Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2012, 17:36   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Ist das rein zufällig ein Büro- bzw. hauptsächlich gewerblich genutzer PC?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.08.2012, 10:15   #17
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hallo,

Büro bezeichnet nur den Standort, also rein privat!
Hatte früher mal Vermietung und home-Office und immer schon PC's und die stehen halt jetzt im "Büro"

Jonny
__________________


Alt 18.08.2012, 13:41   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Und was ist das für ein Plattenzirkus was du da in deinem Rechner hast von Laufwerk C bis Y
Oder sind die meisten davon Netzwerlaufwerke, die auch nicht in dieser Anzahl besonders typisch sind für reine Heimanwender?

Zitat:
64bit- Professional Service Pack 1
Professional Editiion als Heimanwender ist nicht gerade üblich - war das früher mal dein Arbeitsrechner, also nicht privat?
__________________
__________________

Alt 18.08.2012, 14:11   #19
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hallo,
mal ganz vorsichtig gefragt:
ist Deine Anfrage wesentlich für die Bereinigung des Systems?

Aber, ich habe keine Geheimnisse, hier die Verwendung der LW's:

C:\ = Systempartition WIN7
D:\ = Datenpartition WIN7
E:\ = Musikpartition WIN7
F:\ = Grafik- bzw Fotopartition WIN7
G:\ = DVD-LW
I - L = Kartenslots
N:\ = Netzlaufwerk (meins)
O:\ = Netzlaufwerk (meiner Frau)
P:\ = Netzlaufwerk (meiner Tochter)
R:\ = Systempartition VISTA auf zweiter Platte (dort C:\)
S:\ = Sicherungspartition für WIN7 Systemsicherung auf zweiter Platte (dort D:\)
T:\ = Netzlaufwerk (AktivityMediaCenter) Fotos, verbunden mit HUMAX
U:\ = Netzlaufwerk (AktivityMediaCenter) Musik, verbunden mit HUMAX
V:\ = Netzlaufwerk (AktivityMediaCenter) Videoas, verbunden mit HUMAX
X:\ = externe Festplatte, Video-Vearbeitungspartition
Y:\ = externe Festplasse, Sicherungspartition für Netzlaufwerke N, O, P, T, U und V

Das mag evtl. wie ein Zirkus aussehen, hat aber m.E. durchaus System.
Da die Rechner meiner Frau und meiner Tochter lokal nicht gesichert werden, arbeiten sie jeweils nur auf den Netzlaufwerken.

Nochmals, wir sind nicht gewerblich, sondern eben nur ein Haushalt mit mehreren PC's und ich lege halt nun mal wert auf korekte Sicherung unserer Daten, da mir schon zweimal Festplatten abgeraucht sind!

Zu Deier Frage hinsichtlich 64 Bit:
Der Sohn meiner Frau war bis 2011 bei Fujitsu beschäftigt und hatte offiziellen Zugang zu mehreren WIN7 Lizenzen.
Warum sollte ich da bei meinem Rechner nicht die 64 Bit Version einsetzen?

Ich hoffe Deine Fragen ausreichend beantwortet zu haben.

LG Jonny

Alt 18.08.2012, 14:29   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Danke - ich muss einfach Sachen auf den Grund gehen wenn sie mir komisch vorkommen, Büro-PCs werden nämlich idR nicht bereinigt


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1876380478-2552088986-1969383942-1003\..\SearchScopes\{196C1E5A-D5BA-47F8-BF8F-5E81F6C67A99}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AA9&apn_dtid=^YYYYYY^YY^US&apn_uid=DAA7821A-9D02-4DDB-8F6A-4546A57E7680&apn_sauid=5E635920-C329-42C5-A81C-754FD59B7C86
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1003..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02  [binary data]
O7 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02  [binary data]
O7 - HKU\S-1-5-21-1876380478-2552088986-1969383942-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.12 20:09:32 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - R:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C7D0F96D
:Files
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache
D:\Programme_sicherung\Netz-Tools\Netzmanager\SoftonicDownloader_fuer_netzmanager.exe
C:\Users\Jonny\AppData\Roaming\kock
C:\Users\Jonny\AppData\Roaming\UAs
C:\Users\Jonny\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.08.2012, 12:36   #21
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hi,
sorry, wusste ich nicht, dass nur private Rechner bereinigt, verstehe ich natütrlich!

Hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1003\Software\Microsoft\Internet Explorer\SearchScopes\{196C1E5A-D5BA-47F8-BF8F-5E81F6C67A99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{196C1E5A-D5BA-47F8-BF8F-5E81F6C67A99}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1876380478-2552088986-1969383942-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
R:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:C7D0F96D deleted successfully.
========== FILES ==========
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\users\Jonny\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder D:\Programme_sicherung\Netz-Tools\Netzmanager\SoftonicDownloader_fuer_netzmanager.exe not found.
C:\Users\Jonny\AppData\Roaming\kock folder moved successfully.
C:\Users\Jonny\AppData\Roaming\UAs folder moved successfully.
C:\Users\Jonny\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Anneliese
->Temp folder emptied: 130627 bytes
->Temporary Internet Files folder emptied: 27749316 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 979 bytes
 
User: Carolin
->Temp folder emptied: 112612 bytes
->Temporary Internet Files folder emptied: 144991794 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1674 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Jonny
->Temp folder emptied: 24552601 bytes
->Temporary Internet Files folder emptied: 3911301933 bytes
->Flash cache emptied: 144158 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 1871354 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2380838 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.923,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: Anneliese
->Flash cache emptied: 0 bytes
 
User: Carolin
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Jonny
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.57.0 log created on 08192012_132515

Files\Folders moved on Reboot...
C:\Users\Jonny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Jonny\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
LG Jonny

Alt 20.08.2012, 17:12   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.08.2012, 12:07   #23
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hi,
hier TDSSKilleer:

Code:
ATTFilter
12:58:17.0453 3020  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
12:58:17.0640 3020  ============================================================
12:58:17.0640 3020  Current date / time: 2012/08/21 12:58:17.0640
12:58:17.0640 3020  SystemInfo:
12:58:17.0640 3020  
12:58:17.0640 3020  OS Version: 6.1.7601 ServicePack: 1.0
12:58:17.0640 3020  Product type: Workstation
12:58:17.0640 3020  ComputerName: JONNY-BUERO-7
12:58:17.0640 3020  UserName: Jonny
12:58:17.0640 3020  Windows directory: C:\Windows
12:58:17.0640 3020  System windows directory: C:\Windows
12:58:17.0640 3020  Running under WOW64
12:58:17.0640 3020  Processor architecture: Intel x64
12:58:17.0640 3020  Number of processors: 4
12:58:17.0640 3020  Page size: 0x1000
12:58:17.0640 3020  Boot type: Normal boot
12:58:17.0640 3020  ============================================================
12:58:22.0788 3020  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:22.0788 3020  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:22.0804 3020  Drive \Device\Harddisk6\DR6 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:58:22.0819 3020  ============================================================
12:58:22.0819 3020  \Device\Harddisk0\DR0:
12:58:22.0819 3020  MBR partitions:
12:58:22.0819 3020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
12:58:22.0819 3020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD000
12:58:22.0819 3020  \Device\Harddisk1\DR1:
12:58:22.0819 3020  MBR partitions:
12:58:22.0819 3020  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E64C000
12:58:22.0819 3020  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1E64C800, BlocksNum 0x88B8000
12:58:22.0819 3020  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x26F04800, BlocksNum 0x61A8000
12:58:22.0850 3020  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2D0AD000, BlocksNum 0xD2D8800
12:58:22.0850 3020  \Device\Harddisk6\DR6:
12:58:22.0850 3020  MBR partitions:
12:58:22.0850 3020  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38B08FC8
12:58:22.0850 3020  \Device\Harddisk6\DR6\Partition2: MBR, Type 0x7, StartLBA 0x38B0D248, BlocksNum 0x75F795B8
12:58:22.0850 3020  ============================================================
12:58:22.0882 3020  C: <-> \Device\Harddisk1\DR1\Partition1
12:58:22.0897 3020  X: <-> \Device\Harddisk6\DR6\Partition1
12:58:22.0928 3020  S: <-> \Device\Harddisk0\DR0\Partition2
12:58:22.0960 3020  E: <-> \Device\Harddisk1\DR1\Partition3
12:58:22.0991 3020  F: <-> \Device\Harddisk1\DR1\Partition4
12:58:23.0006 3020  R: <-> \Device\Harddisk0\DR0\Partition1
12:58:23.0038 3020  D: <-> \Device\Harddisk1\DR1\Partition2
12:58:23.0069 3020  Y: <-> \Device\Harddisk6\DR6\Partition2
12:58:23.0069 3020  ============================================================
12:58:23.0069 3020  Initialize success
12:58:23.0069 3020  ============================================================
12:59:27.0965 1292  ============================================================
12:59:27.0965 1292  Scan started
12:59:27.0965 1292  Mode: Manual; SigCheck; TDLFS; 
12:59:27.0965 1292  ============================================================
12:59:29.0228 1292  ================ Scan services =============================
12:59:29.0322 1292  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:59:29.0400 1292  1394ohci - ok
12:59:29.0431 1292  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:59:29.0447 1292  ACPI - ok
12:59:29.0462 1292  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:59:29.0509 1292  AcpiPmi - ok
12:59:29.0572 1292  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:59:29.0587 1292  AdobeARMservice - ok
12:59:29.0650 1292  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:59:29.0665 1292  AdobeFlashPlayerUpdateSvc - ok
12:59:29.0681 1292  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:59:29.0712 1292  adp94xx - ok
12:59:29.0728 1292  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:59:29.0743 1292  adpahci - ok
12:59:29.0759 1292  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:59:29.0774 1292  adpu320 - ok
12:59:29.0790 1292  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:59:29.0915 1292  AeLookupSvc - ok
12:59:29.0962 1292  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:59:30.0024 1292  AFD - ok
12:59:30.0040 1292  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:59:30.0055 1292  agp440 - ok
12:59:30.0071 1292  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:59:30.0118 1292  ALG - ok
12:59:30.0133 1292  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:59:30.0149 1292  aliide - ok
12:59:30.0149 1292  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:59:30.0164 1292  amdide - ok
12:59:30.0180 1292  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:59:30.0211 1292  AmdK8 - ok
12:59:30.0227 1292  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:59:30.0242 1292  AmdPPM - ok
12:59:30.0274 1292  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:59:30.0289 1292  amdsata - ok
12:59:30.0320 1292  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:59:30.0336 1292  amdsbs - ok
12:59:30.0352 1292  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:59:30.0367 1292  amdxata - ok
12:59:30.0414 1292  [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
12:59:30.0430 1292  AntiVirMailService - ok
12:59:30.0461 1292  [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:59:30.0461 1292  AntiVirSchedulerService - ok
12:59:30.0492 1292  [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:59:30.0492 1292  AntiVirService - ok
12:59:30.0523 1292  [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:59:30.0539 1292  AntiVirWebService - ok
12:59:30.0554 1292  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:59:30.0632 1292  AppID - ok
12:59:30.0664 1292  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:59:30.0710 1292  AppIDSvc - ok
12:59:30.0710 1292  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:59:30.0773 1292  Appinfo - ok
12:59:30.0788 1292  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:59:30.0835 1292  AppMgmt - ok
12:59:30.0851 1292  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:59:30.0866 1292  arc - ok
12:59:30.0882 1292  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:59:30.0898 1292  arcsas - ok
12:59:30.0976 1292  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:59:30.0991 1292  aspnet_state - ok
12:59:31.0007 1292  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:31.0069 1292  AsyncMac - ok
12:59:31.0069 1292  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:59:31.0085 1292  atapi - ok
12:59:31.0116 1292  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:59:31.0178 1292  AudioEndpointBuilder - ok
12:59:31.0194 1292  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:59:31.0225 1292  AudioSrv - ok
12:59:31.0241 1292  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:59:31.0288 1292  avgntflt - ok
12:59:31.0303 1292  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:59:31.0303 1292  avipbb - ok
12:59:31.0334 1292  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:59:31.0334 1292  avkmgr - ok
12:59:31.0366 1292  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:59:31.0444 1292  AxInstSV - ok
12:59:31.0475 1292  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:59:31.0506 1292  b06bdrv - ok
12:59:31.0553 1292  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:59:31.0600 1292  b57nd60a - ok
12:59:31.0631 1292  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:59:31.0678 1292  BDESVC - ok
12:59:31.0693 1292  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:59:31.0740 1292  Beep - ok
12:59:31.0771 1292  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:59:31.0834 1292  BFE - ok
12:59:31.0865 1292  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:59:31.0943 1292  BITS - ok
12:59:31.0958 1292  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:59:31.0974 1292  blbdrive - ok
12:59:32.0005 1292  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:59:32.0036 1292  bowser - ok
12:59:32.0052 1292  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:59:32.0083 1292  BrFiltLo - ok
12:59:32.0083 1292  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:59:32.0099 1292  BrFiltUp - ok
12:59:32.0130 1292  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:59:32.0161 1292  Browser - ok
12:59:32.0177 1292  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:59:32.0224 1292  Brserid - ok
12:59:32.0239 1292  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:59:32.0255 1292  BrSerWdm - ok
12:59:32.0270 1292  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:59:32.0286 1292  BrUsbMdm - ok
12:59:32.0302 1292  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:59:32.0302 1292  BrUsbSer - ok
12:59:32.0333 1292  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:59:32.0380 1292  BthEnum - ok
12:59:32.0380 1292  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:59:32.0411 1292  BTHMODEM - ok
12:59:32.0426 1292  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:59:32.0458 1292  BthPan - ok
12:59:32.0504 1292  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:59:32.0536 1292  BTHPORT - ok
12:59:32.0551 1292  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:59:32.0598 1292  bthserv - ok
12:59:32.0614 1292  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:59:32.0629 1292  BTHUSB - ok
12:59:32.0645 1292  CdaC15BA - ok
12:59:32.0660 1292  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:59:32.0707 1292  cdfs - ok
12:59:32.0723 1292  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:59:32.0738 1292  cdrom - ok
12:59:32.0754 1292  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:59:32.0801 1292  CertPropSvc - ok
12:59:32.0816 1292  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:59:32.0832 1292  circlass - ok
12:59:32.0863 1292  [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
12:59:32.0879 1292  cjpcsc - ok
12:59:32.0894 1292  [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
12:59:32.0910 1292  cjusb - ok
12:59:32.0941 1292  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:59:32.0957 1292  CLFS - ok
12:59:32.0988 1292  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:33.0004 1292  clr_optimization_v2.0.50727_32 - ok
12:59:33.0035 1292  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:59:33.0050 1292  clr_optimization_v2.0.50727_64 - ok
12:59:33.0082 1292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:33.0175 1292  clr_optimization_v4.0.30319_32 - ok
12:59:33.0191 1292  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:59:33.0222 1292  clr_optimization_v4.0.30319_64 - ok
12:59:33.0238 1292  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:59:33.0253 1292  CmBatt - ok
12:59:33.0269 1292  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:59:33.0284 1292  cmdide - ok
12:59:33.0300 1292  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:59:33.0362 1292  CNG - ok
12:59:33.0378 1292  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:59:33.0378 1292  Compbatt - ok
12:59:33.0394 1292  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:59:33.0425 1292  CompositeBus - ok
12:59:33.0425 1292  COMSysApp - ok
12:59:33.0440 1292  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:59:33.0456 1292  crcdisk - ok
12:59:33.0472 1292  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:59:33.0581 1292  CryptSvc - ok
12:59:33.0628 1292  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:59:33.0690 1292  CSC - ok
12:59:33.0721 1292  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:59:33.0752 1292  CscService - ok
12:59:33.0784 1292  [ B18AB4F8F194E9F0E35D3AF5AF578D14 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:59:33.0830 1292  CtClsFlt - ok
12:59:33.0846 1292  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:59:33.0893 1292  DcomLaunch - ok
12:59:33.0924 1292  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:59:33.0971 1292  defragsvc - ok
12:59:33.0986 1292  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:59:34.0033 1292  DfsC - ok
12:59:34.0049 1292  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:59:34.0111 1292  Dhcp - ok
12:59:34.0111 1292  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:59:34.0158 1292  discache - ok
12:59:34.0174 1292  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:59:34.0189 1292  Disk - ok
12:59:34.0220 1292  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:59:34.0267 1292  dmvsc - ok
12:59:34.0283 1292  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:59:34.0330 1292  Dnscache - ok
12:59:34.0345 1292  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:59:34.0392 1292  dot3svc - ok
12:59:34.0408 1292  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:59:34.0454 1292  DPS - ok
12:59:34.0454 1292  DRHARD - ok
12:59:34.0470 1292  [ 2A53AA388EB00FB6C57D43DBFE89C972 ] DRHARD64        C:\Windows\system32\drivers\DRHARD64.sys
12:59:34.0486 1292  DRHARD64 - ok
12:59:34.0517 1292  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:59:34.0532 1292  drmkaud - ok
12:59:34.0548 1292  [ D52EEB224DF107AAD9059597F0EB95CC ] DslMNLwf        C:\Windows\system32\DRIVERS\dslmnlwf.sys
12:59:34.0564 1292  DslMNLwf - ok
12:59:34.0595 1292  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:59:34.0626 1292  DXGKrnl - ok
12:59:34.0657 1292  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:59:34.0704 1292  EapHost - ok
12:59:34.0766 1292  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:59:34.0829 1292  ebdrv - ok
12:59:34.0860 1292  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:59:34.0891 1292  EFS - ok
12:59:34.0938 1292  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:59:35.0000 1292  ehRecvr - ok
12:59:35.0000 1292  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:59:35.0016 1292  ehSched - ok
12:59:35.0047 1292  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:59:35.0063 1292  elxstor - ok
12:59:35.0078 1292  [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv        C:\Windows\system32\epmntdrv.sys
12:59:35.0094 1292  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:59:35.0094 1292  epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:59:35.0110 1292  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:59:35.0141 1292  ErrDev - ok
12:59:35.0156 1292  [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
12:59:35.0172 1292  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:59:35.0172 1292  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:59:35.0203 1292  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:59:35.0266 1292  EventSystem - ok
12:59:35.0281 1292  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:59:35.0312 1292  exfat - ok
12:59:35.0344 1292  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:59:35.0375 1292  fastfat - ok
12:59:35.0406 1292  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:59:35.0468 1292  Fax - ok
12:59:35.0500 1292  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:59:35.0515 1292  fdc - ok
12:59:35.0531 1292  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:59:35.0578 1292  fdPHost - ok
12:59:35.0593 1292  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:59:35.0640 1292  FDResPub - ok
12:59:35.0656 1292  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:59:35.0671 1292  FileInfo - ok
12:59:35.0671 1292  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:59:35.0718 1292  Filetrace - ok
12:59:35.0734 1292  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:59:35.0749 1292  flpydisk - ok
12:59:35.0765 1292  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:59:35.0780 1292  FltMgr - ok
12:59:35.0827 1292  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:59:35.0858 1292  FontCache - ok
12:59:35.0905 1292  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:59:35.0921 1292  FontCache3.0.0.0 - ok
12:59:35.0921 1292  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:59:35.0936 1292  FsDepends - ok
12:59:35.0952 1292  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:59:35.0968 1292  Fs_Rec - ok
12:59:35.0968 1292  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:59:35.0999 1292  fvevol - ok
12:59:36.0014 1292  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:59:36.0030 1292  gagp30kx - ok
12:59:36.0061 1292  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:59:36.0108 1292  gpsvc - ok
12:59:36.0170 1292  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:36.0170 1292  gupdate - ok
12:59:36.0186 1292  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:36.0186 1292  gupdatem - ok
12:59:36.0202 1292  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:59:36.0217 1292  gusvc - ok
12:59:36.0233 1292  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:59:36.0264 1292  hcw85cir - ok
12:59:36.0280 1292  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:59:36.0311 1292  HdAudAddService - ok
12:59:36.0326 1292  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:59:36.0342 1292  HDAudBus - ok
12:59:36.0358 1292  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:59:36.0373 1292  HidBatt - ok
12:59:36.0389 1292  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:59:36.0420 1292  HidBth - ok
12:59:36.0451 1292  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:59:36.0467 1292  HidIr - ok
12:59:36.0482 1292  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:59:36.0514 1292  hidserv - ok
12:59:36.0529 1292  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:59:36.0545 1292  HidUsb - ok
12:59:36.0576 1292  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:59:36.0623 1292  hkmsvc - ok
12:59:36.0638 1292  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:59:36.0670 1292  HomeGroupListener - ok
12:59:36.0701 1292  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:59:36.0732 1292  HomeGroupProvider - ok
12:59:36.0732 1292  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:59:36.0748 1292  HpSAMD - ok
12:59:36.0779 1292  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:59:36.0826 1292  HTTP - ok
12:59:36.0841 1292  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:59:36.0857 1292  hwpolicy - ok
12:59:36.0872 1292  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:59:36.0888 1292  i8042prt - ok
12:59:36.0919 1292  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:59:36.0935 1292  iaStorV - ok
12:59:36.0982 1292  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:59:36.0997 1292  idsvc - ok
12:59:37.0013 1292  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:59:37.0028 1292  iirsp - ok
12:59:37.0075 1292  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:59:37.0138 1292  IKEEXT - ok
12:59:37.0216 1292  [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:59:37.0325 1292  IntcAzAudAddService - ok
12:59:37.0340 1292  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:59:37.0356 1292  intelide - ok
12:59:37.0372 1292  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:59:37.0403 1292  intelppm - ok
12:59:37.0418 1292  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:59:37.0465 1292  IPBusEnum - ok
12:59:37.0512 1292  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:37.0559 1292  IpFilterDriver - ok
12:59:37.0637 1292  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:59:37.0699 1292  iphlpsvc - ok
12:59:37.0715 1292  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:59:37.0715 1292  IPMIDRV - ok
12:59:37.0730 1292  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:59:37.0793 1292  IPNAT - ok
12:59:37.0793 1292  [ 05360B1EA5A2ABF620D1D96EBD8BD8F1 ] irda            C:\Windows\system32\DRIVERS\irda.sys
12:59:37.0824 1292  irda - ok
12:59:37.0840 1292  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:59:37.0855 1292  IRENUM - ok
12:59:37.0871 1292  [ 3848384AB383F0A8F506C4370635C1F9 ] Irmon           C:\Windows\System32\irmon.dll
12:59:37.0886 1292  Irmon - ok
12:59:37.0902 1292  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:59:37.0918 1292  isapnp - ok
12:59:37.0933 1292  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:59:37.0964 1292  iScsiPrt - ok
12:59:37.0980 1292  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:59:37.0980 1292  kbdclass - ok
12:59:38.0011 1292  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:59:38.0027 1292  kbdhid - ok
12:59:38.0042 1292  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:59:38.0058 1292  KeyIso - ok
12:59:38.0089 1292  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:59:38.0089 1292  KSecDD - ok
12:59:38.0105 1292  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:59:38.0120 1292  KSecPkg - ok
12:59:38.0136 1292  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:59:38.0167 1292  ksthunk - ok
12:59:38.0198 1292  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:59:38.0245 1292  KtmRm - ok
12:59:38.0276 1292  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:59:38.0323 1292  LanmanServer - ok
12:59:38.0339 1292  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:59:38.0386 1292  LanmanWorkstation - ok
12:59:38.0401 1292  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:59:38.0432 1292  lltdio - ok
12:59:38.0464 1292  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:59:38.0526 1292  lltdsvc - ok
12:59:38.0526 1292  lmab_device - ok
12:59:38.0542 1292  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:59:38.0588 1292  lmhosts - ok
12:59:38.0620 1292  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:59:38.0620 1292  LSI_FC - ok
12:59:38.0651 1292  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:59:38.0651 1292  LSI_SAS - ok
12:59:38.0666 1292  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:59:38.0682 1292  LSI_SAS2 - ok
12:59:38.0698 1292  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:59:38.0713 1292  LSI_SCSI - ok
12:59:38.0729 1292  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:59:38.0776 1292  luafv - ok
12:59:38.0807 1292  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:59:38.0822 1292  MBAMProtector - ok
12:59:38.0869 1292  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:59:38.0900 1292  MBAMService - ok
12:59:38.0916 1292  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:59:38.0947 1292  Mcx2Svc - ok
12:59:38.0963 1292  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:59:38.0978 1292  megasas - ok
12:59:38.0994 1292  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:59:39.0010 1292  MegaSR - ok
12:59:39.0025 1292  [ 8D0E52F36A153D099DE7D5A1E233FAC7 ] mf              C:\Windows\system32\DRIVERS\mf.sys
12:59:39.0056 1292  mf - ok
12:59:39.0103 1292  Microsoft SharePoint Workspace Audit Service - ok
12:59:39.0119 1292  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:59:39.0166 1292  MMCSS - ok
12:59:39.0181 1292  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:59:39.0228 1292  Modem - ok
12:59:39.0244 1292  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:59:39.0259 1292  monitor - ok
12:59:39.0275 1292  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:59:39.0290 1292  mouclass - ok
12:59:39.0322 1292  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:59:39.0337 1292  mouhid - ok
12:59:39.0353 1292  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:59:39.0368 1292  mountmgr - ok
12:59:39.0384 1292  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:59:39.0400 1292  mpio - ok
12:59:39.0415 1292  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:59:39.0446 1292  mpsdrv - ok
12:59:39.0478 1292  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:59:39.0524 1292  MpsSvc - ok
12:59:39.0556 1292  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:59:39.0587 1292  MRxDAV - ok
12:59:39.0602 1292  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:39.0634 1292  mrxsmb - ok
12:59:39.0649 1292  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:39.0680 1292  mrxsmb10 - ok
12:59:39.0696 1292  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:39.0712 1292  mrxsmb20 - ok
12:59:39.0712 1292  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:59:39.0727 1292  msahci - ok
12:59:39.0743 1292  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:59:39.0743 1292  msdsm - ok
12:59:39.0774 1292  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:59:39.0805 1292  MSDTC - ok
12:59:39.0821 1292  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:59:39.0852 1292  Msfs - ok
12:59:39.0868 1292  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:59:39.0914 1292  mshidkmdf - ok
12:59:39.0914 1292  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:59:39.0930 1292  msisadrv - ok
12:59:39.0961 1292  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:59:40.0008 1292  MSiSCSI - ok
12:59:40.0008 1292  msiserver - ok
12:59:40.0024 1292  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:59:40.0070 1292  MSKSSRV - ok
12:59:40.0086 1292  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:40.0117 1292  MSPCLOCK - ok
12:59:40.0117 1292  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:59:40.0164 1292  MSPQM - ok
12:59:40.0195 1292  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:59:40.0211 1292  MsRPC - ok
12:59:40.0242 1292  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:59:40.0242 1292  mssmbios - ok
12:59:40.0258 1292  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:59:40.0304 1292  MSTEE - ok
12:59:40.0304 1292  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:59:40.0336 1292  MTConfig - ok
12:59:40.0351 1292  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:59:40.0367 1292  Mup - ok
12:59:40.0382 1292  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:59:40.0445 1292  napagent - ok
12:59:40.0460 1292  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:59:40.0492 1292  NativeWifiP - ok
12:59:40.0538 1292  [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
12:59:40.0554 1292  NAUpdate - ok
12:59:40.0585 1292  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:59:40.0616 1292  NDIS - ok
12:59:40.0632 1292  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:59:40.0679 1292  NdisCap - ok
12:59:40.0679 1292  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:40.0710 1292  NdisTapi - ok
12:59:40.0726 1292  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:40.0772 1292  Ndisuio - ok
12:59:40.0788 1292  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:40.0835 1292  NdisWan - ok
12:59:40.0850 1292  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:59:40.0897 1292  NDProxy - ok
12:59:40.0913 1292  [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:59:40.0928 1292  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:59:40.0928 1292  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:59:40.0928 1292  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:59:40.0975 1292  NetBIOS - ok
12:59:41.0006 1292  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:59:41.0038 1292  NetBT - ok
12:59:41.0053 1292  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:59:41.0053 1292  Netlogon - ok
12:59:41.0084 1292  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:59:41.0131 1292  Netman - ok
12:59:41.0162 1292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:41.0178 1292  NetMsmqActivator - ok
12:59:41.0178 1292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:41.0194 1292  NetPipeActivator - ok
12:59:41.0209 1292  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:59:41.0256 1292  netprofm - ok
12:59:41.0272 1292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:41.0272 1292  NetTcpActivator - ok
12:59:41.0287 1292  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:41.0287 1292  NetTcpPortSharing - ok
12:59:41.0381 1292  [ 70B5B4E69A07895DF30291CAB6ABDA54 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:59:41.0428 1292  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:59:41.0428 1292  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:59:41.0443 1292  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:59:41.0459 1292  nfrd960 - ok
12:59:41.0474 1292  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:59:41.0537 1292  NlaSvc - ok
12:59:41.0552 1292  [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar           C:\Windows\system32\DRIVERS\NmPar.sys
12:59:41.0568 1292  NmPar - ok
12:59:41.0599 1292  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
12:59:41.0646 1292  nmwcd - ok
12:59:41.0662 1292  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
12:59:41.0708 1292  nmwcdc - ok
12:59:41.0724 1292  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:59:41.0755 1292  Npfs - ok
12:59:41.0771 1292  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:59:41.0818 1292  nsi - ok
12:59:41.0833 1292  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:59:41.0880 1292  nsiproxy - ok
12:59:41.0927 1292  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:59:41.0974 1292  Ntfs - ok
12:59:42.0005 1292  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:59:42.0052 1292  Null - ok
12:59:42.0083 1292  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
12:59:42.0114 1292  NVENETFD - ok
12:59:42.0348 1292  [ 623D0264E44F88152EEF6C98FF9B8013 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:59:42.0707 1292  nvlddmkm - ok
12:59:42.0754 1292  [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
12:59:42.0769 1292  NVNET - ok
12:59:42.0785 1292  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:59:42.0800 1292  nvraid - ok
12:59:42.0832 1292  [ 61A59FB62864EB3F32D24985A505CE03 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
12:59:42.0832 1292  nvsmu - ok
12:59:42.0863 1292  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:59:42.0878 1292  nvstor - ok
12:59:42.0925 1292  [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:59:42.0972 1292  nvsvc - ok
12:59:43.0019 1292  [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:59:43.0081 1292  nvUpdatusService - ok
12:59:43.0097 1292  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:59:43.0112 1292  nv_agp - ok
12:59:43.0128 1292  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:59:43.0159 1292  ohci1394 - ok
12:59:43.0190 1292  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:43.0206 1292  ose64 - ok
12:59:43.0300 1292  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:59:43.0393 1292  osppsvc - ok
12:59:43.0409 1292  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:59:43.0456 1292  p2pimsvc - ok
12:59:43.0487 1292  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:59:43.0502 1292  p2psvc - ok
12:59:43.0534 1292  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:59:43.0549 1292  Parport - ok
12:59:43.0580 1292  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:59:43.0596 1292  partmgr - ok
12:59:43.0612 1292  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:59:43.0627 1292  PcaSvc - ok
12:59:43.0658 1292  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:59:43.0690 1292  pccsmcfd - ok
12:59:43.0705 1292  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:59:43.0705 1292  pci - ok
12:59:43.0721 1292  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:59:43.0736 1292  pciide - ok
12:59:43.0752 1292  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:59:43.0768 1292  pcmcia - ok
12:59:43.0768 1292  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:59:43.0783 1292  pcw - ok
12:59:43.0799 1292  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:59:43.0861 1292  PEAUTH - ok
12:59:43.0892 1292  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:59:43.0939 1292  PeerDistSvc - ok
12:59:44.0002 1292  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:59:44.0017 1292  PerfHost - ok
12:59:44.0080 1292  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:59:44.0142 1292  pla - ok
12:59:44.0189 1292  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:59:44.0251 1292  PlugPlay - ok
12:59:44.0267 1292  [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:59:44.0282 1292  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:59:44.0282 1292  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:59:44.0298 1292  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:59:44.0314 1292  PNRPAutoReg - ok
12:59:44.0345 1292  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:59:44.0360 1292  PNRPsvc - ok
12:59:44.0376 1292  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:59:44.0438 1292  PolicyAgent - ok
12:59:44.0454 1292  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:59:44.0501 1292  Power - ok
12:59:44.0548 1292  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:59:44.0579 1292  PptpMiniport - ok
12:59:44.0594 1292  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:59:44.0626 1292  Processor - ok
12:59:44.0641 1292  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:59:44.0672 1292  ProfSvc - ok
12:59:44.0704 1292  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:59:44.0704 1292  ProtectedStorage - ok
12:59:44.0735 1292  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:59:44.0782 1292  Psched - ok
12:59:44.0813 1292  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:59:44.0860 1292  ql2300 - ok
12:59:44.0875 1292  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:59:44.0891 1292  ql40xx - ok
12:59:44.0922 1292  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:59:44.0938 1292  QWAVE - ok
12:59:44.0969 1292  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:59:44.0984 1292  QWAVEdrv - ok
12:59:45.0000 1292  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:59:45.0031 1292  RasAcd - ok
12:59:45.0047 1292  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:59:45.0094 1292  RasAgileVpn - ok
12:59:45.0109 1292  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:59:45.0156 1292  RasAuto - ok
12:59:45.0172 1292  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:45.0218 1292  Rasl2tp - ok
12:59:45.0234 1292  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:59:45.0281 1292  RasMan - ok
12:59:45.0296 1292  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:45.0343 1292  RasPppoe - ok
12:59:45.0359 1292  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:59:45.0390 1292  RasSstp - ok
12:59:45.0421 1292  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:59:45.0452 1292  rdbss - ok
12:59:45.0468 1292  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:59:45.0499 1292  rdpbus - ok
12:59:45.0515 1292  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:45.0546 1292  RDPCDD - ok
12:59:45.0577 1292  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:59:45.0608 1292  RDPDR - ok
12:59:45.0624 1292  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:59:45.0671 1292  RDPENCDD - ok
12:59:45.0671 1292  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:59:45.0702 1292  RDPREFMP - ok
12:59:45.0733 1292  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:59:45.0764 1292  RDPWD - ok
12:59:45.0796 1292  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:59:45.0811 1292  rdyboost - ok
12:59:45.0827 1292  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:59:45.0874 1292  RemoteAccess - ok
12:59:45.0889 1292  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:59:45.0936 1292  RemoteRegistry - ok
12:59:45.0967 1292  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:59:45.0998 1292  RFCOMM - ok
12:59:46.0030 1292  [ CF1EEE81FD32238FC51ADCA9F2266B7D ] RLDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\livecamv.sys
12:59:46.0045 1292  RLDesignVirtualAudioCableWdm - ok
12:59:46.0076 1292  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:59:46.0108 1292  RpcEptMapper - ok
12:59:46.0139 1292  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:59:46.0154 1292  RpcLocator - ok
12:59:46.0170 1292  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:59:46.0217 1292  RpcSs - ok
12:59:46.0232 1292  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
12:59:46.0248 1292  RRNetCap - ok
12:59:46.0248 1292  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
12:59:46.0264 1292  RRNetCapMP - ok
12:59:46.0279 1292  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:59:46.0310 1292  rspndr - ok
12:59:46.0342 1292  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:59:46.0357 1292  s3cap - ok
12:59:46.0373 1292  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:59:46.0388 1292  SamSs - ok
12:59:46.0404 1292  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:59:46.0420 1292  sbp2port - ok
12:59:46.0451 1292  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:59:46.0482 1292  SCardSvr - ok
12:59:46.0498 1292  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:59:46.0544 1292  scfilter - ok
12:59:46.0576 1292  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:59:46.0638 1292  Schedule - ok
12:59:46.0654 1292  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:59:46.0700 1292  SCPolicySvc - ok
12:59:46.0716 1292  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:59:46.0747 1292  SDRSVC - ok
12:59:46.0778 1292  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:59:46.0825 1292  secdrv - ok
12:59:46.0841 1292  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:59:46.0872 1292  seclogon - ok
12:59:46.0888 1292  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:59:46.0919 1292  SENS - ok
12:59:46.0934 1292  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:59:46.0981 1292  SensrSvc - ok
12:59:46.0997 1292  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:59:47.0012 1292  Serenum - ok
12:59:47.0028 1292  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:59:47.0059 1292  Serial - ok
12:59:47.0075 1292  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:59:47.0090 1292  sermouse - ok
12:59:47.0153 1292  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:59:47.0168 1292  ServiceLayer - ok
12:59:47.0184 1292  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:59:47.0246 1292  SessionEnv - ok
12:59:47.0262 1292  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:59:47.0278 1292  sffdisk - ok
12:59:47.0293 1292  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:59:47.0309 1292  sffp_mmc - ok
12:59:47.0309 1292  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:59:47.0340 1292  sffp_sd - ok
12:59:47.0356 1292  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:59:47.0371 1292  sfloppy - ok
12:59:47.0418 1292  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:59:47.0465 1292  SharedAccess - ok
12:59:47.0496 1292  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:59:47.0543 1292  ShellHWDetection - ok
12:59:47.0558 1292  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:59:47.0558 1292  SiSRaid2 - ok
12:59:47.0574 1292  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:59:47.0590 1292  SiSRaid4 - ok
12:59:47.0683 1292  [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:59:47.0761 1292  Skype C2C Service - ok
12:59:47.0792 1292  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:59:47.0808 1292  SkypeUpdate - ok
12:59:47.0824 1292  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:59:47.0870 1292  Smb - ok
12:59:47.0886 1292  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:59:47.0902 1292  SNMPTRAP - ok
12:59:47.0933 1292  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:59:47.0933 1292  spldr - ok
12:59:47.0964 1292  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:59:48.0011 1292  Spooler - ok
12:59:48.0073 1292  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:59:48.0167 1292  sppsvc - ok
12:59:48.0198 1292  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:59:48.0229 1292  sppuinotify - ok
12:59:48.0260 1292  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:59:48.0307 1292  srv - ok
12:59:48.0323 1292  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:59:48.0338 1292  srv2 - ok
12:59:48.0354 1292  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:59:48.0370 1292  srvnet - ok
12:59:48.0385 1292  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:59:48.0416 1292  SSDPSRV - ok
12:59:48.0448 1292  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:59:48.0479 1292  SstpSvc - ok
12:59:48.0541 1292  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
12:59:48.0557 1292  StarMoney 8.0 OnlineUpdate - ok
12:59:48.0588 1292  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:59:48.0604 1292  stexstor - ok
12:59:48.0619 1292  [ 1A807A037503B285016E61100D04614A ] STIrUsb         C:\Windows\system32\DRIVERS\irstusb.sys
12:59:48.0650 1292  STIrUsb - ok
12:59:48.0682 1292  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:59:48.0728 1292  stisvc - ok
12:59:48.0744 1292  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:59:48.0744 1292  storflt - ok
12:59:48.0775 1292  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
12:59:48.0806 1292  StorSvc - ok
12:59:48.0822 1292  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:59:48.0822 1292  storvsc - ok
12:59:48.0838 1292  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:59:48.0853 1292  swenum - ok
12:59:48.0869 1292  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:59:48.0931 1292  swprv - ok
12:59:48.0978 1292  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:59:49.0025 1292  SysMain - ok
12:59:49.0040 1292  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:59:49.0072 1292  TabletInputService - ok
12:59:49.0087 1292  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:59:49.0134 1292  TapiSrv - ok
12:59:49.0165 1292  [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
12:59:49.0165 1292  tbhsd - ok
12:59:49.0196 1292  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:59:49.0243 1292  TBS - ok
12:59:49.0290 1292  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:59:49.0337 1292  Tcpip - ok
12:59:49.0368 1292  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:59:49.0399 1292  TCPIP6 - ok
12:59:49.0430 1292  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:59:49.0477 1292  tcpipreg - ok
12:59:49.0493 1292  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:59:49.0524 1292  TDPIPE - ok
12:59:49.0555 1292  [ 5A9715FCD237693631CA236E2AB319C2 ] TDslMgrService  C:\Program Files (x86)\T-Online\DSL-Manager\DslMgrSvc.exe
12:59:49.0571 1292  TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
12:59:49.0571 1292  TDslMgrService - detected UnsignedFile.Multi.Generic (1)
12:59:49.0586 1292  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:59:49.0618 1292  TDTCP - ok
12:59:49.0649 1292  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:59:49.0680 1292  tdx - ok
12:59:49.0742 1292  [ C314391535B8BBA4238C13D663B07F83 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:59:49.0805 1292  TeamViewer6 - ok
12:59:49.0852 1292  [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
12:59:49.0867 1292  TelekomNM6 - ok
12:59:49.0883 1292  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:59:49.0898 1292  TermDD - ok
12:59:49.0930 1292  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:59:49.0976 1292  TermService - ok
12:59:49.0992 1292  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:59:50.0023 1292  Themes - ok
12:59:50.0039 1292  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:59:50.0070 1292  THREADORDER - ok
12:59:50.0086 1292  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:59:50.0132 1292  TrkWks - ok
12:59:50.0179 1292  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:59:50.0210 1292  TrustedInstaller - ok
12:59:50.0242 1292  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:59:50.0288 1292  tssecsrv - ok
12:59:50.0288 1292  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:59:50.0320 1292  TsUsbFlt - ok
12:59:50.0335 1292  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:59:50.0351 1292  TsUsbGD - ok
12:59:50.0398 1292  [ 41A3F69FBB7CA37A3FC5CD8EF424F199 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
12:59:50.0429 1292  TuneUp.Defrag - ok
12:59:50.0460 1292  [ EBA3ABFFDADA40A2B590ADEF1A24CA24 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
12:59:50.0491 1292  TuneUp.UtilitiesSvc - ok
12:59:50.0507 1292  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
12:59:50.0522 1292  TuneUpUtilitiesDrv - ok
12:59:50.0538 1292  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:59:50.0585 1292  tunnel - ok
12:59:50.0600 1292  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:59:50.0600 1292  uagp35 - ok
12:59:50.0632 1292  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:59:50.0678 1292  udfs - ok
12:59:50.0725 1292  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:59:50.0741 1292  UI0Detect - ok
12:59:50.0756 1292  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:59:50.0772 1292  uliagpkx - ok
12:59:50.0788 1292  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:59:50.0803 1292  umbus - ok
12:59:50.0834 1292  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:59:50.0850 1292  UmPass - ok
12:59:50.0866 1292  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:59:50.0897 1292  UmRdpService - ok
12:59:50.0912 1292  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:59:50.0959 1292  upnphost - ok
12:59:50.0990 1292  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
12:59:51.0022 1292  upperdev - ok
12:59:51.0053 1292  [ C669DE449D5D399037EF9FF77C03C23C ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA64.sys
12:59:51.0084 1292  USB28xxBGA - ok
12:59:51.0115 1292  [ 46C0FB27F28531D9D19573FD97EBCF90 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM64.sys
12:59:51.0131 1292  USB28xxOEM - ok
12:59:51.0178 1292  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:59:51.0193 1292  usbaudio - ok
12:59:51.0224 1292  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:59:51.0256 1292  usbccgp - ok
12:59:51.0271 1292  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:59:51.0287 1292  usbcir - ok
12:59:51.0302 1292  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:59:51.0334 1292  usbehci - ok
12:59:51.0349 1292  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:59:51.0380 1292  usbhub - ok
12:59:51.0396 1292  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:59:51.0427 1292  usbohci - ok
12:59:51.0443 1292  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:59:51.0458 1292  usbprint - ok
12:59:51.0490 1292  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:59:51.0505 1292  usbscan - ok
12:59:51.0521 1292  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
12:59:51.0536 1292  usbser - ok
12:59:51.0552 1292  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
12:59:51.0583 1292  UsbserFilt - ok
12:59:51.0614 1292  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:59:51.0646 1292  USBSTOR - ok
12:59:51.0661 1292  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:59:51.0692 1292  usbuhci - ok
12:59:51.0724 1292  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:59:51.0739 1292  usbvideo - ok
12:59:51.0770 1292  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:59:51.0802 1292  UxSms - ok
12:59:51.0833 1292  [ 9AC0C072FD7EDE138842BEF7DA73B0E6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
12:59:51.0833 1292  UxTuneUp - ok
12:59:51.0880 1292  [ 8242985B0EB906C921075A8635069860 ] V0540Dev        C:\Windows\system32\DRIVERS\V0540Vid.sys
12:59:51.0895 1292  V0540Dev - ok
12:59:51.0911 1292  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:59:51.0926 1292  VaultSvc - ok
12:59:51.0942 1292  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:59:51.0958 1292  vdrvroot - ok
12:59:51.0989 1292  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:59:52.0036 1292  vds - ok
12:59:52.0051 1292  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:59:52.0067 1292  vga - ok
12:59:52.0082 1292  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:59:52.0129 1292  VgaSave - ok
12:59:52.0145 1292  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:59:52.0160 1292  vhdmp - ok
12:59:52.0176 1292  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:59:52.0192 1292  viaide - ok
12:59:52.0223 1292  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:59:52.0238 1292  vmbus - ok
12:59:52.0254 1292  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:59:52.0270 1292  VMBusHID - ok
12:59:52.0270 1292  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:59:52.0285 1292  volmgr - ok
12:59:52.0301 1292  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:59:52.0316 1292  volmgrx - ok
12:59:52.0332 1292  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:59:52.0348 1292  volsnap - ok
12:59:52.0379 1292  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:59:52.0394 1292  vsmraid - ok
12:59:52.0426 1292  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:59:52.0504 1292  VSS - ok
12:59:52.0519 1292  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:59:52.0550 1292  vwifibus - ok
12:59:52.0566 1292  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:59:52.0597 1292  W32Time - ok
12:59:52.0628 1292  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:59:52.0644 1292  WacomPen - ok
12:59:52.0660 1292  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:59:52.0706 1292  WANARP - ok
12:59:52.0722 1292  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:59:52.0753 1292  Wanarpv6 - ok
12:59:52.0800 1292  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:59:52.0862 1292  wbengine - ok
12:59:52.0878 1292  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:59:52.0909 1292  WbioSrvc - ok
12:59:52.0925 1292  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:59:52.0956 1292  wcncsvc - ok
12:59:52.0972 1292  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:59:53.0003 1292  WcsPlugInService - ok
12:59:53.0018 1292  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:59:53.0034 1292  Wd - ok
12:59:53.0065 1292  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:59:53.0081 1292  Wdf01000 - ok
12:59:53.0096 1292  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:59:53.0159 1292  WdiServiceHost - ok
12:59:53.0174 1292  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:59:53.0190 1292  WdiSystemHost - ok
12:59:53.0221 1292  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:59:53.0252 1292  WebClient - ok
12:59:53.0268 1292  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:59:53.0315 1292  Wecsvc - ok
12:59:53.0330 1292  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:59:53.0377 1292  wercplsupport - ok
12:59:53.0393 1292  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:59:53.0440 1292  WerSvc - ok
12:59:53.0455 1292  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:59:53.0486 1292  WfpLwf - ok
12:59:53.0502 1292  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:59:53.0518 1292  WIMMount - ok
12:59:53.0533 1292  WinDefend - ok
12:59:53.0549 1292  WinHttpAutoProxySvc - ok
12:59:53.0596 1292  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:59:53.0642 1292  Winmgmt - ok
12:59:53.0689 1292  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:59:53.0752 1292  WinRM - ok
12:59:53.0783 1292  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:59:53.0814 1292  WinUsb - ok
12:59:53.0845 1292  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:59:53.0892 1292  Wlansvc - ok
12:59:53.0908 1292  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:59:53.0923 1292  WmiAcpi - ok
12:59:53.0954 1292  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:59:53.0970 1292  wmiApSrv - ok
12:59:53.0986 1292  WMPNetworkSvc - ok
12:59:54.0001 1292  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:59:54.0032 1292  WPCSvc - ok
12:59:54.0048 1292  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:59:54.0079 1292  WPDBusEnum - ok
12:59:54.0095 1292  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:59:54.0142 1292  ws2ifsl - ok
12:59:54.0157 1292  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:59:54.0188 1292  wscsvc - ok
12:59:54.0220 1292  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:59:54.0251 1292  WSDPrintDevice - ok
12:59:54.0251 1292  WSearch - ok
12:59:54.0313 1292  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:59:54.0376 1292  wuauserv - ok
12:59:54.0407 1292  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:59:54.0438 1292  WudfPf - ok
12:59:54.0469 1292  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:59:54.0500 1292  WUDFRd - ok
12:59:54.0532 1292  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:59:54.0563 1292  wudfsvc - ok
12:59:54.0594 1292  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:59:54.0625 1292  WwanSvc - ok
12:59:54.0641 1292  ================ Scan global ===============================
12:59:54.0688 1292  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:59:54.0719 1292  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:59:54.0734 1292  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:59:54.0750 1292  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:59:54.0766 1292  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:59:54.0781 1292  [Global] - ok
12:59:54.0781 1292  ================ Scan MBR ==================================
12:59:54.0781 1292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:59:54.0890 1292  \Device\Harddisk0\DR0 - ok
12:59:54.0906 1292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:59:55.0015 1292  \Device\Harddisk1\DR1 - ok
12:59:55.0031 1292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk6\DR6
12:59:55.0124 1292  \Device\Harddisk6\DR6 - ok
12:59:55.0124 1292  ================ Scan VBR ==================================
12:59:55.0124 1292  [ DC42802F5BB64CDD3D9A2539173883C0 ] \Device\Harddisk0\DR0\Partition1
12:59:55.0124 1292  \Device\Harddisk0\DR0\Partition1 - ok
12:59:55.0124 1292  [ 10D5246552F4D431D1F6E0CBAF5FB825 ] \Device\Harddisk0\DR0\Partition2
12:59:55.0124 1292  \Device\Harddisk0\DR0\Partition2 - ok
12:59:55.0156 1292  [ DAE8898BA87270797B0CF40406A7D5AF ] \Device\Harddisk1\DR1\Partition1
12:59:55.0156 1292  \Device\Harddisk1\DR1\Partition1 - ok
12:59:55.0171 1292  [ 11D10E978C1D8AFCA25C417A7DD6BF52 ] \Device\Harddisk1\DR1\Partition2
12:59:55.0171 1292  \Device\Harddisk1\DR1\Partition2 - ok
12:59:55.0187 1292  [ CE481CD93A547D12C47663E1D9E5554B ] \Device\Harddisk1\DR1\Partition3
12:59:55.0187 1292  \Device\Harddisk1\DR1\Partition3 - ok
12:59:55.0187 1292  [ 2C0924412007A0879ECB672354F8D46F ] \Device\Harddisk1\DR1\Partition4
12:59:55.0202 1292  \Device\Harddisk1\DR1\Partition4 - ok
12:59:55.0202 1292  [ 544CBE3DF5733B5ED3FAEA640818FFBA ] \Device\Harddisk6\DR6\Partition1
12:59:55.0202 1292  \Device\Harddisk6\DR6\Partition1 - ok
12:59:55.0202 1292  [ 4DCBE73096F7376908B0EFDE60FE8668 ] \Device\Harddisk6\DR6\Partition2
12:59:55.0218 1292  \Device\Harddisk6\DR6\Partition2 - ok
12:59:55.0218 1292  ============================================================
12:59:55.0218 1292  Scan finished
12:59:55.0218 1292  ============================================================
12:59:55.0234 6060  Detected object count: 6
12:59:55.0234 6060  Actual detected object count: 6
13:01:32.0532 6060  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0532 6060  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:01:32.0532 6060  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0532 6060  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:01:32.0548 6060  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0548 6060  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:01:32.0548 6060  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0548 6060  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:01:32.0548 6060  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0548 6060  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:01:32.0548 6060  TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
13:01:32.0548 6060  TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
LG Jonny

Alt 21.08.2012, 13:55   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.08.2012, 17:54   #25
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hallo,
hier das Log:

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-20.02 - Jonny 21.08.2012  18:37:29.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2138 [GMT 2:00]
ausgeführt von:: c:\users\Jonny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jonny\AppData\Roaming\AcroIEHelpe.txt
c:\users\Jonny\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-21 bis 2012-08-21  ))))))))))))))))))))))))))))))
.
.
2012-08-21 16:43 . 2012-08-21 16:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-08-19 11:25 . 2012-08-19 11:25	--------	d-----w-	C:\_OTL
2012-08-15 14:40 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-15 09:26 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 09:26 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 09:26 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 09:26 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 09:26 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 09:26 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 09:26 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 09:26 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 09:26 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 09:26 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 09:26 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 09:26 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-13 12:45 . 2012-08-13 12:45	--------	d-----w-	c:\program files (x86)\ESET
2012-08-10 11:36 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEE1B934-BB36-4A49-AD0D-7368B708D2A5}\mpengine.dll
2012-08-05 15:44 . 2012-08-05 15:44	--------	d-----w-	c:\users\Jonny\AppData\Roaming\Malwarebytes
2012-08-05 15:43 . 2012-08-05 15:43	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-05 15:43 . 2012-08-05 15:43	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-05 15:43 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-03 12:10 . 2012-08-03 12:10	--------	d-----w-	c:\program files (x86)\Microtek
2012-08-03 11:58 . 2012-08-03 11:58	--------	d-----w-	c:\programdata\ABBYY
2012-07-28 14:25 . 2012-07-28 14:25	--------	d-----w-	c:\users\Jonny\AppData\Local\Macromedia
2012-07-28 14:19 . 2012-07-28 14:19	--------	d-----w-	c:\users\Jonny\AppData\Local\Mozilla
2012-07-28 13:04 . 2012-07-28 13:04	--------	d-----w-	c:\users\Jonny\AppData\Roaming\Anvsoft
2012-07-28 13:04 . 2012-07-28 13:04	--------	d-----w-	c:\program files (x86)\AnvSoft
2012-07-27 14:09 . 2012-07-30 17:32	--------	d-----w-	c:\program files (x86)\WebSite X5 v8 - Evolution
2012-07-27 14:09 . 1997-07-19 15:00	604432	----a-w-	c:\windows\SysWow64\COMCTL32.OCX
2012-07-27 11:43 . 2012-07-27 11:43	--------	d-----w-	c:\users\Public\ABBYY FineReader Engine 9.0
2012-07-27 11:43 . 2012-07-27 11:43	--------	d-----w-	c:\users\Jonny\AppData\Roaming\ABBYY FineReader Engine 9.0
2012-07-27 11:43 . 2012-07-27 11:43	--------	d-----w-	c:\users\Jonny\AppData\Local\ABBYY FineReader Engine 9.0
2012-07-23 15:56 . 2012-07-23 15:56	--------	d-----w-	c:\users\Jonny\AppData\Roaming\Serif
2012-07-23 15:55 . 2012-07-23 15:55	--------	d-----w-	c:\program files (x86)\Serif
2012-07-23 15:16 . 2012-07-23 15:16	--------	d-----w-	c:\users\Jonny\AppData\Roaming\LMSOFT
2012-07-23 15:13 . 2012-07-23 15:19	--------	d-----w-	c:\program files (x86)\LMSOFT
2012-07-23 13:57 . 2012-07-23 13:57	--------	d-----w-	c:\users\Jonny\AppData\Roaming\Nvu
2012-07-23 13:57 . 2012-07-23 15:21	--------	d-----w-	c:\program files (x86)\Nvu
2012-07-23 12:17 . 2012-07-23 12:17	--------	d-----w-	c:\programdata\vsosdk
2012-07-23 11:42 . 2012-07-23 12:46	--------	d-----w-	c:\users\Jonny\AppData\Roaming\BuddyW
2012-07-23 11:42 . 2012-07-23 11:42	--------	d-----w-	c:\program files (x86)\BuddyW
2012-07-23 11:38 . 2012-07-23 12:27	--------	d-----w-	c:\users\Jonny\AppData\Roaming\dvdcss
2012-07-23 11:36 . 2012-07-23 11:36	--------	d-----w-	c:\programdata\MagicSoftware
2012-07-23 11:34 . 2012-07-23 11:35	--------	d-----w-	c:\program files (x86)\DVDx 4.0 Open Edition
2012-07-23 11:34 . 2012-07-23 11:34	--------	d-----w-	c:\users\Jonny\AppData\Local\MagicSoftware
2012-07-23 11:34 . 2012-07-23 12:25	--------	d-----w-	c:\program files (x86)\MagicDVDCopier
2012-07-22 17:11 . 2012-07-22 17:16	--------	d-----w-	c:\program files (x86)\phase5
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 13:17 . 2012-04-01 10:47	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 13:17 . 2012-01-02 16:07	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 14:34 . 2011-12-30 19:09	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-12 15:13 . 2012-05-18 14:46	405144	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-09 05:43 . 2012-07-11 16:42	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:42	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:42	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:41	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:42	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:42	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:41	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-26 09:30	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 09:30	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 09:30	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 09:30	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 09:30	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 09:30	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 09:30	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-26 09:30	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-26 09:30	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 16:42	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:42	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 16:42	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 16:42	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:42	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:42	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:42	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:42	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:42	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2006-05-03 11:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-31 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2010-08-03 582312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Live! Central"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-05-08 438399]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-28 1406248]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\T-Online\DSL-Manager\DslMgr.exe [2012-1-2 1085440]
.
c:\users\Anneliese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\T-Online\DSL-Manager\DslMgr.exe [2012-1-2 1085440]
.
c:\users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\T-Online\DSL-Manager\DslMgr.exe [2012-1-2 1085440]
.
c:\users\Jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\T-Online\DSL-Manager\DslMgr.exe [2012-1-2 1085440]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2011-11-10 14000128]
ShellFolderFix.lnk - c:\program files (x86)\ShellFolderFix\ShellFolderFixUI.exe [2012-1-12 2625024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe [2012-8-3 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-01-03 37480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 19008]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-15 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-15 465360]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2012-03-19 514128]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys [2008-08-06 22216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-21 1403200]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-05-07 169472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2010-01-12 95744]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-02-05 49664]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-01-03 37480]
S3 TDslMgrService;DSL-Manager;c:\program files (x86)\T-Online\DSL-Manager\DslMgrSvc.exe [2007-08-01 290816]
S3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 V0540Dev;Creative Camera VF0540 Driver;c:\windows\system32\DRIVERS\V0540Vid.sys [2009-06-15 321376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:17]
.
2012-08-12 c:\windows\Tasks\AdvancedDriverUpdater.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2012-01-03 10:33]
.
2012-07-18 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job
- c:\program files (x86)\Advanced Driver Updater\adu.exe [2012-01-03 10:33]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 14:53]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 14:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://portal.sska.de/portal/portal/StartenIPSTANDARD
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\Jonny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} - hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Incomedia WebSite X5 v8 - Evolution - c:\windows\system32\iwpsetup.exe
AddRemove-SmartToolseBook DAO, ADO Recordsetsv1.00 - c:\program files (x86)\SmartTools\Access eBook DAO
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-21  18:45:50
ComboFix-quarantined-files.txt  2012-08-21 16:45
.
Vor Suchlauf: 17 Verzeichnis(se), 199.663.939.584 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 199.140.237.312 Bytes frei
.
- - End Of File - - FC05696190A21CE04B47E02630E43601
         
--- --- ---


Einen schönen Urlaub.

LG Jonny

Alt 24.08.2012, 17:25   #26
jonnyk
 
GVU eingefangen - Unglücklich

GVU eingefangen



Hallo Cosinus
hoffe du hattest schöne Tage!

Zitat:
Zitat von jonnyk Beitrag anzeigen
Hi,

zu 1.: Windows läuft sauber, gefühlt sogar etwas schneller (Hochfahren + WIN-Anmeldung)

zu 2.: Habe mal überschlägig getestet. Scheint alles da zu sein. Keine leeren Ordner. Eine genaue Prüfung wäre allerdings sehr aufwendig, da doch einige Installationen vorhanden sind (Audio-, Video- und Fotobearbeitung)!
Habe hierzu eigene Desktop-Ordner, deren Inhalt aber einwandfrei läuft!

Ich denke soweit passt alles und wir können weiter machen.

Bis hierher schon mal vielen vielen Dank.
habe nun doch ein kleines Problem!

Beim Start von StarMoney 8.0 kann der Update-Dienst nicht gestartet weden!

Habe eine Datei mit genauer Fehlerbeschreibung angehängt.

Da sich StarMoney grundsätzlich starten lässt, eben nur nicht updaten, ist es zunächst nicht sooo tragisch, sollte aber schon gelöst werden!

Vielen Dank.
Jonny

Alt 30.08.2012, 14:32   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



StarMoney musst du wohl neu installieren. Ansonsten musst du den Support vom Hersteller in Anspruch nehmen, ich kann dafür nun wirklich keinen Support geben

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.08.2012, 16:03   #28
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Hallo cosinus,
zu StarMoney:
mir war schon klar, dass du dazu keinen Support lieferst, andererseits soll man doch alle ungewöhnlichen Dinge posten!?

Hier die Logs:

GMER:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 16:47:55
Windows 6.1.7601 Service Pack 1 
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675aeaea                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675aeaea@001f5c51641e         0x1D 0x2D 0xC0 0x11 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675aeaea (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675aeaea@001f5c51641e             0x1D 0x2D 0xC0 0x11 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---
OSAM:
Code:
ATTFilter
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:54:11 on 30.08.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AdvancedDriverUpdater.job" - "Systweak Inc" - C:\Program Files (x86)\Advanced Driver Updater\adu.exe
"AdvancedDriverUpdater_UPDATES.job" - "Systweak Inc" - C:\Program Files (x86)\Advanced Driver Updater\adu.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights 10" - ? - C:\Program Files (x86)\Nero\Nero 10\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl  (File not found)
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Audials Sound Capturing" (tbhsd) - "RapidSolution Software AG" - C:\Windows\System32\drivers\tbhsd.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CdaC15BA" (CdaC15BA) - ? - C:\Windows\system32\drivers\CDAC15BA.SYS  (File not found)
"DRHARD" (DRHARD) - ? - C:\Windows\system32\DRIVERS\DRHARD.SYS  (File not found)
"DRHARD64" (DRHARD64) - "Licensed for Gebhard Software" - C:\Windows\system32\drivers\DRHARD64.sys
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"Live! Cam Virtual" (RLDesignVirtualAudioCableWdm) - ? - C:\Windows\System32\DRIVERS\livecamv.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Telekom Netzmanager Packet Filter Driver" (TelekomNM6) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? -   (File not found | COM-object registry key not found)
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\SDShelEx-win32.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Grab Pro" - ? - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8BC53B30-32E4-4ED3-BEF9-DB761DB77453} "CInstallLPCtrl Object" - "SanDisk Corporation" - C:\Windows\Downloaded Program Files\InstallLP.dll / hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
{6C269571-C6D7-4818-BCA4-32A035E8C884} "Creative Software AutoUpdate" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTSUEngn.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package 2" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
{A796D216-2DE1-4EA8-BABB-FE6E7C959098} "HPSDDX Class" - "Hewlett-Packard Company" - C:\Windows\Downloaded Program Files\sdd.dll / hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{39ED5386-A900-4D6C-B564-20BFDE5402CF} "Medion Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\MEDION~1.OCX / hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_265.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\SysWow64\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Grab Pro" - ? - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"DSL-Manager.lnk" - "T-Systems Enterprise Services GmbH" - C:\Program Files (x86)\T-Online\DSL-Manager\DslMgr.exe  (Shortcut exists | File exists)
"Netzmanager.lnk" - ? - C:\Program Files (x86)\Netzmanager\netzmanager.exe  (Shortcut exists | File not found)
"ShellFolderFix.lnk" - ? - C:\Program Files (x86)\ShellFolderFix\ShellFolderFixUI.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microtek Scanner Finder.lnk" - ? - C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"CreativeTaskScheduler" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
"LMab1err" - " " - C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe
"Live! Central" - "Creative Technology Ltd." - "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBAgent" - "Nero AG" - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll
"Lexmark Enhanced TCP/IP Port" - " " - C:\Windows\system32\lmablmpm.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe
"@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\Windows\SysWOW64\cjpcsc.exe
"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Program Files (x86)\T-Online\DSL-Manager\DslMgrSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"lmab_device" (lmab_device) - " " - C:\Windows\system32\LMabcoms.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Soll ich aswmbr auch gleich ausführen oder auf den OK hinsichtlich der obigen Logs warten?

Alt 30.08.2012, 16:23   #29
jonnyk
 
GVU eingefangen - Standard

GVU eingefangen



Habe nun, da du Offline gegangen bist und in Deinem Post nicht explizit stand, ich solle warten, aswMBR ausgeführt.

Dies stürzte nach einer weile ab bzw. "funktionierte nicht mehr", siehe Anhang.

Alt 30.08.2012, 20:05   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU eingefangen - Standard

GVU eingefangen



Bitte auch alles lesen was in meinem Posting steht. Ganz unten zu aswMBR steht nämlich noch ein Hinweis!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu GVU eingefangen
administrator, anti-malware, appdata, autostart, avira, browser, dateien, explorer, festplatte, festplatten, gen, gvu entfernen, gvu trojaner, helper, hijack.userinit, malwarebytes, microsoft, nicht mehr, nicht sicher, registry, roaming, scan, software, speicher, system, test, vista, win




Ähnliche Themen: GVU eingefangen


  1. Was hab ich mir da eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (3)
  2. GVU 2.07 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (16)
  3. Hab ich mir da was eingefangen?
    Log-Analyse und Auswertung - 07.03.2011 (26)
  4. Was hab ich mir da eingefangen?
    Mülltonne - 07.02.2009 (0)
  5. hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 23.11.2008 (5)
  6. Hab ich mir was eingefangen?
    Mülltonne - 13.11.2008 (0)
  7. Hab mir was eingefangen!!!
    Mülltonne - 21.08.2008 (0)
  8. Hab mir was eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 25.07.2008 (16)
  9. Hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 20.07.2008 (6)
  10. Hab ich mir was eingefangen ??
    Log-Analyse und Auswertung - 28.12.2007 (0)
  11. Ich hab mir was eingefangen!?
    Log-Analyse und Auswertung - 26.01.2006 (1)
  12. Hab mir was eingefangen!!!
    Log-Analyse und Auswertung - 29.12.2005 (3)
  13. Was eingefangen??
    Log-Analyse und Auswertung - 16.09.2005 (6)
  14. Hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 16.08.2005 (3)
  15. chj/cws eingefangen...
    Log-Analyse und Auswertung - 10.02.2005 (11)
  16. Hab mir was eingefangen...
    Log-Analyse und Auswertung - 08.09.2004 (5)
  17. hab mir da was eingefangen?!
    Plagegeister aller Art und deren Bekämpfung - 19.04.2004 (0)

Zum Thema GVU eingefangen - Ist das rein zufällig ein Büro- bzw. hauptsächlich gewerblich genutzer PC? - GVU eingefangen...
Archiv
Du betrachtest: GVU eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.