gleißberg-PC\AppData\Roaming\OpenCandy\OpenCandy_83F6C16F4B7241F5B5B897533DACD919 folder moved successfully.
C:\Users\Max.Gleißberg-PC\AppData\Roaming\OpenCandy\OpenCandy_6F9D3DD61AB649C48C3D4EBC11223244 folder moved successfully.
C:\Users\Max.Gleißberg-PC\AppData\Roaming\OpenCandy\6F9D3DD61AB649C48C3D4EBC11223244 folder moved successfully.
C:\Users\Max.Gleißberg-PC\AppData\Roaming\OpenCandy folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64 folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\ZH folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\TR folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\th folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\sv folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\RU folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\ro folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\pt folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\no folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\JA folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\ITLY folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\in folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\hu folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\hr folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\GRMN folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\FR folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\fi folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\ES folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\ENG folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\el folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\DTCH folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\DA folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\cs folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver\bg folder moved successfully.
C:\Program Files (x86)\Reviversoft\Registry Reviver folder moved successfully.
C:\Program Files (x86)\Reviversoft folder moved successfully.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\U folder moved successfully.
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\L folder moved successfully.
File\Folder C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\N not found.
C:\Windows\Installer\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\@ moved successfully.
C:\Users\Max.Gleißberg-PC\AppData\Local\{f133ba2a-ae86-ceed-75cd-206ecaa4a271}\@ moved successfully.
C:\ProgramData\2FCD808706.sys moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gleißberg
->Temp folder emptied: 198884717 bytes
->Temporary Internet Files folder emptied: 102150569 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100161727 bytes
->Flash cache emptied: 23948650 bytes
User: Max
User: Max-alt
->FireFox cache emptied: 130829250 bytes
->Flash cache emptied: 185859 bytes
User: Max.Gleiáberg-PC
->Temporary Internet Files folder emptied: 1122859 bytes
->Google Chrome cache emptied: 6099312 bytes
User: Max.Gleißberg-PC
->Temp folder emptied: 172390509 bytes
->Temporary Internet Files folder emptied: 795267397 bytes
->Java cache emptied: 119894576 bytes
->Google Chrome cache emptied: 219146958 bytes
->Flash cache emptied: 17316860 bytes
User: Max.Glei�berg-PC
User: MAX~1~GLE
->Temp folder emptied: 0 bytes
User: Public
User: Ronny
->Temp folder emptied: 407 bytes
->Temporary Internet Files folder emptied: 67842966 bytes
User: Sabine
->Temp folder emptied: 75712581 bytes
->Temporary Internet Files folder emptied: 616975614 bytes
->Java cache emptied: 120171 bytes
->FireFox cache emptied: 8462325 bytes
->Google Chrome cache emptied: 6744542 bytes
->Flash cache emptied: 6344 bytes
User: Sabine-alt
->Flash cache emptied: 3001 bytes
User: Thomas
->Temp folder emptied: 49726311 bytes
->Temporary Internet Files folder emptied: 88885778 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 4044 bytes
User: Thomas-alt
->Flash cache emptied: 1659 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 954507 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51849763 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 647 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.723,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Gleißberg
->Flash cache emptied: 0 bytes
User: Max
User: Max-alt
->Flash cache emptied: 0 bytes
User: Max.Gleiáberg-PC
User: Max.Gleißberg-PC
->Flash cache emptied: 0 bytes
User: Max.Glei�berg-PC
User: MAX~1~GLE
User: Public
User: Ronny
User: Sabine
->Flash cache emptied: 0 bytes
User: Sabine-alt
->Flash cache emptied: 0 bytes
User: Thomas
->Flash cache emptied: 0 bytes
User: Thomas-alt
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 08042012_140016
Files\Folders moved on Reboot...
C:\Users\Max.Gleißberg-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Max.Gleißberg-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
04.08.2012, 18:01
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
04.08.2012, 19:16
| #19 |
| | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Bitteschön hier das Log: Code:
ATTFilter
20:11:00.0570 3340 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:11:00.0865 3340 ============================================================
20:11:00.0865 3340 Current date / time: 2012/08/04 20:11:00.0865
20:11:00.0865 3340 SystemInfo:
20:11:00.0865 3340
20:11:00.0865 3340 OS Version: 6.1.7601 ServicePack: 1.0
20:11:00.0865 3340 Product type: Workstation
20:11:00.0865 3340 ComputerName: GLEIßBERG-PC
20:11:00.0865 3340 UserName: Max
20:11:00.0865 3340 Windows directory: C:\Windows
20:11:00.0865 3340 System windows directory: C:\Windows
20:11:00.0865 3340 Running under WOW64
20:11:00.0865 3340 Processor architecture: Intel x64
20:11:00.0865 3340 Number of processors: 2
20:11:00.0865 3340 Page size: 0x1000
20:11:00.0866 3340 Boot type: Normal boot
20:11:00.0866 3340 ============================================================
20:11:01.0983 3340 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:01.0997 3340 ============================================================
20:11:01.0997 3340 \Device\Harddisk0\DR0:
20:11:01.0997 3340 MBR partitions:
20:11:01.0997 3340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:11:01.0997 3340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x712D3000
20:11:01.0997 3340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71305800, BlocksNum 0x3200000
20:11:01.0997 3340 ============================================================
20:11:02.0018 3340 C: <-> \Device\Harddisk0\DR0\Partition1
20:11:02.0057 3340 D: <-> \Device\Harddisk0\DR0\Partition2
20:11:02.0057 3340 ============================================================
20:11:02.0057 3340 Initialize success
20:11:02.0057 3340 ============================================================
20:12:05.0218 3172 ============================================================
20:12:05.0218 3172 Scan started
20:12:05.0218 3172 Mode: Manual; SigCheck; TDLFS;
20:12:05.0218 3172 ============================================================
20:12:06.0801 3172 1394hub - ok
20:12:07.0028 3172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:07.0221 3172 1394ohci - ok
20:12:07.0249 3172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:07.0265 3172 ACPI - ok
20:12:07.0311 3172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:07.0383 3172 AcpiPmi - ok
20:12:07.0582 3172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:12:07.0601 3172 AdobeARMservice - ok
20:12:07.0672 3172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:07.0691 3172 adp94xx - ok
20:12:07.0708 3172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:07.0725 3172 adpahci - ok
20:12:07.0741 3172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:07.0754 3172 adpu320 - ok
20:12:07.0809 3172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:12:07.0936 3172 AeLookupSvc - ok
20:12:07.0986 3172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:12:08.0031 3172 AFD - ok
20:12:08.0069 3172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:08.0083 3172 agp440 - ok
20:12:08.0358 3172 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
20:12:08.0358 3172 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
20:12:08.0369 3172 Akamai ( HiddenFile.Multi.Generic ) - warning
20:12:08.0369 3172 Akamai - detected HiddenFile.Multi.Generic (1)
20:12:08.0474 3172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:12:08.0521 3172 ALG - ok
20:12:08.0592 3172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:08.0613 3172 aliide - ok
20:12:08.0624 3172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:08.0635 3172 amdide - ok
20:12:08.0679 3172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:08.0747 3172 AmdK8 - ok
20:12:08.0755 3172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:08.0772 3172 AmdPPM - ok
20:12:08.0804 3172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:12:08.0816 3172 amdsata - ok
20:12:08.0832 3172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:08.0845 3172 amdsbs - ok
20:12:08.0869 3172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:12:08.0880 3172 amdxata - ok
20:12:08.0926 3172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:09.0073 3172 AppID - ok
20:12:09.0115 3172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:12:09.0215 3172 AppIDSvc - ok
20:12:09.0298 3172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:12:09.0351 3172 Appinfo - ok
20:12:09.0365 3172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:09.0377 3172 arc - ok
20:12:09.0391 3172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:09.0403 3172 arcsas - ok
20:12:09.0583 3172 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:12:09.0638 3172 aspnet_state - ok
20:12:09.0666 3172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:09.0721 3172 AsyncMac - ok
20:12:09.0759 3172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:09.0779 3172 atapi - ok
20:12:09.0853 3172 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:12:09.0881 3172 atksgt - ok
20:12:09.0941 3172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:12:10.0014 3172 AudioEndpointBuilder - ok
20:12:10.0022 3172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:12:10.0058 3172 AudioSrv - ok
20:12:10.0263 3172 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
20:12:10.0283 3172 AVG Security Toolbar Service - ok
20:12:10.0332 3172 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:12:10.0347 3172 AVGIDSEH - ok
20:12:10.0419 3172 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
20:12:10.0444 3172 Avgtdia - ok
20:12:10.0488 3172 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
20:12:10.0498 3172 avgwd - ok
20:12:10.0557 3172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:12:10.0646 3172 AxInstSV - ok
20:12:10.0722 3172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:10.0757 3172 b06bdrv - ok
20:12:10.0825 3172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:10.0871 3172 b57nd60a - ok
20:12:10.0929 3172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:12:10.0983 3172 BDESVC - ok
20:12:10.0998 3172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:11.0078 3172 Beep - ok
20:12:11.0125 3172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:11.0160 3172 blbdrive - ok
20:12:11.0204 3172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:11.0263 3172 bowser - ok
20:12:11.0280 3172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:11.0341 3172 BrFiltLo - ok
20:12:11.0360 3172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:11.0384 3172 BrFiltUp - ok
20:12:11.0429 3172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:12:11.0506 3172 Browser - ok
20:12:11.0529 3172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:11.0569 3172 Brserid - ok
20:12:11.0584 3172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:11.0599 3172 BrSerWdm - ok
20:12:11.0612 3172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:11.0651 3172 BrUsbMdm - ok
20:12:11.0656 3172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:11.0688 3172 BrUsbSer - ok
20:12:11.0715 3172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:12:11.0759 3172 BTHMODEM - ok
20:12:11.0832 3172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:12:11.0881 3172 bthserv - ok
20:12:11.0894 3172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:12:11.0927 3172 cdfs - ok
20:12:11.0978 3172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:12:12.0012 3172 cdrom - ok
20:12:12.0115 3172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:12:12.0171 3172 CertPropSvc - ok
20:12:12.0190 3172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:12:12.0213 3172 circlass - ok
20:12:12.0237 3172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:12:12.0253 3172 CLFS - ok
20:12:12.0357 3172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:12:12.0378 3172 clr_optimization_v2.0.50727_32 - ok
20:12:12.0432 3172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:12:12.0441 3172 clr_optimization_v2.0.50727_64 - ok
20:12:12.0552 3172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:12:12.0659 3172 clr_optimization_v4.0.30319_32 - ok
20:12:12.0702 3172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:12:12.0723 3172 clr_optimization_v4.0.30319_64 - ok
20:12:12.0747 3172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:12:12.0773 3172 CmBatt - ok
20:12:12.0809 3172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:12:12.0820 3172 cmdide - ok
20:12:12.0875 3172 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:12:12.0912 3172 CNG - ok
20:12:12.0928 3172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:12:12.0939 3172 Compbatt - ok
20:12:12.0996 3172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:12:13.0034 3172 CompositeBus - ok
20:12:13.0046 3172 COMSysApp - ok
20:12:13.0061 3172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:12:13.0083 3172 crcdisk - ok
20:12:13.0143 3172 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:12:13.0196 3172 CryptSvc - ok
20:12:13.0319 3172 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:12:13.0334 3172 DAUpdaterSvc - ok
20:12:13.0396 3172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:12:13.0455 3172 DcomLaunch - ok
20:12:13.0501 3172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:12:13.0557 3172 defragsvc - ok
20:12:13.0593 3172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:12:13.0646 3172 DfsC - ok
20:12:13.0665 3172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:12:13.0698 3172 Dhcp - ok
20:12:13.0709 3172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:12:13.0758 3172 discache - ok
20:12:13.0784 3172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:12:13.0795 3172 Disk - ok
20:12:13.0845 3172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:12:13.0893 3172 Dnscache - ok
20:12:13.0942 3172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:12:13.0984 3172 dot3svc - ok
20:12:14.0034 3172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:12:14.0107 3172 DPS - ok
20:12:14.0183 3172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:12:14.0224 3172 drmkaud - ok
20:12:14.0267 3172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:12:14.0297 3172 DXGKrnl - ok
20:12:14.0311 3172 EagleX64 - ok
20:12:14.0360 3172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:12:14.0421 3172 EapHost - ok
20:12:14.0537 3172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:12:14.0626 3172 ebdrv - ok
20:12:14.0764 3172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:12:14.0824 3172 EFS - ok
20:12:14.0934 3172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:12:14.0970 3172 elxstor - ok
20:12:15.0013 3172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:12:15.0025 3172 ErrDev - ok
20:12:15.0054 3172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:12:15.0099 3172 EventSystem - ok
20:12:15.0120 3172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:12:15.0155 3172 exfat - ok
20:12:15.0174 3172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:12:15.0222 3172 fastfat - ok
20:12:15.0300 3172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:12:15.0360 3172 Fax - ok
20:12:15.0373 3172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:12:15.0384 3172 fdc - ok
20:12:15.0400 3172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:12:15.0440 3172 fdPHost - ok
20:12:15.0461 3172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:12:15.0501 3172 FDResPub - ok
20:12:15.0517 3172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:12:15.0529 3172 FileInfo - ok
20:12:15.0535 3172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:12:15.0584 3172 Filetrace - ok
20:12:15.0602 3172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:12:15.0626 3172 flpydisk - ok
20:12:15.0684 3172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:12:15.0713 3172 FltMgr - ok
20:12:15.0784 3172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:12:15.0849 3172 FontCache - ok
20:12:15.0959 3172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:12:15.0977 3172 FontCache3.0.0.0 - ok
20:12:16.0027 3172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:12:16.0049 3172 FsDepends - ok
20:12:16.0100 3172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:12:16.0122 3172 Fs_Rec - ok
20:12:16.0187 3172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:12:16.0213 3172 fvevol - ok
20:12:16.0235 3172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:12:16.0247 3172 gagp30kx - ok
20:12:16.0306 3172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:12:16.0349 3172 gpsvc - ok
20:12:16.0425 3172 Gun (721ce1551f8198714f3cabfe2147939b) C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys
20:12:16.0442 3172 Gun - ok
20:12:16.0582 3172 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:12:16.0603 3172 gupdate - ok
20:12:16.0612 3172 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:12:16.0628 3172 gupdatem - ok
20:12:16.0672 3172 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:12:16.0681 3172 hamachi - ok
20:12:16.0705 3172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:12:16.0758 3172 hcw85cir - ok
20:12:16.0816 3172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:12:16.0843 3172 HdAudAddService - ok
20:12:16.0901 3172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:12:16.0938 3172 HDAudBus - ok
20:12:16.0944 3172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:12:17.0009 3172 HidBatt - ok
20:12:17.0019 3172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:12:17.0047 3172 HidBth - ok
20:12:17.0060 3172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:12:17.0088 3172 HidIr - ok
20:12:17.0112 3172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:12:17.0143 3172 hidserv - ok
20:12:17.0212 3172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:12:17.0234 3172 HidUsb - ok
20:12:17.0324 3172 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
20:12:17.0338 3172 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
20:12:17.0338 3172 HiPatchService - detected UnsignedFile.Multi.Generic (1)
20:12:17.0384 3172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:12:17.0446 3172 hkmsvc - ok
20:12:17.0489 3172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:12:17.0557 3172 HomeGroupListener - ok
20:12:17.0605 3172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:12:17.0644 3172 HomeGroupProvider - ok
20:12:17.0704 3172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:12:17.0727 3172 HpSAMD - ok
20:12:17.0759 3172 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
20:12:17.0768 3172 HssDrv - ok
20:12:17.0806 3172 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
20:12:17.0820 3172 HssSrv - ok
20:12:17.0844 3172 HssWd - ok
20:12:17.0903 3172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:12:17.0957 3172 HTTP - ok
20:12:17.0973 3172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:12:17.0984 3172 hwpolicy - ok
20:12:18.0011 3172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:12:18.0023 3172 i8042prt - ok
20:12:18.0052 3172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:12:18.0069 3172 iaStorV - ok
20:12:18.0244 3172 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:12:18.0266 3172 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:12:18.0266 3172 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:12:18.0399 3172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:12:18.0433 3172 idsvc - ok
20:12:18.0567 3172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:12:18.0590 3172 iirsp - ok
20:12:18.0663 3172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:12:18.0740 3172 IKEEXT - ok
20:12:18.0789 3172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:12:18.0811 3172 intelide - ok
20:12:18.0829 3172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:12:18.0855 3172 intelppm - ok
20:12:18.0899 3172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:12:18.0943 3172 IPBusEnum - ok
20:12:18.0985 3172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:12:19.0034 3172 IpFilterDriver - ok
20:12:19.0069 3172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:12:19.0105 3172 IPMIDRV - ok
20:12:19.0138 3172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:12:19.0180 3172 IPNAT - ok
20:12:19.0227 3172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:12:19.0260 3172 IRENUM - ok
20:12:19.0306 3172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:12:19.0327 3172 isapnp - ok
20:12:19.0371 3172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:12:19.0385 3172 iScsiPrt - ok
20:12:19.0408 3172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:12:19.0419 3172 kbdclass - ok
20:12:19.0462 3172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:12:19.0475 3172 kbdhid - ok
20:12:19.0518 3172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:19.0529 3172 KeyIso - ok
20:12:19.0578 3172 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:12:19.0601 3172 KSecDD - ok
20:12:19.0650 3172 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:12:19.0675 3172 KSecPkg - ok
20:12:19.0723 3172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:12:19.0765 3172 ksthunk - ok
20:12:19.0801 3172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:12:19.0896 3172 KtmRm - ok
20:12:19.0965 3172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:12:20.0024 3172 LanmanServer - ok
20:12:20.0072 3172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:12:20.0119 3172 LanmanWorkstation - ok
20:12:20.0203 3172 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:12:20.0220 3172 lirsgt - ok
20:12:20.0245 3172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:12:20.0291 3172 lltdio - ok
20:12:20.0313 3172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:12:20.0362 3172 lltdsvc - ok
20:12:20.0381 3172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:12:20.0426 3172 lmhosts - ok
20:12:20.0453 3172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:12:20.0465 3172 LSI_FC - ok
20:12:20.0476 3172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:12:20.0489 3172 LSI_SAS - ok
20:12:20.0503 3172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:12:20.0515 3172 LSI_SAS2 - ok
20:12:20.0529 3172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:12:20.0541 3172 LSI_SCSI - ok
20:12:20.0570 3172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:12:20.0637 3172 luafv - ok
20:12:20.0687 3172 lxdu_device - ok
20:12:20.0848 3172 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:12:20.0872 3172 MDM - ok
20:12:20.0890 3172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:12:20.0901 3172 megasas - ok
20:12:20.0921 3172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:12:20.0936 3172 MegaSR - ok
20:12:20.0954 3172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:12:21.0000 3172 MMCSS - ok
20:12:21.0013 3172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:12:21.0045 3172 Modem - ok
20:12:21.0094 3172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:12:21.0107 3172 monitor - ok
20:12:21.0147 3172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:12:21.0158 3172 mouclass - ok
20:12:21.0173 3172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:12:21.0199 3172 mouhid - ok
20:12:21.0242 3172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:12:21.0253 3172 mountmgr - ok
20:12:21.0308 3172 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:12:21.0322 3172 MpFilter - ok
20:12:21.0372 3172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:12:21.0397 3172 mpio - ok
20:12:21.0414 3172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:12:21.0445 3172 mpsdrv - ok
20:12:21.0492 3172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:12:21.0529 3172 MRxDAV - ok
20:12:21.0584 3172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:12:21.0640 3172 mrxsmb - ok
20:12:21.0689 3172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:12:21.0724 3172 mrxsmb10 - ok
20:12:21.0744 3172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:12:21.0781 3172 mrxsmb20 - ok
20:12:21.0827 3172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:12:21.0847 3172 msahci - ok
20:12:21.0869 3172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:12:21.0882 3172 msdsm - ok
20:12:21.0918 3172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:12:21.0932 3172 MSDTC - ok
20:12:21.0975 3172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:12:22.0022 3172 Msfs - ok
20:12:22.0043 3172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:12:22.0073 3172 mshidkmdf - ok
20:12:22.0112 3172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:12:22.0122 3172 msisadrv - ok
20:12:22.0169 3172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:12:22.0217 3172 MSiSCSI - ok
20:12:22.0221 3172 msiserver - ok
20:12:22.0258 3172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:12:22.0289 3172 MSKSSRV - ok
20:12:22.0307 3172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:12:22.0353 3172 MSPCLOCK - ok
20:12:22.0367 3172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:12:22.0415 3172 MSPQM - ok
20:12:22.0462 3172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:12:22.0478 3172 MsRPC - ok
20:12:22.0497 3172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:12:22.0507 3172 mssmbios - ok
20:12:22.0520 3172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:12:22.0562 3172 MSTEE - ok
20:12:22.0574 3172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:12:22.0584 3172 MTConfig - ok
20:12:22.0600 3172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:12:22.0611 3172 Mup - ok
20:12:22.0666 3172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:12:22.0718 3172 napagent - ok
20:12:22.0788 3172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:12:22.0836 3172 NativeWifiP - ok
20:12:22.0883 3172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:12:22.0909 3172 NDIS - ok
20:12:22.0928 3172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:12:22.0960 3172 NdisCap - ok
20:12:22.0983 3172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:23.0033 3172 NdisTapi - ok
20:12:23.0068 3172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:23.0110 3172 Ndisuio - ok
20:12:23.0159 3172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:23.0203 3172 NdisWan - ok
20:12:23.0251 3172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:12:23.0291 3172 NDProxy - ok
20:12:23.0309 3172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:12:23.0339 3172 NetBIOS - ok
20:12:23.0355 3172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:12:23.0387 3172 NetBT - ok
20:12:23.0430 3172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:23.0441 3172 Netlogon - ok
20:12:23.0485 3172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:12:23.0531 3172 Netman - ok
20:12:23.0687 3172 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:23.0725 3172 NetMsmqActivator - ok
20:12:23.0731 3172 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:23.0743 3172 NetPipeActivator - ok
20:12:23.0780 3172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:12:23.0817 3172 netprofm - ok
20:12:23.0830 3172 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:23.0841 3172 NetTcpActivator - ok
20:12:23.0845 3172 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:23.0855 3172 NetTcpPortSharing - ok
20:12:23.0913 3172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:23.0924 3172 nfrd960 - ok
20:12:23.0969 3172 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:12:23.0979 3172 NisDrv - ok
20:12:24.0081 3172 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:12:24.0106 3172 NisSrv - ok
20:12:24.0149 3172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:12:24.0213 3172 NlaSvc - ok
20:12:24.0237 3172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:12:24.0267 3172 Npfs - ok
20:12:24.0284 3172 npggsvc - ok
20:12:24.0295 3172 NPPTNT2 - ok
20:12:24.0343 3172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:12:24.0408 3172 nsi - ok
20:12:24.0428 3172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:12:24.0470 3172 nsiproxy - ok
20:12:24.0565 3172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:12:24.0627 3172 Ntfs - ok
20:12:24.0694 3172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:12:24.0763 3172 Null - ok
20:12:24.0829 3172 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:12:24.0859 3172 NVENETFD - ok
20:12:24.0918 3172 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
20:12:24.0939 3172 NVHDA - ok
20:12:25.0327 3172 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:12:25.0671 3172 nvlddmkm - ok
20:12:25.0746 3172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:12:25.0765 3172 nvraid - ok
20:12:25.0779 3172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:12:25.0792 3172 nvstor - ok
20:12:25.0858 3172 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
20:12:25.0888 3172 nvsvc - ok
20:12:26.0032 3172 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:12:26.0061 3172 nvUpdatusService - ok
20:12:26.0115 3172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:12:26.0132 3172 nv_agp - ok
20:12:26.0177 3172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:12:26.0208 3172 ohci1394 - ok
20:12:26.0270 3172 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:26.0288 3172 ose - ok
20:12:26.0345 3172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:12:26.0400 3172 p2pimsvc - ok
20:12:26.0420 3172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:12:26.0450 3172 p2psvc - ok
20:12:26.0574 3172 PanService (4ff8e53868f54b39ff5e2feba901f6e3) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
20:12:26.0613 3172 PanService - ok
20:12:26.0665 3172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:12:26.0689 3172 Parport - ok
20:12:26.0733 3172 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:12:26.0755 3172 partmgr - ok
20:12:26.0773 3172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:12:26.0799 3172 PcaSvc - ok
20:12:26.0850 3172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:12:26.0863 3172 pci - ok
20:12:26.0875 3172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:12:26.0885 3172 pciide - ok
20:12:26.0901 3172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:26.0915 3172 pcmcia - ok
20:12:26.0934 3172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:12:26.0945 3172 pcw - ok
20:12:26.0972 3172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:12:27.0013 3172 PEAUTH - ok
20:12:27.0110 3172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:12:27.0146 3172 PerfHost - ok
20:12:27.0262 3172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:12:27.0342 3172 pla - ok
20:12:27.0393 3172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:12:27.0438 3172 PlugPlay - ok
20:12:27.0463 3172 PnkBstrA - ok
20:12:27.0511 3172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:12:27.0539 3172 PNRPAutoReg - ok
20:12:27.0559 3172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:12:27.0576 3172 PNRPsvc - ok
20:12:27.0634 3172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:12:27.0676 3172 PolicyAgent - ok
20:12:27.0718 3172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:12:27.0752 3172 Power - ok
20:12:27.0825 3172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:27.0866 3172 PptpMiniport - ok
20:12:27.0906 3172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:12:27.0928 3172 Processor - ok
20:12:27.0976 3172 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:12:28.0007 3172 ProfSvc - ok
20:12:28.0050 3172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:28.0067 3172 ProtectedStorage - ok
20:12:28.0118 3172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:12:28.0161 3172 Psched - ok
20:12:28.0220 3172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:28.0276 3172 ql2300 - ok
20:12:28.0383 3172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:28.0407 3172 ql40xx - ok
20:12:28.0442 3172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:12:28.0459 3172 QWAVE - ok
20:12:28.0470 3172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:12:28.0500 3172 QWAVEdrv - ok
20:12:28.0514 3172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:28.0552 3172 RasAcd - ok
20:12:28.0605 3172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:28.0676 3172 RasAgileVpn - ok
20:12:28.0705 3172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:12:28.0748 3172 RasAuto - ok
20:12:28.0797 3172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:28.0853 3172 Rasl2tp - ok
20:12:28.0885 3172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:12:28.0930 3172 RasMan - ok
20:12:28.0968 3172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:29.0000 3172 RasPppoe - ok
20:12:29.0052 3172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:29.0125 3172 RasSstp - ok
20:12:29.0165 3172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:29.0206 3172 rdbss - ok
20:12:29.0237 3172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:29.0250 3172 rdpbus - ok
20:12:29.0269 3172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:29.0300 3172 RDPCDD - ok
20:12:29.0323 3172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:12:29.0367 3172 RDPENCDD - ok
20:12:29.0412 3172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:12:29.0476 3172 RDPREFMP - ok
20:12:29.0513 3172 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:12:29.0555 3172 RDPWD - ok
20:12:29.0601 3172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:12:29.0614 3172 rdyboost - ok
20:12:29.0669 3172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:12:29.0720 3172 RemoteAccess - ok
20:12:29.0769 3172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:12:29.0820 3172 RemoteRegistry - ok
20:12:29.0836 3172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:12:29.0879 3172 RpcEptMapper - ok
20:12:29.0901 3172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:12:29.0914 3172 RpcLocator - ok
20:12:29.0996 3172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:12:30.0035 3172 RpcSs - ok
20:12:30.0049 3172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:30.0089 3172 rspndr - ok
20:12:30.0131 3172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:30.0142 3172 SamSs - ok
20:12:30.0193 3172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:12:30.0217 3172 sbp2port - ok
20:12:30.0229 3172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:12:30.0271 3172 SCardSvr - ok
20:12:30.0346 3172 SCDEmu (46942b6980b35ffda6afa40a8328938c) C:\Windows\system32\drivers\SCDEmu.sys
20:12:30.0365 3172 SCDEmu - ok
20:12:30.0389 3172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:30.0449 3172 scfilter - ok
20:12:30.0488 3172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:12:30.0555 3172 Schedule - ok
20:12:30.0603 3172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:12:30.0633 3172 SCPolicySvc - ok
20:12:30.0688 3172 scramby (cdde0b41d4c739b8c85e81c39a595a1a) C:\Windows\system32\drivers\scramby.sys
20:12:30.0707 3172 scramby - ok
20:12:30.0728 3172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:12:30.0780 3172 SDRSVC - ok
20:12:30.0810 3172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:12:30.0841 3172 secdrv - ok
20:12:30.0851 3172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:12:30.0904 3172 seclogon - ok
20:12:30.0919 3172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:12:30.0951 3172 SENS - ok
20:12:30.0964 3172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:12:30.0997 3172 SensrSvc - ok
20:12:31.0008 3172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:12:31.0024 3172 Serenum - ok
20:12:31.0047 3172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:12:31.0079 3172 Serial - ok
20:12:31.0117 3172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:31.0147 3172 sermouse - ok
20:12:31.0204 3172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:12:31.0256 3172 SessionEnv - ok
20:12:31.0322 3172 sfdrv01 (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
20:12:31.0339 3172 sfdrv01 - ok
20:12:31.0390 3172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:12:31.0428 3172 sffdisk - ok
20:12:31.0441 3172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:31.0492 3172 sffp_mmc - ok
20:12:31.0514 3172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:12:31.0541 3172 sffp_sd - ok
20:12:31.0555 3172 sfhlp02 (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
20:12:31.0563 3172 sfhlp02 - ok
20:12:31.0576 3172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:31.0596 3172 sfloppy - ok
20:12:31.0696 3172 sfvfs02 (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
20:12:31.0715 3172 sfvfs02 - ok
20:12:31.0777 3172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:12:31.0837 3172 ShellHWDetection - ok
20:12:31.0868 3172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:31.0880 3172 SiSRaid2 - ok
20:12:31.0891 3172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:31.0902 3172 SiSRaid4 - ok
20:12:32.0009 3172 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:12:32.0028 3172 SkypeUpdate - ok
20:12:32.0061 3172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:12:32.0109 3172 Smb - ok
20:12:32.0168 3172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:12:32.0181 3172 SNMPTRAP - ok
20:12:32.0190 3172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:12:32.0200 3172 spldr - ok
20:12:32.0259 3172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:12:32.0300 3172 Spooler - ok
20:12:32.0430 3172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:12:32.0603 3172 sppsvc - ok
20:12:32.0703 3172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:12:32.0777 3172 sppuinotify - ok
20:12:32.0866 3172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:12:32.0963 3172 srv - ok
20:12:32.0994 3172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:12:33.0025 3172 srv2 - ok
20:12:33.0045 3172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:33.0058 3172 srvnet - ok
20:12:33.0081 3172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:12:33.0129 3172 SSDPSRV - ok
20:12:33.0146 3172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:12:33.0191 3172 SstpSvc - ok
20:12:33.0251 3172 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
20:12:33.0262 3172 ss_bbus - ok
20:12:33.0311 3172 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:12:33.0327 3172 ss_bmdfl - ok
20:12:33.0346 3172 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:12:33.0357 3172 ss_bmdm - ok
20:12:33.0469 3172 Steam Client Service - ok
20:12:33.0599 3172 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:12:33.0624 3172 Stereo Service - ok
20:12:33.0669 3172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:33.0691 3172 stexstor - ok
20:12:33.0752 3172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:12:33.0781 3172 stisvc - ok
20:12:33.0829 3172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:12:33.0850 3172 swenum - ok
20:12:33.0973 3172 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:12:33.0998 3172 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:12:33.0998 3172 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:12:34.0061 3172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:12:34.0110 3172 swprv - ok
20:12:34.0210 3172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:12:34.0258 3172 SysMain - ok
20:12:34.0405 3172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:12:34.0438 3172 TabletInputService - ok
20:12:34.0461 3172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:12:34.0506 3172 TapiSrv - ok
20:12:34.0524 3172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:12:34.0566 3172 TBS - ok
20:12:34.0733 3172 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:12:34.0815 3172 Tcpip - ok
20:12:34.0950 3172 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:34.0988 3172 TCPIP6 - ok
20:12:35.0078 3172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:12:35.0155 3172 tcpipreg - ok
20:12:35.0242 3172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:12:35.0285 3172 TDPIPE - ok
20:12:35.0328 3172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:12:35.0362 3172 TDTCP - ok
20:12:35.0408 3172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:12:35.0452 3172 tdx - ok
20:12:35.0493 3172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:12:35.0504 3172 TermDD - ok
20:12:35.0535 3172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:12:35.0595 3172 TermService - ok
20:12:35.0668 3172 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
20:12:35.0684 3172 TFsExDisk - ok
20:12:35.0730 3172 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
20:12:35.0749 3172 Themes ( UnsignedFile.Multi.Generic ) - warning
20:12:35.0749 3172 Themes - detected UnsignedFile.Multi.Generic (1)
20:12:35.0797 3172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:12:35.0843 3172 THREADORDER - ok
20:12:35.0891 3172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:12:35.0959 3172 TrkWks - ok
20:12:36.0029 3172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:12:36.0101 3172 TrustedInstaller - ok
20:12:36.0154 3172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:36.0183 3172 tssecsrv - ok
20:12:36.0244 3172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:12:36.0292 3172 TsUsbFlt - ok
20:12:36.0357 3172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:36.0430 3172 tunnel - ok
20:12:36.0483 3172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:36.0496 3172 uagp35 - ok
20:12:36.0515 3172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:12:36.0558 3172 udfs - ok
20:12:36.0577 3172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:12:36.0603 3172 UI0Detect - ok
20:12:36.0648 3172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:12:36.0659 3172 uliagpkx - ok
20:12:36.0701 3172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:12:36.0737 3172 umbus - ok
20:12:36.0756 3172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:12:36.0769 3172 UmPass - ok
20:12:36.0786 3172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:12:36.0822 3172 upnphost - ok
20:12:36.0831 3172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:36.0869 3172 usbccgp - ok
20:12:36.0925 3172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:12:36.0959 3172 usbcir - ok
20:12:36.0980 3172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:12:37.0006 3172 usbehci - ok
20:12:37.0031 3172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:37.0060 3172 usbhub - ok
20:12:37.0077 3172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:12:37.0090 3172 usbohci - ok
20:12:37.0096 3172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:37.0113 3172 usbprint - ok
20:12:37.0164 3172 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:37.0178 3172 usbscan - ok
20:12:37.0192 3172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:37.0242 3172 USBSTOR - ok
20:12:37.0250 3172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:12:37.0289 3172 usbuhci - ok
20:12:37.0321 3172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:12:37.0360 3172 UxSms - ok
20:12:37.0407 3172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:37.0418 3172 VaultSvc - ok
20:12:37.0445 3172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:12:37.0456 3172 vdrvroot - ok
20:12:37.0509 3172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:12:37.0546 3172 vds - ok
20:12:37.0563 3172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:37.0576 3172 vga - ok
20:12:37.0591 3172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:12:37.0633 3172 VgaSave - ok
20:12:37.0682 3172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:12:37.0696 3172 vhdmp - ok
20:12:37.0740 3172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:12:37.0750 3172 viaide - ok
20:12:37.0764 3172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:12:37.0775 3172 volmgr - ok
20:12:37.0826 3172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:12:37.0842 3172 volmgrx - ok
20:12:37.0856 3172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:12:37.0871 3172 volsnap - ok
20:12:37.0890 3172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:37.0903 3172 vsmraid - ok
20:12:37.0987 3172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:12:38.0077 3172 VSS - ok
20:12:38.0217 3172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:12:38.0260 3172 vwifibus - ok
20:12:38.0317 3172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:12:38.0371 3172 W32Time - ok
20:12:38.0394 3172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:38.0417 3172 WacomPen - ok
20:12:38.0446 3172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:38.0486 3172 WANARP - ok
20:12:38.0497 3172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:38.0528 3172 Wanarpv6 - ok
20:12:38.0577 3172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:12:38.0633 3172 wbengine - ok
20:12:38.0676 3172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:12:38.0698 3172 WbioSrvc - ok
20:12:38.0743 3172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:12:38.0764 3172 wcncsvc - ok
20:12:38.0775 3172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:12:38.0811 3172 WcsPlugInService - ok
20:12:38.0831 3172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:12:38.0842 3172 Wd - ok
20:12:38.0872 3172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:12:38.0893 3172 Wdf01000 - ok
20:12:38.0906 3172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:12:38.0997 3172 WdiServiceHost - ok
20:12:39.0005 3172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:12:39.0022 3172 WdiSystemHost - ok
20:12:39.0035 3172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:12:39.0056 3172 WebClient - ok
20:12:39.0069 3172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:12:39.0104 3172 Wecsvc - ok
20:12:39.0115 3172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:12:39.0164 3172 wercplsupport - ok
20:12:39.0203 3172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:12:39.0236 3172 WerSvc - ok
20:12:39.0264 3172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:39.0294 3172 WfpLwf - ok
20:12:39.0308 3172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:12:39.0319 3172 WIMMount - ok
20:12:39.0327 3172 WinHttpAutoProxySvc - ok
20:12:39.0427 3172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:12:39.0475 3172 Winmgmt - ok
20:12:39.0537 3172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:12:39.0633 3172 WinRM - ok
20:12:39.0765 3172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:12:39.0800 3172 Wlansvc - ok
20:12:39.0994 3172 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:12:40.0064 3172 wlidsvc - ok
20:12:40.0141 3172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:12:40.0172 3172 WmiAcpi - ok
20:12:40.0201 3172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:12:40.0233 3172 wmiApSrv - ok
20:12:40.0338 3172 WMPNetworkSvc - ok
20:12:40.0349 3172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:12:40.0368 3172 WPCSvc - ok
20:12:40.0417 3172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:12:40.0445 3172 WPDBusEnum - ok
20:12:40.0488 3172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:40.0530 3172 ws2ifsl - ok
20:12:40.0534 3172 WSearch - ok
20:12:40.0579 3172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:12:40.0639 3172 WudfPf - ok
20:12:40.0675 3172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:40.0706 3172 WUDFRd - ok
20:12:40.0757 3172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:12:40.0788 3172 wudfsvc - ok
20:12:41.0038 3172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:12:41.0080 3172 WwanSvc - ok
20:12:41.0177 3172 X6va008 - ok
20:12:41.0220 3172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:12:41.0400 3172 \Device\Harddisk0\DR0 - ok
20:12:41.0427 3172 Boot (0x1200) (1fe85b177d911a282d055518303cdb0f) \Device\Harddisk0\DR0\Partition0
20:12:41.0429 3172 \Device\Harddisk0\DR0\Partition0 - ok
20:12:41.0434 3172 Boot (0x1200) (1ada5d0b73a7d7327b5d30da4be5a194) \Device\Harddisk0\DR0\Partition1
20:12:41.0436 3172 \Device\Harddisk0\DR0\Partition1 - ok
20:12:41.0465 3172 Boot (0x1200) (2608c5dbd536a2477fe6e01c82ab6366) \Device\Harddisk0\DR0\Partition2
20:12:41.0468 3172 \Device\Harddisk0\DR0\Partition2 - ok
20:12:41.0468 3172 ============================================================
20:12:41.0468 3172 Scan finished
20:12:41.0468 3172 ============================================================
20:12:41.0491 0448 Detected object count: 5
20:12:41.0491 0448 Actual detected object count: 5
20:12:56.0293 0448 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:12:56.0293 0448 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:12:56.0294 0448 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:56.0294 0448 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:56.0296 0448 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:56.0297 0448 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:56.0299 0448 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:56.0299 0448 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:56.0302 0448 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:56.0302 0448 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.08.2012, 19:39
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 20:54
| #21 |
| |  Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Man danke Firewall funktioniert wieder jetzt noch MSE aber hier erstmal die Logs: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-08-04.02 - Max 04.08.2012 21:25:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2847 [GMT 2:00]
ausgeführt von:: c:\users\Max.Glei¯berg-PC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20101209.txt
c:\programdata\SPL1C36.tmp
c:\programdata\SPL32C2.tmp
c:\programdata\SPL3B1C.tmp
c:\programdata\SPL446E.tmp
c:\programdata\SPL4B80.tmp
c:\programdata\SPL536C.tmp
c:\programdata\SPL5C23.tmp
c:\programdata\SPL5D8A.tmp
c:\programdata\SPL6122.tmp
c:\programdata\SPL67A7.tmp
c:\programdata\SPL68EF.tmp
c:\programdata\SPL6D81.tmp
c:\programdata\SPL702F.tmp
c:\programdata\SPL7119.tmp
c:\programdata\SPL7242.tmp
c:\programdata\SPL734B.tmp
c:\programdata\SPL7389.tmp
c:\programdata\SPL73A8.tmp
c:\programdata\SPL751F.tmp
c:\programdata\SPL754E.tmp
c:\programdata\SPL75CA.tmp
c:\programdata\SPL7628.tmp
c:\programdata\SPL76C4.tmp
c:\programdata\SPL7935.tmp
c:\programdata\SPL7A2E.tmp
c:\programdata\SPL7AAB.tmp
c:\programdata\SPL7AE9.tmp
c:\programdata\SPL7B47.tmp
c:\programdata\SPL7D0B.tmp
c:\programdata\SPL7D97.tmp
c:\programdata\SPL7DB7.tmp
c:\programdata\SPL7FAA.tmp
c:\programdata\SPL80E2.tmp
c:\programdata\SPL820A.tmp
c:\programdata\SPL821A.tmp
c:\programdata\SPL843C.tmp
c:\programdata\SPL85E1.tmp
c:\programdata\SPL8610.tmp
c:\programdata\SPL9117.tmp
c:\programdata\SPL9339.tmp
c:\programdata\SPL9404.tmp
c:\programdata\SPL94BF.tmp
c:\programdata\SPL95D8.tmp
c:\programdata\SPL9684.tmp
c:\programdata\SPL9685.tmp
c:\programdata\SPL9710.tmp
c:\programdata\SPL978D.tmp
c:\programdata\SPL98C5.tmp
c:\programdata\SPL98F4.tmp
c:\programdata\SPL99FD.tmp
c:\programdata\SPL9C0F.tmp
c:\programdata\SPL9C5D.tmp
c:\programdata\SPL9C6D.tmp
c:\programdata\SPLA302.tmp
c:\programdata\SPLA38E.tmp
c:\programdata\SPLA514.tmp
c:\programdata\SPLA7A3.tmp
c:\programdata\SPLA811.tmp
c:\programdata\SPLA9F4.tmp
c:\programdata\SPLAA23.tmp
c:\programdata\SPLAA52.tmp
c:\programdata\SPLADBB.tmp
c:\programdata\SPLAE96.tmp
c:\programdata\SPLB605.tmp
c:\programdata\SPLB8C4.tmp
c:\programdata\SPLBAE5.tmp
c:\programdata\SPLBD65.tmp
c:\programdata\SPLBE8D.tmp
c:\programdata\SPLC0ED.tmp
c:\programdata\SPLC16A.tmp
c:\programdata\SPLC206.tmp
c:\programdata\SPLC2D1.tmp
c:\programdata\SPLC2E1.tmp
c:\programdata\SPLC522.tmp
c:\programdata\SPLC65A.tmp
c:\programdata\SPLCDB9.tmp
c:\programdata\SPLD603.tmp
c:\programdata\SPLD854.tmp
c:\programdata\SPLD96D.tmp
c:\programdata\SPLDB61.tmp
c:\programdata\SPLE1A7.tmp
c:\programdata\SPLE2CF.tmp
c:\programdata\SPLE780.tmp
c:\users\Gleißberg\AppData\Roaming\PriceGong
c:\users\Gleißberg\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Max.Gleißberg-PC\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-04 bis 2012-08-04 ))))))))))))))))))))))))))))))
.
.
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Sabine\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Ronny\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\MAX~1~GLE\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Gleißberg\AppData\Local\temp
2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 12:00 . 2012-08-04 12:00 -------- d-----w- C:\_OTL
2012-07-30 19:04 . 2012-07-30 19:04 -------- d-----w- c:\program files (x86)\ESET
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\Malwarebytes
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 19:46 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 19:46 . 2012-07-28 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-27 21:27 . 2012-07-27 21:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 21:18 . 2012-04-14 09:29 2620960 ----a-w- c:\windows\SysWow64\Orbital_Sunset_3D_Screensaver.scr
2012-07-27 21:10 . 2011-11-17 15:07 2646560 ----a-w- c:\windows\SysWow64\Autumn_Forest_3D_Screensaver.scr
2012-07-27 20:59 . 2011-09-01 19:07 2450456 ----a-w- c:\windows\SysWow64\Deep_Space_3D_Screensaver.scr
2012-07-27 20:56 . 2011-11-17 15:24 2468376 ----a-w- c:\windows\SysWow64\Ice_Clock_3D_Screensaver.scr
2012-07-27 10:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A69018-3231-45E2-974F-41EEEAB05768}\mpengine.dll
2012-07-26 12:35 . 2012-07-27 21:31 -------- d-----w- C:\MoTemp
2012-07-26 08:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 11:17 . 2012-07-24 11:20 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\.techniclauncher
2012-07-23 12:57 . 2012-07-23 12:57 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Local\Download Beast
2012-07-23 10:14 . 2012-07-23 10:15 -------- d-----w- C:\Steam Games
2012-07-22 04:19 . 2012-07-22 04:19 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Roaming\fltk.org
2012-07-22 04:19 . 2012-07-22 04:19 -------- d-----w- c:\programdata\fltk.org
2012-07-12 16:05 . 2012-07-12 16:05 -------- d-----w- c:\program files (x86)\GPLGS
2012-07-12 16:05 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2012-07-12 16:04 . 2012-07-12 16:05 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-12 15:06 . 2012-07-12 15:06 -------- d-----w- c:\program files (x86)\Audacity
2012-07-12 01:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:36 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 22:29 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 22:29 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 22:29 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 22:29 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 22:29 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 22:29 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 22:29 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 22:29 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 22:29 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 22:29 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 22:29 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 22:29 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 22:29 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-07 17:23 . 2012-07-07 17:23 -------- d-----w- c:\users\Max.Gleißberg-PC\AppData\Local\Activision
2012-07-07 16:33 . 2012-07-07 16:33 -------- d-----w- c:\program files (x86)\Activision
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 18:24 . 2012-05-28 04:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-02 18:24 . 2011-05-16 17:41 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-02 18:23 . 2010-10-22 09:28 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-02 08:53 . 2012-05-28 04:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-19 16:18 . 2012-03-31 21:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-19 16:18 . 2011-05-15 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:02 . 2010-09-01 17:06 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-01 14:08 . 2012-07-01 14:08 40960 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-06-23 02:29 . 2010-10-22 09:28 2793768 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-06-22 07:52 . 2012-06-22 07:52 376320 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-06-22 07:52 . 2012-06-22 07:52 376320 ----a-r- c:\users\Max.Gleißberg-PC\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-06-02 22:19 . 2012-06-21 18:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:37 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 18:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 18:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-06-17 06:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-17 06:32 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-17 06:32 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-17 06:32 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-17 06:32 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-17 06:32 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-17 06:32 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-17 06:32 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-17 06:32 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-17 06:32 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-17 06:32 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-17 06:32 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-17 06:32 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-17 06:32 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-17 06:32 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-17 06:32 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2010-04-03 20:55 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2010-04-03 20:55 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2010-04-03 20:55 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-04-03 20:55 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2010-04-03 20:55 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-04-03 16:42 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-06-17 06:35 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-04-03 16:42 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-04-03 16:42 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-04-03 16:42 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-04-03 16:42 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-13 06:16 . 2012-05-12 12:33 8107 ----a-w- c:\windows\w7dsd.reg
2012-05-13 06:16 . 2012-05-12 12:33 8089 ----a-w- c:\windows\w7dse.reg
2012-05-12 12:33 . 2012-05-12 12:33 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-12 07:26 . 2012-05-12 07:27 268744 ----a-w- c:\windows\system32\javaws.exe
2012-05-12 07:26 . 2012-05-12 07:26 189384 ----a-w- c:\windows\system32\javaw.exe
2012-05-12 07:26 . 2012-05-12 07:26 188872 ----a-w- c:\windows\system32\java.exe
2012-05-12 07:26 . 2012-02-06 09:02 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-12 07:26 . 2011-10-30 08:54 839112 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 6E016DDC7D512E0C306472F91B6D618D . 2862592 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2011-02-25 . 6E016DDC7D512E0C306472F91B6D618D . 2862592 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Max.Gleißberg-PC\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ZMatrix.lnk - c:\program files (x86)\ZMatrix\matrix.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MyWebSearch Email Plugin"=c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2011-07-30 45176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-05 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-05-18 625832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-10-31 20:16]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 08:05]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-07-26 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Max.Gleißberg-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Max.Gleißberg-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RocketDock - c:\program files (x86)\RocketDock\RocketDock.exe
Wow6432Node-HKCU-Run-3PlanesoftAnimatedWallpaper - c:\program files (x86)\Ice Clock 3D Screensaver\Ice Clock 3D Screensaver.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Autumn Forest 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Autumn Forest 3D Screensaver\unins000.exe
AddRemove-AVS Update Manager_is1 - c:\program files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-Deep Space 3D Screensaver_is1 - c:\program files (x86)\Deep Space 3D Screensaver\unins000.exe
AddRemove-Hurrican_is1 - c:\program files (x86)\Hurrican\unins000.exe
AddRemove-Ice Clock 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Ice Clock 3D Screensaver\unins000.exe
AddRemove-Orbital Sunset 3D Screensaver and Animated Wallpaper_is1 - c:\program files (x86)\Orbital Sunset 3D Screensaver\unins000.exe
AddRemove-SearchCore for Browsers - c:\program files (x86)\SearchCore for Browsers\uninstall.exe
AddRemove-Searchqu 417 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1 - c:\program files (x86)\Reviversoft\Registry Reviver\unins000.exe
AddRemove-FoxTab PDF Converter - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
AddRemove-Uncompressor - c:\program files (x86)\Uncompressor\Uninstall\Uninstall.exe
AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:de,a5,a9,13,81,29,16,c6,fe,dd,ad,10,4a,89,43,64,a8,e2,77,35,1c,b8,d6,
56,82,11,a1,8b,48,20,8f,15,77,92,9a,e0,e6,6d,e4,86,c8,f7,f6,aa,98,7e,8c,2e,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-3476872522-825892699-1154334834-1003\Software\SecuROM\License information*]
"datasecu"=hex:8f,f2,c0,77,d0,2c,91,0d,55,0f,c5,a0,6c,d8,1c,43,61,6d,54,8a,54,
97,5e,7a,99,83,70,fe,79,02,48,49,1e,7a,8b,a7,09,b3,c5,9d,69,f0,41,73,43,31,\
"rkeysecu"=hex:ea,29,15,8e,dd,6d,31,bd,ff,3a,73,3b,fb,1c,88,0b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04 21:48:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-04 19:48
.
Vor Suchlauf: 41 Verzeichnis(se), 311.143.968.768 Bytes frei
Nach Suchlauf: 45 Verzeichnis(se), 310.972.891.136 Bytes frei
.
- - End Of File - - 5C12EF919D9EEBB9DC99EED15409F352
|
|
05.08.2012, 14:01
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,,Code:
ATTFilter SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 15:51
| #23 |
| | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, AVG nur als Link-Scanner Und MSE halt als ,,richtiger,, Schutz |
|
05.08.2012, 16:44
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Sry das halt ich für unsinnig! Zwei Virenscanner egal wie sie konfiguriert sind können sich immer die Quere kommen! Max. Malwarebytes kann man zu einem installierten Virenscanner benutzen. (die anderen Scanner die ich hier in der Bereinigung/Analyse verwende kommen den anderen auch nichts ins Gehege)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 17:06
| #25 |
| | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Also AVG löschen ? |
|
05.08.2012, 17:31
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Was du behalten willst sei dir überlassen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 22:45
| #27 |
| | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Joa nur wie bekomme ich MSE jetzt noch zum laufen ? steht immer noch: Der Security Essentials Dienst konnte nicht gestartet werden. Der angegebene Dienst ist kein installierter Dienst. Klicken sie auf 'Hilfe', um weitere Informationen zu diesem Problem zu erhalten. Fehlercode: 0x80070424 |
|
06.08.2012, 15:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Kannst du nicht einfach mal beide deinstallieren, neu starten und dann sauber neu einen wieder installieren?  Aber installier erst einen wenn wir durch sind, erst mal beide deinstallieren und nein, es ist nicht gefährlich wenn wir hier für die restliche Zeit der Bereinigung auf einen VS verzichen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2012, 17:47
| #29 |
| | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Ok habe beide Deinstalliert... Mir ist aufgefallen das mein Autorun nicht mehr geht bzw. gar nicht mehr auf meinem PC vorhanden ist  Nun gut wie geht es jetzt weiter ? |
|
09.08.2012, 13:27
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, Was will man mit diesem bekloppten Autorun  Das Teil ist eine fette Sicherheitslücke!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Firewall und MSE lassen sich nicht mehr aktivieren Fehlercode: ,,0x80070424,, |
| 00000008.@, 0x8007042, 0x80070424, administrator, agent, anti-malware, autostart, browser, dateien, dll, explorer, firewall, gelöscht, google, helper, icons, install.exe, löschen, malwarebytes, microsoftsecurityessentials, monitor, mwsoestb.dll, office, problem, rundll, searchscopes, security, software, system32, trojan.agent, trojan.vundo, trojaner-board, user agent |
Linear-Darstellung
