|
Plagegeister aller Art und deren Bekämpfung: TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.11.2012, 22:59 | #1 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. Hallo ..., mit Malwarebytes erhielt ich folgendes Ergebnis: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jung :: PC01 [Administrator] 06.11.2012 16:25:31 mbam-log-2012-11-06 (16-25-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 474787 Laufzeit: 2 Stunde(n), 14 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\DATA BECKER\shop to date\GetUnique.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wie ist weiter vorzugehen? Vielen Dank schon vorab. Gruß Maddin |
07.11.2012, 00:20 | #2 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hi
__________________erst mal währen die fundmeldungen interessant, und zwar mit pfadangabe bitte :-)
__________________ |
07.11.2012, 09:06 | #3 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hi Marcus,
__________________beigefügt sende ich Dir eine Datei mit den Virenmeldungen, erstellt von GData Antivirus. |
07.11.2012, 16:12 | #4 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. ich möchte sie als text, nciht als grafik
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.11.2012, 17:02 | #5 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hi Marcus, wie ein txt-Export vom GData-Ergebnis erfolgen kann, ist mir nicht bekannt. Alle Virenfunde liegen im Verzeichnis: C:\$RECYCLE.BIN Soweit ich das verstehe, ist das ein versteckter Ordner. Die diversen Virenarten von der erweiterten GData-Virensuche füge ich beigefügt als jpg-Datei bei. Eine GData-Exportmöglichkeit kann ich nicht erkennen. Eine evtl. automatisiert erzeugte txt-Datei kann ich im GData-Programmpfad auch nicht finden. Muss ich das alles von der Bilddatei abtippen oder genügt der beigefügte Anhang? |
07.11.2012, 19:47 | #6 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. tippe mir mal ein paar der fundmeldungen an, das hinter dem letzten \ reicht da sie alle im selben ordner liegen wie du sagst.
__________________ --> TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. |
07.11.2012, 23:02 | #7 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. Hi Marcus, hier Beispielsfunde: Worm.Autorun.VGF [Engine A] Trojan.Banker.X [Engine A] Trojan.Crypt.AO [Engine A] Trojan.Downloader.Nurech.X [Engine A] Trojan.Generic.KDV.617269 [Engine A] Trojan.Generic.4876800 [Engine A] Trojan.Spy.HTML.Bankfraud.M [Engine A] Trojan. [Engine A] Trojan. [Engine A] |
08.11.2012, 18:52 | #8 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. ich brauche nicht die fundmeldungen allein, damit kann ich nichts anfangen, ich brauche dateinamen + funde
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.11.2012, 20:44 | #9 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. Hi Marcus, Festgestellt habe ich, dass zwar immer der gleiche Hauptpfad betroffen ist. Allerdings sind unterschiedliche Unterpfade betroffen. Hier Beispielsfunde ergänzt (so steht es in den Zeilen): Trojan.Downloader.Nurech.X, Trojan.Downloader.JLIS, Worm.Autorun.VGF [Engine A] in Datei: Inbox in Pfad: C:\$Recycle.bin\S-1-5-21-3819896947-3942532061-1754202372-1137\$HAWDP50\Profiles\nfvjf3an.default\Mail\Mail\pop.1und1-1.com Trojan.Generic.KDV.617269 [Engine A] in Datei: $R9SQFCB in Pfad: C:\$Recycle.bin\S-1-5-21-3819896947-3942532061-1754202372-1137 Trojan.Generic.4876800 [Engine A] in Datei: Trash in Pfad: C:\$Recycle.bin\S-1-5-21-3819896947-3942532061-1754202372-1137\$RO4JN7E\Mozilla\Profiles\default\z3da9txa.slt\Mail\pop.1und1-3.de Trojan.Spy.HTML.Bankfraud.E (3x), Trojan.Spy.HTML.Bankfraud.M (8x) Trojan.Banker.X (4x), Trojan.Crypt.AO, Trojan.Downloader.Nurech.X [Engine A] in Datei: Inbox in Pfad: C:\$Recycle.bin\S-1-5-21-3819896947-3942532061-1754202372-1137\$RMFLRBD\c_Dokumente und Einstellungen_[hier steht ein Benutzername]_Anwendungsdaten_Thunderbird_Profiles\nfvjf3an.default\Mail\pop.1und1.de Die vorstehenden Funde hatte ich bereits als Datei PC01_Virenfund_20121101_1.jpg im Trojaner-Forum hochgeladen. Auffällig ist mir, dass meine Tastatur nach einiger Zeit nach dem PC-Start nicht funktioniert. Die Entertaste und die Tabulatortaste sprechen erst nach erheblichem Zeitverzug an bzw. gar nicht. Heute ist die Tastatur gänzlich ausgefallen. Ich habe ein PS2-Tastatur dranhängen. Der Gerätemanager zeigte mir eine zweite Tastatur an (HID-Tastatur). Nach dem PC-Neustart lädt sich aber trotz vorheriger Deinstallation über den Gerätemanager immer wieder eine HID-Tastatur noch dazu. Kann das mit den Viren zusammenhängen? |
08.11.2012, 20:51 | #10 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hast du deine mail box in den papierkorb verschoben?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.11.2012, 09:18 | #11 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. Ich hatte alte Mailsicherungen in den Papierkorb verschoben. Wie ich jetzt bemerkt habe, hatte ich den Papierkorb nicht geleert. Den Papierkorb habe ich nun vollständig gelöscht. Das Virenschutzprogramm zeigt mir keine Viren mehr an. Vermutlich ist damit alles erledigt. Ich bitte um Deine kurze Rückmeldung. In jedem Fall vielen Dank für Deine Unterstützung. Grüße von Maddin |
09.11.2012, 19:40 | #12 | |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. wir machen noch 1 scan, und sichern dann den pc ab combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.11.2012, 22:29 | #13 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hier das Ergebnis:Combofix Logfile: Code:
ATTFilter ComboFix 12-11-09.02 - [Username] 10.11.2012 21:19:03.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4054.2168 [GMT 1:00] ausgeführt von:: c:\users\[Username]\Downloads\ComboFix.exe AV: G Data AntiVirus *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} SP: G Data AntiVirus *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-10 bis 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-10 20:26 . 2012-11-10 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-10 20:26 . 2012-11-10 20:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-10 20:26 . 2012-11-10 20:26 -------- d-----w- c:\users\Admin\AppData\Local\temp 2012-11-09 08:05 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D41465-0E9F-466A-9A2F-0E60F82C93C1}\mpengine.dll 2012-11-06 15:23 . 2012-11-06 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-06 15:23 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-05 13:01 . 2012-11-05 13:01 -------- d-----w- c:\users\[Username]\AppData\Local\Programs 2012-11-01 08:38 . 2012-11-01 08:38 848089 ----a-w- c:\windows\SysWow64\sig.bin 2012-10-30 10:54 . 2012-10-30 20:37 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2012-10-22 07:19 . 2012-10-22 07:19 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-10-18 13:45 . 2003-04-15 23:10 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll 2012-10-18 13:45 . 2006-02-23 07:20 131072 ----a-w- c:\windows\DBReg.exe 2012-10-18 13:45 . 2006-02-23 07:19 369152 ----a-w- c:\windows\DBREG.dll 2012-10-18 13:38 . 2006-01-23 15:20 1466368 ----a-w- c:\windows\SysWow64\DBInternetControl.ocx 2012-10-18 07:52 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-17 23:42 . 2012-10-17 23:42 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 07:19 . 2012-04-10 06:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-22 07:19 . 2011-12-08 23:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 21:59 . 2012-01-02 14:39 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-14 19:19 . 2012-10-10 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 21:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-08 13:51 . 2012-09-08 13:51 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2012-09-08 13:51 . 2012-09-08 13:51 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-09-08 13:51 . 2012-09-08 13:51 986208 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-09-08 13:51 . 2012-09-08 13:51 210528 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-09-08 13:51 . 2012-09-08 13:51 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-09-08 13:51 . 2012-09-08 13:51 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-09-03 21:10 . 2012-09-03 21:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-03 21:10 . 2012-01-04 18:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19 . 2012-10-10 21:53 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 21:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 21:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 21:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 21:53 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 21:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-22 21:21 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 21:21 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 21:21 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 21:21 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 21:21 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 21:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 21:21 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 21:21 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 21:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 21:21 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 21:21 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 21:21 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 21:21 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 21:21 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 21:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 21:21 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 21:21 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 21:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 21:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 21:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 21:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 21:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 06:14 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 06:14 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 06:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 06:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 06:48 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 21:53 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 21:53 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 21:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 21:53 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 21:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 21:53 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 21:53 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 21:53 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 21:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 21:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 21:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 21:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 21:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6EF6B546-25FB-455B-801F-FDB3B3D39F9E}] 2011-06-01 08:05 611936 ----a-w- c:\datev\PROGRAMM\B0000397\DtvIePwdSafe.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe" [2012-10-22 3512728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "DATEV Update-Monitor"="c:\datev\PROGRAMM\Install\DvInesASDMon.exe" [2011-07-25 269920] "DVCCSAWTSSetEntryNTE"="c:\datev\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe" [2011-06-28 549472] "DATEV_SCardMan"="c:\datev\PROGRAMM\B0000347\ScMgmt\ScardManager.exe" [2010-09-22 368736] "AVK Client"="c:\program files (x86)\G Data\AVKClient\AVKCl.exe" [2011-06-22 1740792] "Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2010-07-05 333088] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-10-16 1275168] "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-10-16 121120] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032] "SiPaHost"="c:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2011-05-09 595552] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-08-05 5957352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . c:\users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ klickTel OEM Frühjahr 2010 - Schnellstarter.lnk - c:\program files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE [2012-1-14 464384] Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe [1999-9-15 229432] PhraseExpress Diagnose-Modus.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-8-29 7344336] TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Basisschnittstelle Office V.5.1 Initialisierung.lnk - c:\datev\PROGRAMM\BSoffice\service\OfficeDiag.exe [2012-2-28 38496] DATEV-Hinweis Mitteilungsdienst.lnk - c:\datev\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056] DFÜ-Manager.LNK - c:\datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2011-11-4 356412] RZ-Druckertreiber V.2.3.lnk - c:\datev\SYSTEM\rzpjwtch.exe [2008-6-18 36448] SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2011-12-23 27744] TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952] VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe [2012-2-20 1137152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [x] R3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe [2011-06-22 1460216] R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys [2010-08-13 339728] R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys [2010-08-13 65808] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-12-08 31152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-08 132704] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-01-03 50040] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-08 210528] S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2012-10-17 142944] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-11 31080] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-01-03 110456] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-01-03 63864] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-01-03 51576] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-08 3442640] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2008-02-11 70272] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520] S2 AntiVirusKit Client;G DATA AntiVirus Client;c:\program files (x86)\G Data\AVKClient\AVKCl.exe [2011-06-22 1740792] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2011-06-22 1430024] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe [2011-06-22 1929104] S2 DATEV Logon Service;DATEV Logon Service;c:\datev\PROGRAMM\B0001364\DtvScSer.exe [2010-09-08 511072] S2 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2011-07-25 172640] S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [x] S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [2011-12-09 79872] S2 Dcmanag;DATEV DFÜ-System Dienst;c:\datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [2011-11-04 176128] S2 DVckService;DVckService;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [2011-06-28 2409056] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-09-26 260424] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [2012-09-15 71056] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 KOBIL_MSDI;KOBIL_MSDI;c:\datev\PROGRAMM\B0000404\msdisrv.exe [2010-08-25 194144] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-10-16 134944] S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys [2011-07-19 82488] S2 SCardService;DATEV SmartCard Service;c:\datev\PROGRAMM\B0000347\ScMgmt\SCardService.exe [2010-09-22 292960] S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\datev\PROGRAMM\B0000398\SiPaHostService.exe [2011-05-09 271456] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-08-05 6495504] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-11 927840] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-08 367200] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2011-06-22 370184] S3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2012-01-03 25344] S3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2012-01-03 104576] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] . . Inhalt des "geplante Tasks" Ordners . 2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:19] . 2012-11-07 c:\windows\Tasks\HPCeeScheduleFor[Username].job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-11-03 c:\windows\Tasks\HPCeeScheduleForPC01$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{557F4852-8868-44dd-B5E9-9890AC4B1FD5}] 2011-06-01 07:44 763488 ----a-w- c:\datev\PROGRAMM\B0000397\DtvIePwdSafe64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-08-05 403592] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.datev.de/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Mit Nuance PDF Converter 7.0 öffnen - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll /100 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll TCP: DhcpNameServer = 192.168.199.10 DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB FF - ProfilePath - c:\users\[Username]\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\ FF - prefs.js: browser.startup.homepage - Google . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{557F4852-8868-44dd-B5E9-9890AC4B1FD5} - (no file) BHO-{6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) AddRemove-shop2date - c:\windows\IsUn0407.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-11-10 21:28:50 ComboFix-quarantined-files.txt 2012-11-10 20:28 . Vor Suchlauf: 37 Verzeichnis(se), 362.468.470.784 Bytes frei Nach Suchlauf: 43 Verzeichnis(se), 362.514.604.032 Bytes frei . - - End Of File - - 5A3EF6DF1F6A3EB4653B37FEBB9A2348 Im letzten Tread hatte ich ComboFix nicht vom Desktop aus gestartet. Hier das Ergebnis mit Programmstart vom Desktop aus:Combofix Logfile: Code:
ATTFilter ComboFix 12-11-09.02 - [Username] 10.11.2012 22:35:48.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4054.1922 [GMT 1:00] ausgeführt von:: c:\users\[Username]\Desktop\ComboFix.exe AV: G Data AntiVirus *Disabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} SP: G Data AntiVirus *Disabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Windows Live\Messenger\msacm32.dll C:\Thumbs.db c:\windows\SysWow64\opera6.ini . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-10 bis 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-10 21:41 . 2012-11-10 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-10 21:41 . 2012-11-10 21:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-10 21:41 . 2012-11-10 21:41 -------- d-----w- c:\users\Admin\AppData\Local\temp 2012-11-10 20:27 . 2012-11-10 20:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D41465-0E9F-466A-9A2F-0E60F82C93C1}\offreg.dll 2012-11-09 08:05 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D41465-0E9F-466A-9A2F-0E60F82C93C1}\mpengine.dll 2012-11-06 15:23 . 2012-11-06 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-06 15:23 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-05 13:01 . 2012-11-05 13:01 -------- d-----w- c:\users\[Username]\AppData\Local\Programs 2012-11-01 08:38 . 2012-11-01 08:38 848089 ----a-w- c:\windows\SysWow64\sig.bin 2012-10-30 10:54 . 2012-10-30 20:37 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2012-10-22 07:19 . 2012-10-22 07:19 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-10-18 13:45 . 2003-04-15 23:10 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll 2012-10-18 13:45 . 2006-02-23 07:20 131072 ----a-w- c:\windows\DBReg.exe 2012-10-18 13:45 . 2006-02-23 07:19 369152 ----a-w- c:\windows\DBREG.dll 2012-10-18 13:38 . 2006-01-23 15:20 1466368 ----a-w- c:\windows\SysWow64\DBInternetControl.ocx 2012-10-18 07:52 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-17 23:42 . 2012-10-17 23:42 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 07:19 . 2012-04-10 06:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-22 07:19 . 2011-12-08 23:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 21:59 . 2012-01-02 14:39 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-14 19:19 . 2012-10-10 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 21:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-08 13:51 . 2012-09-08 13:51 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2012-09-08 13:51 . 2012-09-08 13:51 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-09-08 13:51 . 2012-09-08 13:51 986208 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-09-08 13:51 . 2012-09-08 13:51 210528 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-09-08 13:51 . 2012-09-08 13:51 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-09-08 13:51 . 2012-09-08 13:51 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-09-03 21:10 . 2012-09-03 21:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-03 21:10 . 2012-01-04 18:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19 . 2012-10-10 21:53 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 21:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 21:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 21:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 21:53 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 21:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-22 21:21 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 21:21 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 21:21 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 21:21 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 21:21 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 21:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 21:21 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 21:21 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 21:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 21:21 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 21:21 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 21:21 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 21:21 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 21:21 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 21:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 21:21 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 21:21 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 21:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 21:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 21:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 21:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 21:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 06:14 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 06:14 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 06:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 06:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 06:48 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 21:53 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 21:53 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 21:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 21:53 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 21:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 21:53 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 21:53 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 21:53 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 21:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 21:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 21:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 21:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 21:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 21:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 21:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6EF6B546-25FB-455B-801F-FDB3B3D39F9E}] 2011-06-01 08:05 611936 ----a-w- c:\datev\PROGRAMM\B0000397\DtvIePwdSafe.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe" [2012-10-22 3512728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "DATEV Update-Monitor"="c:\datev\PROGRAMM\Install\DvInesASDMon.exe" [2011-07-25 269920] "DVCCSAWTSSetEntryNTE"="c:\datev\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe" [2011-06-28 549472] "DATEV_SCardMan"="c:\datev\PROGRAMM\B0000347\ScMgmt\ScardManager.exe" [2010-09-22 368736] "AVK Client"="c:\program files (x86)\G Data\AVKClient\AVKCl.exe" [2011-06-22 1740792] "Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2010-07-05 333088] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-10-16 1275168] "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-10-16 121120] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032] "SiPaHost"="c:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2011-05-09 595552] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-08-05 5957352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . c:\users\[Username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ klickTel OEM Frühjahr 2010 - Schnellstarter.lnk - c:\program files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE [2012-1-14 464384] Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe [1999-9-15 229432] PhraseExpress Diagnose-Modus.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-8-29 7344336] TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Basisschnittstelle Office V.5.1 Initialisierung.lnk - c:\datev\PROGRAMM\BSoffice\service\OfficeDiag.exe [2012-2-28 38496] DATEV-Hinweis Mitteilungsdienst.lnk - c:\datev\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056] DFÜ-Manager.LNK - c:\datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2011-11-4 356412] RZ-Druckertreiber V.2.3.lnk - c:\datev\SYSTEM\rzpjwtch.exe [2008-6-18 36448] SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2011-12-23 27744] TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe [2011-10-10 7101952] VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe [2012-2-20 1137152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Datev.Framework.RemoteServices.Messaging.CentralMessagingService;DATEV Messaging-Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -SvcRunLevel=1000 [x] R3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVKClient\AVKBackupService.exe [2011-06-22 1460216] R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys [2010-08-13 339728] R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys [2010-08-13 65808] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-12-08 31152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-08 132704] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-01-03 50040] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-08 210528] S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2012-10-17 142944] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-11 31080] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-01-03 110456] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-01-03 63864] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-01-03 51576] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-08 3442640] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2008-02-11 70272] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520] S2 AntiVirusKit Client;G DATA AntiVirus Client;c:\program files (x86)\G Data\AVKClient\AVKCl.exe [2011-06-22 1740792] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2011-06-22 1430024] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVKClient\AVKWCtlX64.exe [2011-06-22 1929104] S2 DATEV Logon Service;DATEV Logon Service;c:\datev\PROGRAMM\B0001364\DtvScSer.exe [2010-09-08 511072] S2 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [2011-07-25 172640] S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 [x] S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [2011-12-09 79872] S2 Dcmanag;DATEV DFÜ-System Dienst;c:\datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [2011-11-04 176128] S2 DVckService;DVckService;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [2011-06-28 2409056] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-09-26 260424] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [2012-09-15 71056] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 KOBIL_MSDI;KOBIL_MSDI;c:\datev\PROGRAMM\B0000404\msdisrv.exe [2010-08-25 194144] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-10-16 134944] S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys [2011-07-19 82488] S2 SCardService;DATEV SmartCard Service;c:\datev\PROGRAMM\B0000347\ScMgmt\SCardService.exe [2010-09-22 292960] S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\datev\PROGRAMM\B0000398\SiPaHostService.exe [2011-05-09 271456] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-08-05 6495504] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-11 927840] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-08 367200] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2011-06-22 370184] S3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2012-01-03 25344] S3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2012-01-03 104576] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] . . Inhalt des "geplante Tasks" Ordners . 2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:19] . 2012-11-07 c:\windows\Tasks\HPCeeScheduleFor[Username].job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-11-03 c:\windows\Tasks\HPCeeScheduleForPC01$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-08-05 403592] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.datev.de/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Mit Nuance PDF Converter 7.0 öffnen - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll /100 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll TCP: DhcpNameServer = 192.168.199.10 DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB FF - ProfilePath - c:\users\[Username]\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\ FF - prefs.js: browser.startup.homepage - Google . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{557F4852-8868-44dd-B5E9-9890AC4B1FD5} - (no file) BHO-{6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) AddRemove-shop2date - c:\windows\IsUn0407.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-11-10 22:43:14 ComboFix-quarantined-files.txt 2012-11-10 21:43 ComboFix2.txt 2012-11-10 20:28 . Vor Suchlauf: 42 Verzeichnis(se), 362.340.425.728 Bytes frei Nach Suchlauf: 43 Verzeichnis(se), 362.038.374.400 Bytes frei . - - End Of File - - BC6D07EDBD7487811823B366FD313423 |
10.11.2012, 23:10 | #14 |
/// Malware-holic | TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.11.2012, 13:57 | #15 |
| TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. Hi Marcus, hier das Ergebnis: 13:20:16.0213 5368 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 13:20:16.0451 5368 ============================================================ 13:20:16.0451 5368 Current date / time: 2012/11/11 13:20:16.0451 13:20:16.0451 5368 SystemInfo: 13:20:16.0451 5368 13:20:16.0451 5368 OS Version: 6.1.7601 ServicePack: 1.0 13:20:16.0451 5368 Product type: Workstation 13:20:16.0452 5368 ComputerName: PC01 13:20:16.0452 5368 UserName: [Username] 13:20:16.0452 5368 Windows directory: C:\Windows 13:20:16.0452 5368 System windows directory: C:\Windows 13:20:16.0452 5368 Running under WOW64 13:20:16.0452 5368 Processor architecture: Intel x64 13:20:16.0452 5368 Number of processors: 4 13:20:16.0452 5368 Page size: 0x1000 13:20:16.0452 5368 Boot type: Normal boot 13:20:16.0452 5368 ============================================================ 13:20:17.0404 5368 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:20:17.0416 5368 ============================================================ 13:20:17.0416 5368 \Device\Harddisk0\DR0: 13:20:17.0417 5368 MBR partitions: 13:20:17.0417 5368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 13:20:17.0417 5368 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x394FE000 13:20:17.0417 5368 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x39530800, BlocksNum 0xE55000 13:20:17.0417 5368 ============================================================ 13:20:17.0481 5368 C: <-> \Device\Harddisk0\DR0\Partition2 13:20:17.0537 5368 D: <-> \Device\Harddisk0\DR0\Partition3 13:20:17.0537 5368 ============================================================ 13:20:17.0537 5368 Initialize success 13:20:17.0537 5368 ============================================================ 13:27:52.0371 6096 ============================================================ 13:27:52.0371 6096 Scan started 13:27:52.0371 6096 Mode: Manual; SigCheck; TDLFS; 13:27:52.0371 6096 ============================================================ 13:27:54.0459 6096 ================ Scan system memory ======================== 13:27:54.0459 6096 System memory - ok 13:27:54.0460 6096 ================ Scan services ============================= 13:27:58.0274 6096 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:27:58.0427 6096 1394ohci - ok 13:27:58.0590 6096 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:27:58.0635 6096 ACPI - ok 13:27:58.0742 6096 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:27:58.0832 6096 AcpiPmi - ok 13:27:59.0446 6096 [ 879EB855B4C2A5E6C8D58C441B218187 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 13:27:59.0602 6096 AcrSch2Svc - ok 13:27:59.0803 6096 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:27:59.0818 6096 AdobeARMservice - ok 13:28:02.0374 6096 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:28:02.0392 6096 AdobeFlashPlayerUpdateSvc - ok 13:28:02.0606 6096 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:28:02.0668 6096 adp94xx - ok 13:28:02.0798 6096 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:28:02.0950 6096 adpahci - ok 13:28:03.0024 6096 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:28:03.0057 6096 adpu320 - ok 13:28:03.0155 6096 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:28:04.0658 6096 AeLookupSvc - ok 13:28:04.0739 6096 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys 13:28:05.0393 6096 afcdp - ok 13:28:06.0407 6096 [ F92906DB7562D606674D5CBF2019D1CF ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 13:28:06.0551 6096 afcdpsrv - ok 13:28:06.0651 6096 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:28:06.0743 6096 AFD - ok 13:28:06.0889 6096 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:28:06.0906 6096 agp440 - ok 13:28:06.0962 6096 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\Windows\system32\drivers\aksdf.sys 13:28:07.0955 6096 aksdf - ok 13:28:08.0046 6096 [ 43415AF4F20E9867974623840A22FE98 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys 13:28:08.0073 6096 aksfridge - ok 13:28:08.0106 6096 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:28:08.0265 6096 ALG - ok 13:28:08.0422 6096 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:28:08.0438 6096 aliide - ok 13:28:08.0603 6096 [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 13:28:09.0164 6096 AMD External Events Utility - ok 13:28:09.0288 6096 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:28:09.0305 6096 amdide - ok 13:28:09.0346 6096 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:28:09.0370 6096 AmdK8 - ok 13:28:11.0431 6096 [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:28:11.0685 6096 amdkmdag - ok 13:28:11.0931 6096 [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 13:28:12.0109 6096 amdkmdap - ok 13:28:12.0317 6096 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 13:28:12.0363 6096 AmdPPM - ok 13:28:12.0554 6096 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:28:12.0574 6096 amdsata - ok 13:28:12.0685 6096 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 13:28:12.0705 6096 amdsbs - ok 13:28:12.0925 6096 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:28:12.0941 6096 amdxata - ok 13:28:13.0776 6096 [ DC87992A154DF8EDBC55F2E5DD3C1BC5 ] AntiVirusKit Client C:\Program Files (x86)\G Data\AVKClient\AVKCl.exe 13:28:13.0853 6096 AntiVirusKit Client - ok 13:28:14.0061 6096 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:28:14.0113 6096 AppID - ok 13:28:14.0260 6096 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:28:14.0326 6096 AppIDSvc - ok 13:28:14.0391 6096 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 13:28:14.0538 6096 Appinfo - ok 13:28:14.0748 6096 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 13:28:14.0878 6096 AppMgmt - ok 13:28:15.0000 6096 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 13:28:15.0018 6096 arc - ok 13:28:15.0029 6096 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:28:15.0046 6096 arcsas - ok 13:28:15.0861 6096 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:28:15.0876 6096 aspnet_state - ok 13:28:15.0956 6096 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:28:16.0040 6096 AsyncMac - ok 13:28:16.0127 6096 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:28:16.0149 6096 atapi - ok 13:28:16.0285 6096 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 13:28:16.0303 6096 AtiHDAudioService - ok 13:28:16.0470 6096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:28:16.0645 6096 AudioEndpointBuilder - ok 13:28:16.0691 6096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:28:16.0720 6096 AudioSrv - ok 13:28:17.0086 6096 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 13:28:17.0308 6096 avgtp - ok 13:28:17.0713 6096 [ 1DA2EEB0C7417929AE9691532F3FAAE4 ] AVKProxy C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe 13:28:17.0805 6096 AVKProxy - ok 13:28:18.0461 6096 [ 9F63CA1EE62754F7F9A7969C562B7F6D ] AVKWCtl C:\Program Files (x86)\G Data\AVKClient\AVKWCtlX64.exe 13:28:18.0545 6096 AVKWCtl - ok 13:28:18.0891 6096 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:28:20.0026 6096 AxInstSV - ok 13:28:20.0192 6096 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 13:28:20.0332 6096 b06bdrv - ok 13:28:20.0391 6096 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:28:20.0515 6096 b57nd60a - ok 13:28:20.0726 6096 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 13:28:20.0759 6096 BBSvc - ok 13:28:20.0877 6096 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:28:20.0916 6096 BDESVC - ok 13:28:21.0005 6096 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:28:21.0055 6096 Beep - ok 13:28:21.0390 6096 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 13:28:21.0500 6096 BFE - ok 13:28:21.0737 6096 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 13:28:21.0835 6096 BITS - ok 13:28:22.0070 6096 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 13:28:22.0088 6096 blbdrive - ok 13:28:22.0180 6096 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:28:22.0239 6096 bowser - ok 13:28:22.0359 6096 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 13:28:22.0392 6096 BrFiltLo - ok 13:28:22.0465 6096 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 13:28:22.0537 6096 BrFiltUp - ok 13:28:22.0653 6096 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:28:22.0699 6096 BridgeMP - ok 13:28:22.0843 6096 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 13:28:22.0903 6096 Browser - ok 13:28:22.0937 6096 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys 13:28:22.0979 6096 Brserid - ok 13:28:23.0002 6096 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:28:23.0033 6096 BrSerWdm - ok 13:28:23.0056 6096 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:28:23.0088 6096 BrUsbMdm - ok 13:28:23.0101 6096 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys 13:28:23.0128 6096 BrUsbSer - ok 13:28:23.0153 6096 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:28:23.0186 6096 BTHMODEM - ok 13:28:23.0217 6096 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:28:23.0267 6096 bthserv - ok 13:28:23.0290 6096 catchme - ok 13:28:23.0312 6096 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:28:23.0338 6096 cdfs - ok 13:28:23.0358 6096 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:28:23.0381 6096 cdrom - ok 13:28:23.0402 6096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:28:23.0448 6096 CertPropSvc - ok 13:28:23.0465 6096 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 13:28:23.0485 6096 circlass - ok 13:28:23.0508 6096 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:28:23.0522 6096 CLFS - ok 13:28:23.0575 6096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:28:23.0590 6096 clr_optimization_v2.0.50727_32 - ok 13:28:23.0625 6096 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:28:23.0641 6096 clr_optimization_v2.0.50727_64 - ok 13:28:23.0688 6096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:28:23.0704 6096 clr_optimization_v4.0.30319_32 - ok 13:28:23.0714 6096 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:28:23.0730 6096 clr_optimization_v4.0.30319_64 - ok 13:28:23.0757 6096 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 13:28:23.0785 6096 CmBatt - ok 13:28:23.0807 6096 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:28:23.0825 6096 cmdide - ok 13:28:23.0886 6096 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 13:28:23.0928 6096 CNG - ok 13:28:23.0953 6096 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 13:28:23.0962 6096 Compbatt - ok 13:28:23.0992 6096 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:28:24.0017 6096 CompositeBus - ok 13:28:24.0027 6096 COMSysApp - ok 13:28:24.0033 6096 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:28:24.0042 6096 crcdisk - ok 13:28:24.0071 6096 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:28:24.0114 6096 CryptSvc - ok 13:28:24.0130 6096 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 13:28:24.0169 6096 CSC - ok 13:28:24.0196 6096 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 13:28:24.0226 6096 CscService - ok 13:28:24.0305 6096 [ F886378CC9FFA09FE9A9D7CB4CF32934 ] DATEV Update-Service C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe 13:28:24.0319 6096 DATEV Update-Service - ok 13:28:24.0344 6096 Datev.Framework.RemoteServiceModel.EnablerService - ok 13:28:24.0347 6096 Datev.Framework.RemoteServices - ok 13:28:24.0392 6096 [ 7D7D3E30813284B4F996286B90C8257D ] DatevPrintService C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE 13:28:24.0411 6096 DatevPrintService ( UnsignedFile.Multi.Generic ) - warning 13:28:24.0411 6096 DatevPrintService - detected UnsignedFile.Multi.Generic (1) 13:28:24.0484 6096 [ CA48969C67568A2C87730CE5F55C369C ] Dcmanag C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe 13:28:24.0499 6096 Dcmanag - ok 13:28:24.0531 6096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:28:24.0591 6096 DcomLaunch - ok 13:28:24.0636 6096 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:28:24.0661 6096 defragsvc - ok 13:28:24.0683 6096 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:28:24.0827 6096 DfsC - ok 13:28:24.0851 6096 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:28:24.0888 6096 Dhcp - ok 13:28:24.0910 6096 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:28:24.0940 6096 discache - ok 13:28:24.0961 6096 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 13:28:24.0971 6096 Disk - ok 13:28:25.0010 6096 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 13:28:25.0036 6096 dmvsc - ok 13:28:25.0065 6096 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:28:25.0110 6096 Dnscache - ok 13:28:25.0128 6096 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:28:25.0187 6096 dot3svc - ok 13:28:25.0197 6096 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:28:25.0230 6096 DPS - ok 13:28:25.0252 6096 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:28:25.0263 6096 drmkaud - ok 13:28:25.0407 6096 [ 00B0FAA44957D887CE540D297AA405A1 ] DVckService C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe 13:28:25.0464 6096 DVckService - ok 13:28:25.0489 6096 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:28:25.0510 6096 DXGKrnl - ok 13:28:25.0530 6096 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 13:28:25.0543 6096 e1cexpress - ok 13:28:25.0563 6096 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:28:25.0610 6096 EapHost - ok 13:28:25.0679 6096 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 13:28:25.0754 6096 ebdrv - ok 13:28:25.0789 6096 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:28:25.0830 6096 EFS - ok 13:28:25.0880 6096 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:28:25.0927 6096 ehRecvr - ok 13:28:25.0948 6096 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:28:25.0968 6096 ehSched - ok 13:28:26.0008 6096 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:28:26.0036 6096 elxstor - ok 13:28:26.0049 6096 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:28:26.0070 6096 ErrDev - ok 13:28:26.0099 6096 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:28:26.0144 6096 EventSystem - ok 13:28:26.0179 6096 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:28:26.0220 6096 exfat - ok 13:28:26.0238 6096 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:28:26.0279 6096 fastfat - ok 13:28:26.0312 6096 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:28:26.0356 6096 Fax - ok 13:28:26.0379 6096 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 13:28:26.0398 6096 fdc - ok 13:28:26.0418 6096 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:28:26.0448 6096 fdPHost - ok 13:28:26.0455 6096 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:28:26.0480 6096 FDResPub - ok 13:28:26.0505 6096 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:28:26.0515 6096 FileInfo - ok 13:28:26.0527 6096 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:28:26.0555 6096 Filetrace - ok 13:28:26.0569 6096 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 13:28:26.0579 6096 flpydisk - ok 13:28:26.0594 6096 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:28:26.0606 6096 FltMgr - ok 13:28:26.0662 6096 [ B8AFE7A30D34C0E9FDBA81632294547C ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys 13:28:26.0822 6096 fltsrv - ok 13:28:26.0865 6096 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 13:28:26.0993 6096 FontCache - ok 13:28:27.0032 6096 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:28:27.0046 6096 FontCache3.0.0.0 - ok 13:28:27.0085 6096 [ C902AE091D15962DE76E455C970D416B ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 13:28:27.0104 6096 FPLService - ok 13:28:27.0123 6096 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:28:27.0134 6096 FsDepends - ok 13:28:27.0172 6096 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:28:27.0188 6096 Fs_Rec - ok 13:28:27.0224 6096 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:28:27.0249 6096 fvevol - ok 13:28:27.0268 6096 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:28:27.0285 6096 gagp30kx - ok 13:28:27.0381 6096 [ 9ACDA589FF628F13308C05EE91C2D676 ] GDBackupSvc C:\Program Files (x86)\G Data\AVKClient\AVKBackupService.exe 13:28:27.0436 6096 GDBackupSvc - ok 13:28:27.0496 6096 [ 112BB28EE735AFBA3905AAFFB02622AC ] GDBehave C:\Windows\system32\drivers\GDBehave.sys 13:28:27.0550 6096 GDBehave - ok 13:28:27.0584 6096 [ 507F6B2700AF575CC29DB845FFD1E1A8 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys 13:28:27.0601 6096 GDMnIcpt - ok 13:28:27.0628 6096 [ 39D7C8B886208E1111C2D88C74235F7D ] GDScan C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe 13:28:27.0649 6096 GDScan - ok 13:28:27.0676 6096 [ B13A9F5C322CE14D31059F2558B51C0B ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys 13:28:27.0687 6096 gdwfpcd - ok 13:28:27.0716 6096 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:28:27.0756 6096 gpsvc - ok 13:28:27.0793 6096 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\Windows\system32\drivers\hardlock.sys 13:28:27.0871 6096 hardlock - ok 13:28:27.0874 6096 hasplms - ok 13:28:27.0889 6096 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:28:27.0928 6096 hcw85cir - ok 13:28:27.0957 6096 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:28:27.0998 6096 HdAudAddService - ok 13:28:28.0020 6096 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:28:28.0047 6096 HDAudBus - ok 13:28:28.0061 6096 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 13:28:28.0087 6096 HidBatt - ok 13:28:28.0102 6096 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:28:28.0131 6096 HidBth - ok 13:28:28.0149 6096 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 13:28:28.0166 6096 HidIr - ok 13:28:28.0183 6096 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 13:28:28.0218 6096 hidserv - ok 13:28:28.0222 6096 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:28:28.0233 6096 HidUsb - ok 13:28:28.0254 6096 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:28:28.0286 6096 hkmsvc - ok 13:28:28.0297 6096 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:28:28.0321 6096 HomeGroupListener - ok 13:28:28.0339 6096 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:28:28.0359 6096 HomeGroupProvider - ok 13:28:28.0393 6096 [ 10725344CB8AA6085B06CF41E8E8EFC9 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys 13:28:28.0410 6096 HookCentre - ok 13:28:28.0464 6096 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 13:28:28.0478 6096 HP Support Assistant Service - ok 13:28:28.0492 6096 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 13:28:28.0507 6096 HPDrvMntSvc.exe - ok 13:28:28.0531 6096 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 13:28:28.0562 6096 hpqwmiex - ok 13:28:28.0603 6096 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:28:28.0620 6096 HpSAMD - ok 13:28:28.0734 6096 [ 86C994C55D8DF989DBF6B9A6425DCC99 ] HRService C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe 13:28:28.0760 6096 HRService - ok 13:28:28.0906 6096 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:28:28.0971 6096 HTTP - ok 13:28:28.0981 6096 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:28:28.0989 6096 hwpolicy - ok 13:28:29.0015 6096 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 13:28:29.0026 6096 i8042prt - ok 13:28:29.0062 6096 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys 13:28:29.0084 6096 iaStor - ok 13:28:29.0111 6096 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:28:29.0137 6096 iaStorV - ok 13:28:29.0203 6096 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 13:28:29.0220 6096 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:28:29.0221 6096 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:28:29.0277 6096 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:28:29.0304 6096 idsvc - ok 13:28:29.0334 6096 [ 2DCEA6E19134AEA8BF9B68110732A880 ] IFCoEMP C:\Windows\system32\drivers\ifM52x64.sys 13:28:29.0349 6096 IFCoEMP - ok 13:28:29.0365 6096 [ 3A58E368FBF1CCF9E89F922EB76405C0 ] IFCoEVB C:\Windows\system32\drivers\ifP52X64.sys 13:28:29.0376 6096 IFCoEVB - ok 13:28:29.0556 6096 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 13:28:29.0805 6096 igfx - ok 13:28:29.0829 6096 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:28:29.0881 6096 iirsp - ok 13:28:29.0915 6096 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:28:29.0979 6096 IKEEXT - ok 13:28:29.0998 6096 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys 13:28:30.0032 6096 Impcd - ok 13:28:30.0106 6096 [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 13:28:30.0185 6096 IntcAzAudAddService - ok 13:28:30.0215 6096 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 13:28:30.0238 6096 IntcDAud - ok 13:28:30.0263 6096 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe 13:28:30.0273 6096 Intel(R) PROSet Monitoring Service - ok 13:28:30.0284 6096 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 13:28:30.0294 6096 intelide - ok 13:28:30.0323 6096 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 13:28:30.0345 6096 intelppm - ok 13:28:30.0373 6096 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:28:30.0420 6096 IPBusEnum - ok 13:28:30.0445 6096 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:28:30.0480 6096 IpFilterDriver - ok 13:28:30.0500 6096 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:28:30.0543 6096 iphlpsvc - ok 13:28:30.0561 6096 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:28:30.0614 6096 IPMIDRV - ok 13:28:30.0634 6096 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:28:30.0680 6096 IPNAT - ok 13:28:30.0819 6096 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:28:30.0844 6096 IRENUM - ok 13:28:30.0877 6096 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:28:30.0920 6096 isapnp - ok 13:28:30.0950 6096 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:28:30.0972 6096 iScsiPrt - ok 13:28:31.0003 6096 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 13:28:31.0017 6096 IviRegMgr - ok 13:28:31.0061 6096 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 13:28:31.0083 6096 jhi_service - ok 13:28:31.0101 6096 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:28:31.0113 6096 kbdclass - ok 13:28:31.0130 6096 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:28:31.0142 6096 kbdhid - ok 13:28:31.0155 6096 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:28:31.0165 6096 KeyIso - ok 13:28:31.0183 6096 [ 322CD7A01A961D94C6EAB640D6427504 ] KOBCCEX C:\Windows\system32\drivers\KOBCCEX.sys 13:28:31.0235 6096 KOBCCEX ( UnsignedFile.Multi.Generic ) - warning 13:28:31.0235 6096 KOBCCEX - detected UnsignedFile.Multi.Generic (1) 13:28:31.0276 6096 [ 3209D40399078C1091398F43215EDD1A ] KOBCCID C:\Windows\system32\drivers\KOBCCID.sys 13:28:31.0318 6096 KOBCCID - ok 13:28:31.0361 6096 [ 34508E0E3A7DB08CDC4B969DB90163BD ] KOBIL_MSDI C:\DATEV\PROGRAMM\B0000404\msdisrv.exe 13:28:31.0381 6096 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - warning 13:28:31.0381 6096 KOBIL_MSDI - detected UnsignedFile.Multi.Generic (1) 13:28:31.0413 6096 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:28:31.0431 6096 KSecDD - ok 13:28:31.0441 6096 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:28:31.0458 6096 KSecPkg - ok 13:28:31.0473 6096 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:28:31.0504 6096 ksthunk - ok 13:28:31.0525 6096 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:28:31.0553 6096 KtmRm - ok 13:28:31.0577 6096 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 13:28:31.0603 6096 LanmanServer - ok 13:28:31.0612 6096 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:28:31.0645 6096 LanmanWorkstation - ok 13:28:31.0669 6096 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:28:31.0708 6096 lltdio - ok 13:28:31.0717 6096 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:28:31.0744 6096 lltdsvc - ok 13:28:31.0766 6096 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:28:31.0796 6096 lmhosts - ok 13:28:31.0831 6096 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 13:28:31.0843 6096 LMS - ok 13:28:31.0871 6096 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:28:31.0913 6096 LSI_FC - ok 13:28:31.0946 6096 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:28:31.0965 6096 LSI_SAS - ok 13:28:31.0976 6096 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 13:28:31.0993 6096 LSI_SAS2 - ok 13:28:32.0002 6096 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:28:32.0015 6096 LSI_SCSI - ok 13:28:32.0025 6096 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:28:32.0067 6096 luafv - ok 13:28:32.0113 6096 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:28:32.0168 6096 MBAMProtector - ok 13:28:32.0206 6096 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 13:28:32.0280 6096 MBAMScheduler - ok 13:28:32.0308 6096 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:28:32.0321 6096 MBAMService - ok 13:28:32.0341 6096 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:28:32.0369 6096 Mcx2Svc - ok 13:28:32.0396 6096 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 13:28:32.0413 6096 megasas - ok 13:28:32.0438 6096 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 13:28:32.0460 6096 MegaSR - ok 13:28:32.0475 6096 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 13:28:32.0491 6096 MEIx64 - ok 13:28:32.0561 6096 Microsoft SharePoint Workspace Audit Service - ok 13:28:32.0602 6096 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:28:32.0640 6096 MMCSS - ok 13:28:32.0649 6096 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:28:32.0674 6096 Modem - ok 13:28:32.0700 6096 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:28:32.0808 6096 monitor - ok 13:28:32.0886 6096 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:28:32.0901 6096 mouclass - ok 13:28:32.0957 6096 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:28:32.0988 6096 mouhid - ok 13:28:33.0023 6096 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:28:33.0041 6096 mountmgr - ok 13:28:33.0095 6096 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:28:33.0187 6096 MozillaMaintenance - ok 13:28:33.0204 6096 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:28:33.0223 6096 mpio - ok 13:28:33.0238 6096 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:28:33.0286 6096 mpsdrv - ok 13:28:33.0311 6096 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:28:33.0351 6096 MpsSvc - ok 13:28:33.0365 6096 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:28:33.0386 6096 MRxDAV - ok 13:28:33.0406 6096 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:28:33.0438 6096 mrxsmb - ok 13:28:33.0454 6096 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:28:33.0467 6096 mrxsmb10 - ok 13:28:33.0479 6096 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:28:33.0490 6096 mrxsmb20 - ok 13:28:33.0504 6096 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:28:33.0514 6096 msahci - ok 13:28:33.0538 6096 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:28:33.0549 6096 msdsm - ok 13:28:33.0568 6096 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:28:33.0589 6096 MSDTC - ok 13:28:33.0600 6096 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:28:33.0627 6096 Msfs - ok 13:28:33.0644 6096 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:28:33.0674 6096 mshidkmdf - ok 13:28:33.0687 6096 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:28:33.0696 6096 msisadrv - ok 13:28:33.0712 6096 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:28:33.0751 6096 MSiSCSI - ok 13:28:33.0754 6096 msiserver - ok 13:28:33.0773 6096 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:28:33.0798 6096 MSKSSRV - ok 13:28:33.0819 6096 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:28:33.0853 6096 MSPCLOCK - ok 13:28:33.0864 6096 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:28:33.0899 6096 MSPQM - ok 13:28:33.0914 6096 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:28:33.0928 6096 MsRPC - ok 13:28:33.0943 6096 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:28:33.0951 6096 mssmbios - ok 13:28:33.0966 6096 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:28:33.0991 6096 MSTEE - ok 13:28:34.0004 6096 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 13:28:34.0024 6096 MTConfig - ok 13:28:34.0036 6096 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:28:34.0045 6096 Mup - ok 13:28:34.0063 6096 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:28:34.0096 6096 napagent - ok 13:28:34.0122 6096 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:28:34.0138 6096 NativeWifiP - ok 13:28:34.0190 6096 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:28:34.0221 6096 NDIS - ok 13:28:34.0231 6096 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:28:34.0267 6096 NdisCap - ok 13:28:34.0281 6096 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:28:34.0305 6096 NdisTapi - ok 13:28:34.0312 6096 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:28:34.0336 6096 Ndisuio - ok 13:28:34.0352 6096 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:28:34.0388 6096 NdisWan - ok 13:28:34.0408 6096 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:28:34.0433 6096 NDProxy - ok 13:28:34.0456 6096 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:28:34.0494 6096 NetBIOS - ok 13:28:34.0507 6096 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:28:34.0535 6096 NetBT - ok 13:28:34.0547 6096 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:28:34.0556 6096 Netlogon - ok 13:28:34.0579 6096 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:28:34.0607 6096 Netman - ok 13:28:34.0646 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:28:34.0663 6096 NetMsmqActivator - ok 13:28:34.0685 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:28:34.0699 6096 NetPipeActivator - ok 13:28:34.0842 6096 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:28:34.0911 6096 netprofm - ok 13:28:34.0920 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:28:34.0928 6096 NetTcpActivator - ok 13:28:34.0930 6096 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:28:34.0938 6096 NetTcpPortSharing - ok 13:28:34.0961 6096 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:28:34.0970 6096 nfrd960 - ok 13:28:34.0999 6096 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:28:35.0025 6096 NlaSvc - ok 13:28:35.0067 6096 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:28:35.0115 6096 Npfs - ok 13:28:35.0123 6096 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:28:35.0149 6096 nsi - ok 13:28:35.0158 6096 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:28:35.0194 6096 nsiproxy - ok 13:28:35.0248 6096 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:28:35.0328 6096 Ntfs - ok 13:28:35.0339 6096 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:28:35.0363 6096 Null - ok 13:28:35.0381 6096 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:28:35.0391 6096 nvraid - ok 13:28:35.0413 6096 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:28:35.0423 6096 nvstor - ok 13:28:35.0449 6096 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:28:35.0459 6096 nv_agp - ok 13:28:35.0486 6096 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:28:35.0497 6096 ohci1394 - ok 13:28:35.0552 6096 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:28:35.0568 6096 ose - ok 13:28:35.0714 6096 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:28:35.0770 6096 osppsvc - ok 13:28:35.0800 6096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:28:35.0829 6096 p2pimsvc - ok 13:28:35.0856 6096 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:28:35.0881 6096 p2psvc - ok 13:28:35.0918 6096 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 13:28:35.0973 6096 Parport - ok 13:28:36.0001 6096 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:28:36.0013 6096 partmgr - ok 13:28:36.0026 6096 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:28:36.0052 6096 PcaSvc - ok 13:28:36.0068 6096 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:28:36.0081 6096 pci - ok 13:28:36.0121 6096 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:28:36.0133 6096 pciide - ok 13:28:36.0196 6096 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:28:36.0217 6096 pcmcia - ok 13:28:36.0246 6096 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:28:36.0256 6096 pcw - ok 13:28:36.0314 6096 [ B0C25EA5278579EC685E32E16BBFF24F ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe 13:28:36.0329 6096 PDFProFiltSrv - ok 13:28:36.0349 6096 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:28:36.0393 6096 PEAUTH - ok 13:28:36.0426 6096 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 13:28:36.0483 6096 PeerDistSvc - ok 13:28:36.0541 6096 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:28:36.0567 6096 PerfHost - ok 13:28:36.0614 6096 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:28:36.0694 6096 pla - ok 13:28:36.0727 6096 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:28:36.0761 6096 PlugPlay - ok 13:28:36.0777 6096 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 13:28:36.0819 6096 pmxdrv - ok 13:28:36.0850 6096 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:28:36.0868 6096 PNRPAutoReg - ok 13:28:36.0883 6096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:28:36.0897 6096 PNRPsvc - ok 13:28:36.0922 6096 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:28:36.0971 6096 PolicyAgent - ok 13:28:37.0007 6096 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 13:28:37.0062 6096 Power - ok 13:28:37.0084 6096 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:28:37.0187 6096 PptpMiniport - ok 13:28:37.0197 6096 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 13:28:37.0208 6096 Processor - ok 13:28:37.0241 6096 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:28:37.0276 6096 ProfSvc - ok 13:28:37.0286 6096 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:28:37.0302 6096 ProtectedStorage - ok 13:28:37.0328 6096 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:28:37.0382 6096 Psched - ok 13:28:37.0410 6096 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 13:28:37.0426 6096 PSI_SVC_2 - ok 13:28:37.0469 6096 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:28:37.0563 6096 ql2300 - ok 13:28:37.0585 6096 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:28:37.0595 6096 ql40xx - ok 13:28:37.0622 6096 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:28:37.0638 6096 QWAVE - ok 13:28:37.0648 6096 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:28:37.0712 6096 QWAVEdrv - ok 13:28:37.0724 6096 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:28:37.0809 6096 RasAcd - ok 13:28:37.0823 6096 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:28:37.0847 6096 RasAgileVpn - ok 13:28:37.0875 6096 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:28:37.0933 6096 RasAuto - ok 13:28:37.0943 6096 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:28:38.0039 6096 Rasl2tp - ok 13:28:38.0063 6096 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:28:38.0111 6096 RasMan - ok 13:28:38.0124 6096 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:28:38.0156 6096 RasPppoe - ok 13:28:38.0180 6096 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:28:38.0220 6096 RasSstp - ok 13:28:38.0236 6096 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:28:38.0288 6096 rdbss - ok 13:28:38.0311 6096 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 13:28:38.0322 6096 rdpbus - ok 13:28:38.0340 6096 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:28:38.0363 6096 RDPCDD - ok 13:28:38.0382 6096 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 13:28:38.0405 6096 RDPDR - ok 13:28:38.0418 6096 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:28:38.0450 6096 RDPENCDD - ok 13:28:38.0463 6096 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:28:38.0487 6096 RDPREFMP - ok 13:28:38.0521 6096 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:28:38.0551 6096 RDPWD - ok 13:28:38.0568 6096 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:28:38.0589 6096 rdyboost - ok 13:28:38.0615 6096 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:28:38.0643 6096 RemoteAccess - ok 13:28:38.0681 6096 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:28:38.0722 6096 RemoteRegistry - ok 13:28:38.0737 6096 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:28:38.0762 6096 RpcEptMapper - ok 13:28:38.0775 6096 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:28:38.0791 6096 RpcLocator - ok 13:28:38.0806 6096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 13:28:38.0832 6096 RpcSs - ok 13:28:38.0859 6096 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:28:38.0899 6096 rspndr - ok 13:28:38.0920 6096 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 13:28:38.0936 6096 s3cap - ok 13:28:38.0951 6096 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:28:38.0959 6096 SamSs - ok 13:28:38.0980 6096 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:28:38.0991 6096 sbp2port - ok 13:28:39.0002 6096 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:28:39.0029 6096 SCardSvr - ok 13:28:39.0042 6096 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:28:39.0081 6096 scfilter - ok 13:28:39.0107 6096 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:28:39.0161 6096 Schedule - ok 13:28:39.0178 6096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:28:39.0200 6096 SCPolicySvc - ok 13:28:39.0222 6096 [ F15D43EABE907048F5FECC068792A0AE ] SC_SERV3D C:\Windows\system32\drivers\d3_kafm.sys 13:28:39.0269 6096 SC_SERV3D - ok 13:28:39.0287 6096 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:28:39.0313 6096 SDRSVC - ok 13:28:39.0355 6096 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 13:28:39.0376 6096 SeaPort - ok 13:28:39.0390 6096 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:28:39.0420 6096 secdrv - ok 13:28:39.0445 6096 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:28:39.0470 6096 seclogon - ok 13:28:39.0496 6096 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 13:28:39.0521 6096 SENS - ok 13:28:39.0532 6096 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:28:39.0569 6096 SensrSvc - ok 13:28:39.0580 6096 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:28:39.0641 6096 Serenum - ok 13:28:39.0660 6096 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:28:39.0724 6096 Serial - ok 13:28:39.0753 6096 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:28:39.0806 6096 sermouse - ok 13:28:39.0840 6096 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:28:39.0892 6096 SessionEnv - ok 13:28:39.0905 6096 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:28:39.0972 6096 sffdisk - ok 13:28:39.0981 6096 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:28:40.0042 6096 sffp_mmc - ok 13:28:40.0058 6096 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:28:40.0120 6096 sffp_sd - ok 13:28:40.0147 6096 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:28:40.0177 6096 sfloppy - ok 13:28:40.0197 6096 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:28:40.0255 6096 SharedAccess - ok 13:28:40.0278 6096 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:28:40.0317 6096 ShellHWDetection - ok 13:28:40.0372 6096 Sicherheitspaket-Dienst - ok 13:28:40.0407 6096 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 13:28:40.0424 6096 SiSRaid2 - ok 13:28:40.0443 6096 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:28:40.0495 6096 SiSRaid4 - ok 13:28:40.0532 6096 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:28:40.0636 6096 Smb - ok 13:28:40.0722 6096 [ ED46EC5DC276570908FC4D9DE0628C71 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 13:28:40.0784 6096 snapman - ok 13:28:40.0813 6096 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:28:40.0841 6096 SNMPTRAP - ok 13:28:40.0853 6096 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:28:40.0869 6096 spldr - ok 13:28:40.0911 6096 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 13:28:40.0954 6096 Spooler - ok 13:28:41.0022 6096 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:28:41.0167 6096 sppsvc - ok 13:28:41.0181 6096 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:28:41.0212 6096 sppuinotify - ok 13:28:41.0231 6096 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:28:41.0318 6096 srv - ok 13:28:41.0339 6096 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:28:41.0374 6096 srv2 - ok 13:28:41.0392 6096 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:28:41.0431 6096 srvnet - ok 13:28:41.0461 6096 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:28:41.0505 6096 SSDPSRV - ok 13:28:41.0521 6096 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:28:41.0547 6096 SstpSvc - ok 13:28:41.0567 6096 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 13:28:41.0577 6096 stexstor - ok 13:28:41.0611 6096 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 13:28:41.0644 6096 StillCam - ok 13:28:41.0673 6096 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:28:41.0715 6096 stisvc - ok 13:28:41.0729 6096 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 13:28:41.0739 6096 storflt - ok 13:28:41.0748 6096 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 13:28:41.0782 6096 StorSvc - ok 13:28:41.0791 6096 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 13:28:41.0801 6096 storvsc - ok 13:28:41.0820 6096 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 13:28:41.0865 6096 swenum - ok 13:28:41.0897 6096 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:28:41.0961 6096 swprv - ok 13:28:42.0101 6096 [ F23C9F6010586F4634EE8330A3F19969 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 13:28:42.0253 6096 syncagentsrv - ok 13:28:42.0283 6096 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:28:42.0339 6096 SysMain - ok 13:28:42.0354 6096 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:28:42.0368 6096 TabletInputService - ok 13:28:42.0384 6096 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:28:42.0422 6096 TapiSrv - ok 13:28:42.0429 6096 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:28:42.0454 6096 TBS - ok 13:28:42.0510 6096 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:28:42.0619 6096 Tcpip - ok 13:28:42.0654 6096 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:28:42.0680 6096 TCPIP6 - ok 13:28:42.0701 6096 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:28:42.0798 6096 tcpipreg - ok 13:28:42.0807 6096 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:28:42.0831 6096 TDPIPE - ok 13:28:42.0877 6096 [ 969BAD6A9A5B6DE983A8B2B84276CEB0 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys 13:28:42.0943 6096 tdrpman - ok 13:28:42.0978 6096 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:28:42.0995 6096 TDTCP - ok 13:28:43.0020 6096 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:28:43.0063 6096 tdx - ok 13:28:43.0074 6096 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 13:28:43.0089 6096 TermDD - ok 13:28:43.0111 6096 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:28:43.0153 6096 TermService - ok 13:28:43.0167 6096 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:28:43.0181 6096 Themes - ok 13:28:43.0199 6096 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:28:43.0222 6096 THREADORDER - ok 13:28:43.0264 6096 [ 990447334615A0DB84F620E1426DCFE0 ] timounter C:\Windows\system32\DRIVERS\timntr.sys 13:28:43.0353 6096 timounter - ok 13:28:43.0392 6096 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 13:28:43.0447 6096 TPM - ok 13:28:43.0480 6096 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:28:43.0528 6096 TrkWks - ok 13:28:43.0557 6096 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:28:43.0593 6096 TrustedInstaller - ok 13:28:43.0606 6096 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:28:43.0637 6096 tssecsrv - ok 13:28:43.0664 6096 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:28:43.0695 6096 TsUsbFlt - ok 13:28:43.0709 6096 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 13:28:43.0766 6096 TsUsbGD - ok 13:28:43.0804 6096 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:28:43.0866 6096 tunnel - ok 13:28:43.0888 6096 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:28:43.0940 6096 uagp35 - ok 13:28:43.0962 6096 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:28:44.0060 6096 udfs - ok 13:28:44.0084 6096 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:28:44.0104 6096 UI0Detect - ok 13:28:44.0130 6096 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:28:44.0143 6096 uliagpkx - ok 13:28:44.0162 6096 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:28:44.0185 6096 umbus - ok 13:28:44.0194 6096 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 13:28:44.0251 6096 UmPass - ok 13:28:44.0268 6096 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 13:28:44.0296 6096 UmRdpService - ok 13:28:44.0401 6096 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 13:28:44.0443 6096 UNS - ok 13:28:44.0461 6096 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:28:44.0498 6096 upnphost - ok 13:28:44.0525 6096 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:28:44.0536 6096 usbccgp - ok 13:28:44.0544 6096 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:28:44.0587 6096 usbcir - ok 13:28:44.0608 6096 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 13:28:44.0627 6096 usbehci - ok 13:28:44.0652 6096 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 13:28:44.0695 6096 usbhub - ok 13:28:44.0717 6096 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:28:44.0792 6096 usbohci - ok 13:28:44.0816 6096 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:28:44.0850 6096 usbprint - ok 13:28:44.0874 6096 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 13:28:44.0889 6096 usbscan - ok 13:28:44.0906 6096 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:28:44.0981 6096 USBSTOR - ok 13:28:45.0007 6096 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:28:45.0031 6096 usbuhci - ok 13:28:45.0051 6096 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:28:45.0107 6096 UxSms - ok 13:28:45.0128 6096 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:28:45.0136 6096 VaultSvc - ok 13:28:45.0151 6096 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:28:45.0161 6096 vdrvroot - ok 13:28:45.0177 6096 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:28:45.0212 6096 vds - ok 13:28:45.0242 6096 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:28:45.0254 6096 vga - ok 13:28:45.0265 6096 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:28:45.0296 6096 VgaSave - ok 13:28:45.0311 6096 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:28:45.0322 6096 vhdmp - ok 13:28:45.0344 6096 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:28:45.0353 6096 viaide - ok 13:28:45.0381 6096 [ 4065EC01AE001C4DB4A9A85CC1767D99 ] vididr C:\Windows\system32\DRIVERS\vididr.sys 13:28:45.0397 6096 vididr - ok 13:28:45.0440 6096 [ 6DC5D9A5BBA6A858D06B7ABEFBA1A1E6 ] vidsflt58 C:\Windows\system32\DRIVERS\vsflt58.sys 13:28:45.0493 6096 vidsflt58 - ok 13:28:45.0513 6096 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 13:28:45.0572 6096 vmbus - ok 13:28:45.0600 6096 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 13:28:45.0661 6096 VMBusHID - ok 13:28:45.0682 6096 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:28:45.0707 6096 volmgr - ok 13:28:45.0726 6096 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:28:45.0790 6096 volmgrx - ok 13:28:45.0814 6096 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:28:45.0871 6096 volsnap - ok 13:28:45.0894 6096 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:28:45.0941 6096 vsmraid - ok 13:28:45.0995 6096 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:28:46.0081 6096 VSS - ok 13:28:46.0175 6096 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe 13:28:46.0210 6096 vToolbarUpdater12.2.0 - ok 13:28:46.0229 6096 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 13:28:46.0258 6096 vwifibus - ok 13:28:46.0289 6096 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:28:46.0339 6096 W32Time - ok 13:28:46.0350 6096 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:28:46.0376 6096 WacomPen - ok 13:28:46.0394 6096 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:28:46.0432 6096 WANARP - ok 13:28:46.0435 6096 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:28:46.0458 6096 Wanarpv6 - ok 13:28:46.0512 6096 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 13:28:46.0546 6096 WatAdminSvc - ok 13:28:46.0575 6096 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:28:46.0633 6096 wbengine - ok 13:28:46.0649 6096 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:28:46.0665 6096 WbioSrvc - ok 13:28:46.0678 6096 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:28:46.0704 6096 wcncsvc - ok 13:28:46.0716 6096 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:28:46.0735 6096 WcsPlugInService - ok 13:28:46.0748 6096 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 13:28:46.0776 6096 Wd - ok 13:28:46.0811 6096 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:28:46.0888 6096 Wdf01000 - ok 13:28:46.0906 6096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:28:46.0999 6096 WdiServiceHost - ok 13:28:47.0003 6096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:28:47.0026 6096 WdiSystemHost - ok 13:28:47.0043 6096 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:28:47.0069 6096 WebClient - ok 13:28:47.0085 6096 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:28:47.0118 6096 Wecsvc - ok 13:28:47.0128 6096 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:28:47.0153 6096 wercplsupport - ok 13:28:47.0175 6096 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:28:47.0213 6096 WerSvc - ok 13:28:47.0235 6096 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:28:47.0260 6096 WfpLwf - ok 13:28:47.0267 6096 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:28:47.0276 6096 WIMMount - ok 13:28:47.0289 6096 WinDefend - ok 13:28:47.0292 6096 WinHttpAutoProxySvc - ok 13:28:47.0332 6096 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:28:47.0390 6096 Winmgmt - ok 13:28:47.0424 6096 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:28:47.0479 6096 WinRM - ok 13:28:47.0508 6096 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 13:28:47.0520 6096 WinUsb - ok 13:28:47.0551 6096 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:28:47.0579 6096 Wlansvc - ok 13:28:47.0601 6096 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:28:47.0609 6096 WmiAcpi - ok 13:28:47.0635 6096 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:28:47.0657 6096 wmiApSrv - ok 13:28:47.0675 6096 WMPNetworkSvc - ok 13:28:47.0696 6096 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:28:47.0724 6096 WPCSvc - ok 13:28:47.0735 6096 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:28:47.0765 6096 WPDBusEnum - ok 13:28:47.0792 6096 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:28:47.0821 6096 ws2ifsl - ok 13:28:47.0833 6096 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 13:28:47.0858 6096 wscsvc - ok 13:28:47.0860 6096 WSearch - ok 13:28:47.0930 6096 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:28:48.0001 6096 wuauserv - ok 13:28:48.0014 6096 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:28:48.0110 6096 WudfPf - ok 13:28:48.0123 6096 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:28:48.0148 6096 WUDFRd - ok 13:28:48.0168 6096 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:28:48.0193 6096 wudfsvc - ok 13:28:48.0210 6096 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 13:28:48.0227 6096 WwanSvc - ok 13:28:48.0229 6096 ================ Scan global =============================== 13:28:48.0244 6096 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:28:48.0274 6096 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:28:48.0279 6096 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:28:48.0296 6096 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:28:48.0308 6096 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:28:48.0311 6096 [Global] - ok 13:28:48.0311 6096 ================ Scan MBR ================================== 13:28:48.0321 6096 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:28:48.0509 6096 \Device\Harddisk0\DR0 - ok 13:28:48.0509 6096 ================ Scan VBR ================================== 13:28:48.0512 6096 [ 8BF83DC6AC8C31EC88F5656C018DB23D ] \Device\Harddisk0\DR0\Partition1 13:28:48.0513 6096 \Device\Harddisk0\DR0\Partition1 - ok 13:28:48.0540 6096 [ ECC4D5AD5377A15258F4A731113361CB ] \Device\Harddisk0\DR0\Partition2 13:28:48.0542 6096 \Device\Harddisk0\DR0\Partition2 - ok 13:28:48.0573 6096 [ 54054DAB5BB4A1CA320785CF52FBD82A ] \Device\Harddisk0\DR0\Partition3 13:28:48.0575 6096 \Device\Harddisk0\DR0\Partition3 - ok 13:28:48.0575 6096 ============================================================ 13:28:48.0575 6096 Scan finished 13:28:48.0575 6096 ============================================================ 13:28:48.0585 4832 Detected object count: 4 13:28:48.0585 4832 Actual detected object count: 4 13:49:32.0189 4832 DatevPrintService ( UnsignedFile.Multi.Generic ) - skipped by user 13:49:32.0189 4832 DatevPrintService ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:49:32.0190 4832 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:49:32.0190 4832 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:49:32.0191 4832 KOBCCEX ( UnsignedFile.Multi.Generic ) - skipped by user 13:49:32.0191 4832 KOBCCEX ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:49:32.0193 4832 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - skipped by user 13:49:32.0193 4832 KOBIL_MSDI ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Themen zu TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw. |
administrator, anti-malware, autostart, becker, bösartige, data, dateien, erfolgreich, ergebnis, explorer, files, folge, folgendes, gelöscht, malwarebytes, minute, program, quarantäne, registrierung, service, speicher, stunde, troja, version, verzeichnisse, vollständiger |