| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: kann Windows-Firewall nicht mehr starten ...Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
06.01.2013, 13:52
| #1 |
 |  kann Windows-Firewall nicht mehr starten ... Hallo, nach einem (gelösten) Virenproblem habe ich festgestellt, dass ich meine Windows-Firewall nicht mehr starten kann. Klicke ich auf "Jetzt einschalten", heißt es "Das Sicherheitscenter konnte die Windows Firewall nicht einschalten". Ich habe dann die Option das manuell zu machen ... Dann heißt es: "Die Windows-Firewalleinstellungen können nicht angezeigt werden, da der zugehörige Dienst nicht ausgeführt wird. Soll der Dienst "MpsSvc" gestartet werden?" Stimme ich zu, kommt die Fehlermeldung "Der Dienst MpsSvc konnte nicht gestartet werden" ist das ein generelles Problem - oder soll ich einfach ne Freeware-Firewall nehmen? oder muss ich irgendwas tun um das problem zu beheben? wenn ja was? für Hilfe bin ich sehr dankbar!  |
|
06.01.2013, 14:14
| #2 |
| /// TB-Ausbilder  | kann Windows-Firewall nicht mehr starten ... Wir können mal schauen, ob wir das Problem einkreisen können.
__________________Scan mit Farbar's Service Scanner
__________________ |
|
07.01.2013, 19:23
| #3 |
| | kann Windows-Firewall nicht mehr starten ... et voila ...
__________________Code:
ATTFilter Farbar Service Scanner Version: 05-01-2013
Ran by Andreas (administrator) on 07-01-2013 at 19:22:13
Running from "C:\Users\Andreas\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:31] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-13 06:08] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-05-26 21:40] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-05-26 21:40] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-05-26 21:40] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-10-10 17:18] - [2012-06-02 01:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****
|
|
07.01.2013, 21:27
| #4 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... Probier doch mal das Folgende: Service Repair von ESET Downloader dir bitte das Tool von folgendem Link: Service Repair
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 09:38
| #5 |
| | kann Windows-Firewall nicht mehr starten ... danke schonmal .. hier das Sepair-Service Logfile ... Code:
ATTFilter Log Opened: 2013-01-08 @ 09:30:27
09:30:27 - -----------------
09:30:27 - | Begin Logging |
09:30:27 - -----------------
09:30:27 - Fix started on a WIN_VISTA X64 computer
09:30:27 - Prep in progress. Please Wait.
09:30:28 - Prep complete
09:30:28 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
09:30:30 - Services Repair Complete.
09:30:45 - Reboot Initiated
|
|
08.01.2013, 13:57
| #6 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... Okay Hat sich dadurch jetzt etwas geändert?
__________________ --> kann Windows-Firewall nicht mehr starten ... |
|
08.01.2013, 17:47
| #7 |
| | kann Windows-Firewall nicht mehr starten ... leider nicht :-/ soll ich ne freeware-firewall nehmen? oder ist das problem ein allgemeines? |
|
08.01.2013, 17:49
| #8 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... Es könnte ein eher allgemeines Problem sein ...  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 17:50
| #9 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... Schritt 5: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 18:27
| #10 |
| | kann Windows-Firewall nicht mehr starten ... Danke! Schritt 1 habe ich gerade gemacht .. Es bleibt ein schwarzes Fenster offen, obwohl "Finished" angezeigt wird. Und das logfile sieht recht schmal aus ... Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:12 on 08/01/2013 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
08.01.2013, 18:28
| #11 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... ... ja kann passieren. Jetzt aber bitte alles in einer Antwort.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 22:34
| #12 |
| | kann Windows-Firewall nicht mehr starten ... also ... hier alle logs: Schritt 1 / defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:25 on 08/01/2013 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-08 18:29:46
-----------------------------
18:29:46.964 OS Version: Windows x64 6.0.6002 Service Pack 2
18:29:46.964 Number of processors: 2 586 0x1706
18:29:46.964 ComputerName: ANDREAS-PC UserName: Andreas
18:29:48.478 Initialize success
18:32:03.895 AVAST engine defs: 13010800
18:33:55.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:55.326 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3
18:33:55.358 Disk 0 MBR read successfully
18:33:55.373 Disk 0 MBR scan
18:33:55.404 Disk 0 Windows VISTA default MBR code
18:33:55.420 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464628 MB offset 2048
18:33:55.436 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12308 MB offset 951560192
18:33:55.498 Disk 0 scanning C:\Windows\system32\drivers
18:34:12.674 Service scanning
18:35:07.027 Modules scanning
18:35:07.027 Disk 0 trace - called modules:
18:35:07.058 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:35:07.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e98790]
18:35:07.604 3 CLASSPNP.SYS[fffffa6000a24c33] -> nt!IofCallDriver -> [0xfffffa8004e935a0]
18:35:07.604 5 hpdskflt.sys[fffffa6001bf1189] -> nt!IofCallDriver -> [0xfffffa8004c00780]
18:35:07.620 7 acpi.sys[fffffa60008c2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be4590]
18:35:09.258 AVAST engine scan C:\Windows
18:35:16.387 AVAST engine scan C:\Windows\system32
18:41:24.670 AVAST engine scan C:\Windows\system32\drivers
18:41:51.660 AVAST engine scan C:\Users\Andreas
19:55:40.915 AVAST engine scan C:\ProgramData
20:00:59.094 Scan finished successfully
20:22:18.312 Disk 0 MBR has been saved successfully to "C:\Users\Andreas\Desktop\MBR.dat"
20:22:18.312 The log file has been saved successfully to "C:\Users\Andreas\Desktop\aswMBR.txt"
Code:
ATTFilter 20:22:59.0078 5020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:22:59.0327 5020 ============================================================
20:22:59.0327 5020 Current date / time: 2013/01/08 20:22:59.0327
20:22:59.0327 5020 SystemInfo:
20:22:59.0327 5020
20:22:59.0327 5020 OS Version: 6.0.6002 ServicePack: 2.0
20:22:59.0327 5020 Product type: Workstation
20:22:59.0327 5020 ComputerName: ANDREAS-PC
20:22:59.0327 5020 UserName: Andreas
20:22:59.0327 5020 Windows directory: C:\Windows
20:22:59.0327 5020 System windows directory: C:\Windows
20:22:59.0327 5020 Running under WOW64
20:22:59.0327 5020 Processor architecture: Intel x64
20:22:59.0327 5020 Number of processors: 2
20:22:59.0327 5020 Page size: 0x1000
20:22:59.0327 5020 Boot type: Normal boot
20:22:59.0327 5020 ============================================================
20:23:01.0121 5020 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:23:01.0121 5020 ============================================================
20:23:01.0121 5020 \Device\Harddisk0\DR0:
20:23:01.0121 5020 MBR partitions:
20:23:01.0121 5020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38B7A000
20:23:01.0121 5020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38B7A800, BlocksNum 0x180A000
20:23:01.0121 5020 ============================================================
20:23:01.0152 5020 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:01.0355 5020 D: <-> \Device\Harddisk0\DR0\Partition2
20:23:01.0355 5020 ============================================================
20:23:01.0355 5020 Initialize success
20:23:01.0355 5020 ============================================================
20:24:27.0764 4408 ============================================================
20:24:27.0764 4408 Scan started
20:24:27.0764 4408 Mode: Manual; TDLFS;
20:24:27.0764 4408 ============================================================
20:24:28.0481 4408 ================ Scan system memory ========================
20:24:28.0481 4408 System memory - ok
20:24:28.0481 4408 ================ Scan services =============================
20:24:28.0622 4408 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:24:28.0622 4408 !SASCORE - ok
20:24:28.0809 4408 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
20:24:28.0809 4408 AAV UpdateService - ok
20:24:28.0996 4408 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:24:28.0996 4408 Accelerometer - ok
20:24:29.0074 4408 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:24:29.0074 4408 ACPI - ok
20:24:29.0183 4408 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:24:29.0183 4408 Adobe LM Service - ok
20:24:29.0324 4408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:29.0370 4408 AdobeARMservice - ok
20:24:29.0448 4408 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:24:29.0448 4408 adp94xx - ok
20:24:29.0495 4408 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:24:29.0511 4408 adpahci - ok
20:24:29.0558 4408 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:24:29.0558 4408 adpu160m - ok
20:24:29.0573 4408 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:24:29.0573 4408 adpu320 - ok
20:24:29.0651 4408 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:24:29.0667 4408 AeLookupSvc - ok
20:24:29.0838 4408 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
20:24:29.0854 4408 AESTFilters - ok
20:24:29.0932 4408 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
20:24:29.0948 4408 AFD - ok
20:24:30.0026 4408 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:24:30.0026 4408 agp440 - ok
20:24:30.0072 4408 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:24:30.0072 4408 aic78xx - ok
20:24:30.0104 4408 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
20:24:30.0104 4408 ALG - ok
20:24:30.0166 4408 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
20:24:30.0166 4408 aliide - ok
20:24:30.0182 4408 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
20:24:30.0182 4408 amdide - ok
20:24:30.0228 4408 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:24:30.0228 4408 AmdK8 - ok
20:24:30.0525 4408 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:24:30.0540 4408 AntiVirSchedulerService - ok
20:24:30.0587 4408 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:24:30.0618 4408 AntiVirService - ok
20:24:30.0681 4408 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
20:24:30.0681 4408 Appinfo - ok
20:24:30.0899 4408 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:30.0899 4408 Apple Mobile Device - ok
20:24:31.0008 4408 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
20:24:31.0008 4408 arc - ok
20:24:31.0055 4408 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:24:31.0071 4408 arcsas - ok
20:24:31.0430 4408 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:31.0461 4408 aspnet_state - ok
20:24:31.0508 4408 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:31.0508 4408 AsyncMac - ok
20:24:31.0539 4408 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
20:24:31.0539 4408 atapi - ok
20:24:31.0632 4408 [ 54CA8AAC988B441A692311E3B584D944 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:24:31.0648 4408 Ati External Event Utility - ok
20:24:31.0804 4408 [ 4B42547AE95A31D0E1E200B68A6C7647 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:31.0913 4408 atikmdag - ok
20:24:32.0007 4408 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:32.0007 4408 AudioEndpointBuilder - ok
20:24:32.0022 4408 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:24:32.0022 4408 AudioSrv - ok
20:24:32.0069 4408 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:32.0069 4408 avgntflt - ok
20:24:32.0116 4408 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:24:32.0116 4408 avipbb - ok
20:24:32.0132 4408 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:32.0132 4408 avkmgr - ok
20:24:32.0163 4408 Beep - ok
20:24:32.0225 4408 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
20:24:32.0241 4408 BFE - ok
20:24:32.0334 4408 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
20:24:32.0350 4408 BITS - ok
20:24:32.0412 4408 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:24:32.0412 4408 blbdrive - ok
20:24:32.0537 4408 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:24:32.0568 4408 Bonjour Service - ok
20:24:32.0615 4408 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:24:32.0615 4408 bowser - ok
20:24:32.0678 4408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:24:32.0678 4408 BrFiltLo - ok
20:24:32.0693 4408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:24:32.0709 4408 BrFiltUp - ok
20:24:32.0771 4408 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
20:24:32.0771 4408 Browser - ok
20:24:32.0834 4408 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
20:24:32.0834 4408 Brserid - ok
20:24:32.0865 4408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:24:32.0865 4408 BrSerWdm - ok
20:24:32.0880 4408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:24:32.0880 4408 BrUsbMdm - ok
20:24:32.0896 4408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:24:32.0896 4408 BrUsbSer - ok
20:24:32.0958 4408 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:24:32.0974 4408 BTHMODEM - ok
20:24:32.0990 4408 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:24:32.0990 4408 cdfs - ok
20:24:33.0036 4408 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:24:33.0036 4408 cdrom - ok
20:24:33.0083 4408 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
20:24:33.0083 4408 CertPropSvc - ok
20:24:33.0130 4408 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:24:33.0130 4408 circlass - ok
20:24:33.0161 4408 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
20:24:33.0161 4408 CLFS - ok
20:24:33.0255 4408 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:33.0302 4408 clr_optimization_v2.0.50727_32 - ok
20:24:33.0333 4408 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:33.0348 4408 clr_optimization_v2.0.50727_64 - ok
20:24:33.0614 4408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:33.0645 4408 clr_optimization_v4.0.30319_32 - ok
20:24:33.0692 4408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:33.0692 4408 clr_optimization_v4.0.30319_64 - ok
20:24:33.0738 4408 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:33.0738 4408 CmBatt - ok
20:24:33.0770 4408 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:24:33.0770 4408 cmdide - ok
20:24:33.0879 4408 [ 12E94E225BD7B05A2BCCD5C0B841E921 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:24:33.0879 4408 Com4QLBEx - ok
20:24:33.0910 4408 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:24:33.0910 4408 Compbatt - ok
20:24:33.0926 4408 COMSysApp - ok
20:24:34.0238 4408 cpuz134 - ok
20:24:34.0269 4408 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:24:34.0269 4408 crcdisk - ok
20:24:34.0316 4408 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:24:34.0316 4408 CryptSvc - ok
20:24:34.0409 4408 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
20:24:34.0425 4408 ctxusbm - ok
20:24:34.0550 4408 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:24:34.0550 4408 DcomLaunch - ok
20:24:34.0612 4408 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:24:34.0612 4408 DfsC - ok
20:24:34.0768 4408 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
20:24:34.0862 4408 DFSR - ok
20:24:34.0955 4408 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:24:34.0955 4408 Dhcp - ok
20:24:35.0002 4408 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
20:24:35.0002 4408 disk - ok
20:24:35.0080 4408 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:24:35.0080 4408 Dnscache - ok
20:24:35.0174 4408 [ 57AE249F2C6A90476E8E400F0EEC3C56 ] Dokan C:\Windows\system32\drivers\dokan.sys
20:24:35.0174 4408 Dokan - ok
20:24:35.0236 4408 [ F4FEAE56DA1B5B7DC78D5F9214CDEF5E ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
20:24:35.0236 4408 DokanMounter - ok
20:24:35.0298 4408 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
20:24:35.0298 4408 dot3svc - ok
20:24:35.0345 4408 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
20:24:35.0345 4408 DPS - ok
20:24:35.0423 4408 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:24:35.0423 4408 drmkaud - ok
20:24:35.0517 4408 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:24:35.0532 4408 DXGKrnl - ok
20:24:35.0579 4408 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:24:35.0579 4408 E1G60 - ok
20:24:35.0657 4408 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
20:24:35.0657 4408 EapHost - ok
20:24:35.0751 4408 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
20:24:35.0766 4408 Ecache - ok
20:24:35.0876 4408 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:24:35.0876 4408 ehRecvr - ok
20:24:35.0907 4408 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
20:24:35.0922 4408 ehSched - ok
20:24:35.0985 4408 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
20:24:35.0985 4408 ehstart - ok
20:24:36.0032 4408 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:24:36.0047 4408 elxstor - ok
20:24:36.0110 4408 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:24:36.0125 4408 EMDMgmt - ok
20:24:36.0188 4408 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
20:24:36.0188 4408 enecir - ok
20:24:36.0234 4408 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:24:36.0234 4408 ErrDev - ok
20:24:36.0297 4408 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
20:24:36.0312 4408 EventSystem - ok
20:24:36.0344 4408 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
20:24:36.0359 4408 exfat - ok
20:24:36.0359 4408 ezSharedSvc - ok
20:24:36.0375 4408 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:24:36.0390 4408 fastfat - ok
20:24:36.0437 4408 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:24:36.0437 4408 fdc - ok
20:24:36.0484 4408 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
20:24:36.0484 4408 fdPHost - ok
20:24:36.0484 4408 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
20:24:36.0484 4408 FDResPub - ok
20:24:36.0515 4408 Fildro - ok
20:24:36.0578 4408 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:24:36.0578 4408 FileInfo - ok
20:24:36.0593 4408 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:24:36.0593 4408 Filetrace - ok
20:24:36.0624 4408 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:36.0624 4408 flpydisk - ok
20:24:36.0656 4408 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:24:36.0671 4408 FltMgr - ok
20:24:36.0827 4408 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
20:24:36.0843 4408 FontCache - ok
20:24:36.0905 4408 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:36.0905 4408 FontCache3.0.0.0 - ok
20:24:36.0952 4408 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:24:36.0952 4408 Fs_Rec - ok
20:24:36.0999 4408 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:24:36.0999 4408 gagp30kx - ok
20:24:37.0124 4408 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:37.0124 4408 GEARAspiWDM - ok
20:24:37.0186 4408 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
20:24:37.0202 4408 gpsvc - ok
20:24:37.0280 4408 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:37.0280 4408 HdAudAddService - ok
20:24:37.0342 4408 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:37.0358 4408 HDAudBus - ok
20:24:37.0420 4408 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:24:37.0420 4408 HidBth - ok
20:24:37.0436 4408 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:24:37.0451 4408 HidIr - ok
20:24:37.0482 4408 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
20:24:37.0498 4408 hidserv - ok
20:24:37.0529 4408 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:24:37.0529 4408 HidUsb - ok
20:24:37.0560 4408 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
20:24:37.0576 4408 hkmsvc - ok
20:24:37.0716 4408 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:24:37.0716 4408 HP Health Check Service - ok
20:24:37.0794 4408 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:24:37.0794 4408 HpCISSs - ok
20:24:37.0841 4408 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:24:37.0841 4408 hpdskflt - ok
20:24:37.0888 4408 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:24:37.0904 4408 HpqKbFiltr - ok
20:24:37.0997 4408 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:24:37.0997 4408 hpqwmiex - ok
20:24:38.0028 4408 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
20:24:38.0044 4408 hpsrv - ok
20:24:38.0153 4408 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:24:38.0169 4408 HTTP - ok
20:24:38.0200 4408 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:24:38.0200 4408 i2omp - ok
20:24:38.0262 4408 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:38.0262 4408 i8042prt - ok
20:24:38.0294 4408 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:24:38.0294 4408 iaStorV - ok
20:24:38.0387 4408 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:38.0450 4408 idsvc - ok
20:24:38.0496 4408 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:24:38.0512 4408 iirsp - ok
20:24:38.0559 4408 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
20:24:38.0574 4408 IKEEXT - ok
20:24:38.0637 4408 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
20:24:38.0637 4408 intelide - ok
20:24:38.0668 4408 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:24:38.0684 4408 intelppm - ok
20:24:38.0715 4408 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:24:38.0730 4408 IPBusEnum - ok
20:24:38.0777 4408 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:38.0777 4408 IpFilterDriver - ok
20:24:38.0840 4408 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:24:38.0855 4408 iphlpsvc - ok
20:24:38.0855 4408 IpInIp - ok
20:24:38.0918 4408 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:24:38.0918 4408 IPMIDRV - ok
20:24:38.0949 4408 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:24:38.0949 4408 IPNAT - ok
20:24:39.0198 4408 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:24:39.0261 4408 iPod Service - ok
20:24:39.0308 4408 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:24:39.0308 4408 IRENUM - ok
20:24:39.0370 4408 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:24:39.0370 4408 isapnp - ok
20:24:39.0417 4408 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:39.0417 4408 iScsiPrt - ok
20:24:39.0448 4408 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:24:39.0448 4408 iteatapi - ok
20:24:39.0526 4408 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:24:39.0526 4408 iteraid - ok
20:24:39.0573 4408 [ BB86B1C3489463BBA1FD04C876DBE414 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
20:24:39.0573 4408 JMCR - ok
20:24:39.0588 4408 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:39.0604 4408 kbdclass - ok
20:24:39.0635 4408 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:39.0635 4408 kbdhid - ok
20:24:39.0682 4408 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
20:24:39.0682 4408 KeyIso - ok
20:24:39.0791 4408 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:24:39.0807 4408 KSecDD - ok
20:24:39.0854 4408 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:24:39.0854 4408 ksthunk - ok
20:24:39.0932 4408 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
20:24:39.0932 4408 KtmRm - ok
20:24:40.0025 4408 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:24:40.0025 4408 LanmanServer - ok
20:24:40.0088 4408 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:40.0088 4408 LanmanWorkstation - ok
20:24:40.0212 4408 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:24:40.0228 4408 LightScribeService - ok
20:24:40.0244 4408 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:24:40.0244 4408 lltdio - ok
20:24:40.0290 4408 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:24:40.0290 4408 lltdsvc - ok
20:24:40.0306 4408 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:24:40.0306 4408 lmhosts - ok
20:24:40.0353 4408 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:24:40.0353 4408 LSI_FC - ok
20:24:40.0384 4408 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:24:40.0400 4408 LSI_SAS - ok
20:24:40.0415 4408 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:24:40.0415 4408 LSI_SCSI - ok
20:24:40.0431 4408 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
20:24:40.0431 4408 luafv - ok
20:24:40.0602 4408 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
20:24:40.0649 4408 McComponentHostService - ok
20:24:40.0680 4408 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:24:40.0680 4408 Mcx2Svc - ok
20:24:40.0758 4408 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
20:24:40.0758 4408 megasas - ok
20:24:40.0774 4408 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:24:40.0790 4408 MegaSR - ok
20:24:40.0821 4408 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
20:24:40.0821 4408 MMCSS - ok
20:24:40.0852 4408 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
20:24:40.0852 4408 Modem - ok
20:24:40.0868 4408 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:24:40.0868 4408 monitor - ok
20:24:40.0883 4408 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:24:40.0883 4408 mouclass - ok
20:24:40.0961 4408 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:24:40.0961 4408 mouhid - ok
20:24:40.0992 4408 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:24:40.0992 4408 MountMgr - ok
20:24:41.0102 4408 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:41.0133 4408 MozillaMaintenance - ok
20:24:41.0195 4408 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:24:41.0195 4408 mpio - ok
20:24:41.0242 4408 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:41.0242 4408 mpsdrv - ok
20:24:41.0367 4408 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:41.0367 4408 MpsSvc - ok
20:24:41.0398 4408 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:24:41.0398 4408 Mraid35x - ok
20:24:41.0429 4408 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:41.0445 4408 MRxDAV - ok
20:24:41.0492 4408 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:41.0507 4408 mrxsmb - ok
20:24:41.0554 4408 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:41.0554 4408 mrxsmb10 - ok
20:24:41.0570 4408 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:41.0570 4408 mrxsmb20 - ok
20:24:41.0648 4408 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
20:24:41.0648 4408 msahci - ok
20:24:41.0694 4408 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:24:41.0694 4408 msdsm - ok
20:24:41.0741 4408 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
20:24:41.0741 4408 MSDTC - ok
20:24:41.0819 4408 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:41.0819 4408 Msfs - ok
20:24:41.0850 4408 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:24:41.0850 4408 msisadrv - ok
20:24:41.0882 4408 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:41.0897 4408 MSiSCSI - ok
20:24:41.0897 4408 msiserver - ok
20:24:41.0960 4408 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:41.0960 4408 MSKSSRV - ok
20:24:41.0991 4408 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:41.0991 4408 MSPCLOCK - ok
20:24:42.0006 4408 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:42.0006 4408 MSPQM - ok
20:24:42.0069 4408 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:42.0069 4408 MsRPC - ok
20:24:42.0116 4408 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:42.0116 4408 mssmbios - ok
20:24:42.0178 4408 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:42.0178 4408 MSTEE - ok
20:24:42.0209 4408 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:42.0209 4408 Mup - ok
20:24:42.0272 4408 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
20:24:42.0287 4408 napagent - ok
20:24:42.0350 4408 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:42.0350 4408 NativeWifiP - ok
20:24:42.0443 4408 NAVENG - ok
20:24:42.0443 4408 NAVEX15 - ok
20:24:42.0537 4408 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:42.0537 4408 NDIS - ok
20:24:42.0584 4408 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:42.0584 4408 NdisTapi - ok
20:24:42.0630 4408 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:42.0630 4408 Ndisuio - ok
20:24:42.0677 4408 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:42.0693 4408 NdisWan - ok
20:24:42.0724 4408 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:42.0724 4408 NDProxy - ok
20:24:42.0818 4408 [ 89FD76A90CBE63F03A70C2D1B85E802C ] NEOFLTR_710_19243 C:\Windows\system32\Drivers\NEOFLTR_710_19243.SYS
20:24:42.0818 4408 NEOFLTR_710_19243 - ok
20:24:42.0864 4408 Nero BackItUp Scheduler 4.0 - ok
20:24:42.0880 4408 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:42.0880 4408 NetBIOS - ok
20:24:42.0942 4408 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:24:42.0942 4408 netbt - ok
20:24:42.0974 4408 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
20:24:42.0974 4408 Netlogon - ok
20:24:43.0020 4408 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
20:24:43.0020 4408 Netman - ok
20:24:43.0067 4408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0098 4408 NetMsmqActivator - ok
20:24:43.0114 4408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0114 4408 NetPipeActivator - ok
20:24:43.0145 4408 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
20:24:43.0145 4408 netprofm - ok
20:24:43.0161 4408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0161 4408 NetTcpActivator - ok
20:24:43.0176 4408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0176 4408 NetTcpPortSharing - ok
20:24:43.0332 4408 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
20:24:43.0426 4408 NETw3v64 - ok
20:24:43.0598 4408 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
20:24:43.0707 4408 NETw5v64 - ok
20:24:43.0754 4408 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:24:43.0754 4408 nfrd960 - ok
20:24:43.0785 4408 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:43.0785 4408 NlaSvc - ok
20:24:43.0863 4408 [ 02C1198276C0D4F39E54EB5148AF1E2A ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
20:24:43.0863 4408 nmwcdcx64 - ok
20:24:43.0894 4408 [ 76292103C5149EB140419F36DCF26C1B ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
20:24:43.0894 4408 nmwcdnsucx64 - ok
20:24:43.0956 4408 [ 2974296DA6296B4FEA3E313BF98C693D ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
20:24:43.0956 4408 nmwcdnsux64 - ok
20:24:44.0019 4408 [ D8F00FCC82451BDAA3DB93BB62AE6AC3 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
20:24:44.0019 4408 nmwcdx64 - ok
20:24:44.0019 4408 Norton Internet Security - ok
20:24:44.0097 4408 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:44.0097 4408 Npfs - ok
20:24:44.0144 4408 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
20:24:44.0144 4408 nsi - ok
20:24:44.0175 4408 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:44.0175 4408 nsiproxy - ok
20:24:44.0253 4408 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:44.0268 4408 Ntfs - ok
20:24:44.0315 4408 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
20:24:44.0331 4408 Null - ok
20:24:44.0346 4408 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:24:44.0346 4408 nvraid - ok
20:24:44.0362 4408 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:24:44.0362 4408 nvstor - ok
20:24:44.0378 4408 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:24:44.0393 4408 nv_agp - ok
20:24:44.0393 4408 NwlnkFlt - ok
20:24:44.0393 4408 NwlnkFwd - ok
20:24:44.0471 4408 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:44.0487 4408 ohci1394 - ok
20:24:44.0549 4408 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:44.0565 4408 ose - ok
20:24:44.0674 4408 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:24:44.0721 4408 p2pimsvc - ok
20:24:44.0736 4408 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:44.0752 4408 p2psvc - ok
20:24:44.0814 4408 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
20:24:44.0814 4408 Parport - ok
20:24:44.0861 4408 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:44.0861 4408 partmgr - ok
20:24:44.0908 4408 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:44.0908 4408 PcaSvc - ok
20:24:44.0986 4408 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:24:44.0986 4408 pccsmcfd - ok
20:24:45.0033 4408 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
20:24:45.0033 4408 pci - ok
20:24:45.0095 4408 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
20:24:45.0095 4408 pciide - ok
20:24:45.0111 4408 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:24:45.0111 4408 pcmcia - ok
20:24:45.0158 4408 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:45.0173 4408 PEAUTH - ok
20:24:45.0282 4408 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:24:45.0282 4408 PerfHost - ok
20:24:45.0392 4408 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
20:24:45.0407 4408 pla - ok
20:24:45.0454 4408 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:45.0470 4408 PlugPlay - ok
20:24:45.0501 4408 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:24:45.0516 4408 PNRPAutoReg - ok
20:24:45.0532 4408 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:24:45.0532 4408 PNRPsvc - ok
20:24:45.0594 4408 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:45.0594 4408 PolicyAgent - ok
20:24:45.0688 4408 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:45.0688 4408 PptpMiniport - ok
20:24:45.0735 4408 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
20:24:45.0735 4408 Processor - ok
20:24:45.0782 4408 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:45.0782 4408 ProfSvc - ok
20:24:45.0813 4408 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:45.0813 4408 ProtectedStorage - ok
20:24:45.0860 4408 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:24:45.0860 4408 PSched - ok
20:24:45.0938 4408 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:24:45.0953 4408 ql2300 - ok
20:24:45.0969 4408 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:24:45.0969 4408 ql40xx - ok
20:24:46.0016 4408 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
20:24:46.0031 4408 QWAVE - ok
20:24:46.0062 4408 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:46.0078 4408 QWAVEdrv - ok
20:24:46.0156 4408 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:24:46.0156 4408 RapiMgr - ok
20:24:46.0203 4408 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:46.0218 4408 RasAcd - ok
20:24:46.0250 4408 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:46.0250 4408 RasAuto - ok
20:24:46.0296 4408 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:46.0296 4408 Rasl2tp - ok
20:24:46.0359 4408 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
20:24:46.0359 4408 RasMan - ok
20:24:46.0390 4408 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:46.0390 4408 RasPppoe - ok
20:24:46.0452 4408 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:46.0468 4408 RasSstp - ok
20:24:46.0484 4408 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:46.0499 4408 rdbss - ok
20:24:46.0546 4408 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:46.0546 4408 RDPCDD - ok
20:24:46.0593 4408 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:24:46.0593 4408 rdpdr - ok
20:24:46.0624 4408 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:46.0624 4408 RDPENCDD - ok
20:24:46.0686 4408 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:46.0686 4408 RDPWD - ok
20:24:46.0749 4408 [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
20:24:46.0796 4408 Recovery Service for Windows - ok
20:24:46.0858 4408 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:46.0858 4408 RemoteAccess - ok
20:24:46.0920 4408 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:46.0936 4408 RemoteRegistry - ok
20:24:47.0045 4408 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:24:47.0108 4408 RichVideo - ok
20:24:47.0139 4408 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
20:24:47.0139 4408 RpcLocator - ok
20:24:47.0217 4408 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
20:24:47.0232 4408 RpcSs - ok
20:24:47.0295 4408 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:47.0295 4408 rspndr - ok
20:24:47.0373 4408 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:24:47.0373 4408 RTL8169 - ok
20:24:47.0404 4408 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
20:24:47.0404 4408 SamSs - ok
20:24:47.0498 4408 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:24:47.0498 4408 SASDIFSV - ok
20:24:47.0513 4408 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:24:47.0529 4408 SASKUTIL - ok
20:24:47.0576 4408 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:24:47.0576 4408 sbp2port - ok
20:24:47.0622 4408 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:47.0638 4408 SCardSvr - ok
20:24:47.0700 4408 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
20:24:47.0732 4408 Schedule - ok
20:24:47.0778 4408 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:47.0778 4408 SCPolicySvc - ok
20:24:47.0841 4408 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:24:47.0841 4408 sdbus - ok
20:24:47.0888 4408 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:47.0888 4408 SDRSVC - ok
20:24:48.0122 4408 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:24:48.0122 4408 SearchAnonymizer - ok
20:24:48.0153 4408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:48.0153 4408 secdrv - ok
20:24:48.0231 4408 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
20:24:48.0231 4408 seclogon - ok
20:24:48.0246 4408 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
20:24:48.0262 4408 SENS - ok
20:24:48.0278 4408 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:24:48.0278 4408 Serenum - ok
20:24:48.0309 4408 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
20:24:48.0309 4408 Serial - ok
20:24:48.0340 4408 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:24:48.0340 4408 sermouse - ok
20:24:48.0465 4408 [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:24:48.0496 4408 ServiceLayer - ok
20:24:48.0574 4408 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:48.0574 4408 SessionEnv - ok
20:24:48.0621 4408 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:24:48.0621 4408 sffdisk - ok
20:24:48.0636 4408 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:24:48.0636 4408 sffp_mmc - ok
20:24:48.0652 4408 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:24:48.0668 4408 sffp_sd - ok
20:24:48.0683 4408 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:24:48.0683 4408 sfloppy - ok
20:24:48.0730 4408 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:48.0730 4408 SharedAccess - ok
20:24:48.0792 4408 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:48.0808 4408 ShellHWDetection - ok
20:24:48.0855 4408 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:24:48.0870 4408 SiSRaid2 - ok
20:24:48.0886 4408 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:24:48.0902 4408 SiSRaid4 - ok
20:24:48.0980 4408 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:49.0120 4408 SkypeUpdate - ok
20:24:49.0260 4408 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
20:24:49.0338 4408 slsvc - ok
20:24:49.0401 4408 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:24:49.0416 4408 SLUINotify - ok
20:24:49.0479 4408 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:49.0479 4408 Smb - ok
20:24:49.0541 4408 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:49.0557 4408 SNMPTRAP - ok
20:24:49.0604 4408 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:49.0604 4408 spldr - ok
20:24:49.0635 4408 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
20:24:49.0650 4408 Spooler - ok
20:24:49.0666 4408 SRTSP - ok
20:24:49.0666 4408 SRTSPX - ok
20:24:49.0728 4408 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:49.0744 4408 srv - ok
20:24:49.0791 4408 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:49.0806 4408 srv2 - ok
20:24:49.0838 4408 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:49.0838 4408 srvnet - ok
20:24:49.0884 4408 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:49.0900 4408 SSDPSRV - ok
20:24:49.0962 4408 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:49.0962 4408 SstpSvc - ok
20:24:50.0103 4408 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
20:24:50.0118 4408 STacSV - ok
20:24:50.0212 4408 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:24:50.0228 4408 STHDA - ok
20:24:50.0290 4408 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
20:24:50.0321 4408 stisvc - ok
20:24:50.0352 4408 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:24:50.0352 4408 swenum - ok
20:24:50.0415 4408 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
20:24:50.0430 4408 swprv - ok
20:24:50.0462 4408 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:24:50.0462 4408 Symc8xx - ok
20:24:50.0524 4408 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:24:50.0524 4408 Sym_hi - ok
20:24:50.0540 4408 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:24:50.0540 4408 Sym_u3 - ok
20:24:50.0602 4408 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:24:50.0618 4408 SynTP - ok
20:24:50.0696 4408 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
20:24:50.0711 4408 SysMain - ok
20:24:50.0758 4408 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:50.0758 4408 TabletInputService - ok
20:24:50.0805 4408 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:50.0805 4408 TapiSrv - ok
20:24:50.0852 4408 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
20:24:50.0852 4408 TBS - ok
20:24:50.0945 4408 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:50.0976 4408 Tcpip - ok
20:24:51.0023 4408 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:51.0039 4408 Tcpip6 - ok
20:24:51.0101 4408 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:51.0117 4408 tcpipreg - ok
20:24:51.0148 4408 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0148 4408 TDPIPE - ok
20:24:51.0164 4408 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0164 4408 TDTCP - ok
20:24:51.0210 4408 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0210 4408 tdx - ok
20:24:51.0257 4408 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0257 4408 TermDD - ok
20:24:51.0288 4408 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
20:24:51.0288 4408 TermService - ok
20:24:51.0335 4408 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
20:24:51.0335 4408 Themes - ok
20:24:51.0382 4408 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:51.0382 4408 THREADORDER - ok
20:24:51.0460 4408 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:24:51.0476 4408 TomTomHOMEService - ok
20:24:51.0507 4408 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
20:24:51.0507 4408 TrkWks - ok
20:24:51.0585 4408 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0600 4408 TrustedInstaller - ok
20:24:51.0632 4408 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0632 4408 tssecsrv - ok
20:24:51.0694 4408 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:24:51.0694 4408 tunmp - ok
20:24:51.0725 4408 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:51.0725 4408 tunnel - ok
20:24:51.0928 4408 [ 1C31169DDDC70C1605F703DA701EAEEA ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
20:24:51.0928 4408 TVCapSvc - ok
20:24:51.0944 4408 [ 290B8C381DBC15D3DBCBD2BDB6B0BA12 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
20:24:51.0959 4408 TVSched - ok
20:24:52.0006 4408 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:24:52.0006 4408 uagp35 - ok
20:24:52.0084 4408 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0084 4408 udfs - ok
20:24:52.0131 4408 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:52.0146 4408 UI0Detect - ok
20:24:52.0178 4408 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:24:52.0178 4408 uliagpkx - ok
20:24:52.0209 4408 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:24:52.0209 4408 uliahci - ok
20:24:52.0240 4408 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:24:52.0240 4408 UlSata - ok
20:24:52.0287 4408 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:24:52.0287 4408 ulsata2 - ok
20:24:52.0318 4408 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:24:52.0318 4408 umbus - ok
20:24:52.0380 4408 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
20:24:52.0380 4408 upnphost - ok
20:24:52.0427 4408 [ 9856C38AB8FAACCA4DD99DAC7B42F838 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:24:52.0443 4408 upperdev - ok
20:24:52.0490 4408 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:24:52.0505 4408 USBAAPL64 - ok
20:24:52.0599 4408 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:24:52.0599 4408 usbaudio - ok
20:24:52.0661 4408 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:52.0661 4408 usbccgp - ok
20:24:52.0692 4408 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:24:52.0692 4408 usbcir - ok
20:24:52.0724 4408 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:52.0724 4408 usbehci - ok
20:24:52.0786 4408 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:52.0786 4408 usbhub - ok
20:24:52.0848 4408 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:24:52.0848 4408 usbohci - ok
20:24:52.0864 4408 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:24:52.0864 4408 usbprint - ok
20:24:52.0911 4408 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:52.0911 4408 usbscan - ok
20:24:52.0973 4408 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\drivers\usbser.sys
20:24:52.0973 4408 usbser - ok
20:24:53.0004 4408 [ 89123DC822AC7A708BD4C9E196A37610 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
20:24:53.0004 4408 UsbserFilt - ok
20:24:53.0082 4408 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:53.0082 4408 USBSTOR - ok
20:24:53.0129 4408 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:53.0129 4408 usbuhci - ok
20:24:53.0192 4408 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:24:53.0207 4408 usbvideo - ok
20:24:53.0254 4408 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
20:24:53.0254 4408 UxSms - ok
20:24:53.0285 4408 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
20:24:53.0301 4408 vds - ok
20:24:53.0379 4408 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:53.0394 4408 vga - ok
20:24:53.0410 4408 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:53.0410 4408 VgaSave - ok
20:24:53.0426 4408 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
20:24:53.0426 4408 viaide - ok
20:24:53.0457 4408 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:24:53.0457 4408 volmgr - ok
20:24:53.0519 4408 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:53.0535 4408 volmgrx - ok
20:24:53.0597 4408 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:24:53.0597 4408 volsnap - ok
20:24:53.0644 4408 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:24:53.0644 4408 vsmraid - ok
20:24:53.0722 4408 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
20:24:53.0738 4408 VSS - ok
20:24:53.0753 4408 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
20:24:53.0769 4408 W32Time - ok
20:24:53.0816 4408 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:24:53.0816 4408 WacomPen - ok
20:24:53.0909 4408 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:24:53.0909 4408 Wanarp - ok
20:24:53.0909 4408 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:53.0909 4408 Wanarpv6 - ok
20:24:53.0956 4408 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:24:53.0972 4408 WcesComm - ok
20:24:54.0003 4408 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:54.0018 4408 wcncsvc - ok
20:24:54.0065 4408 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:54.0081 4408 WcsPlugInService - ok
20:24:54.0112 4408 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
20:24:54.0112 4408 Wd - ok
20:24:54.0206 4408 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:54.0252 4408 Wdf01000 - ok
20:24:54.0284 4408 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:54.0284 4408 WdiServiceHost - ok
20:24:54.0299 4408 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:54.0299 4408 WdiSystemHost - ok
20:24:54.0362 4408 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
20:24:54.0362 4408 WebClient - ok
20:24:54.0424 4408 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:54.0440 4408 Wecsvc - ok
20:24:54.0471 4408 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:54.0486 4408 wercplsupport - ok
20:24:54.0502 4408 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:54.0502 4408 WerSvc - ok
20:24:54.0564 4408 WinDefend - ok
20:24:54.0596 4408 WinHttpAutoProxySvc - ok
20:24:54.0658 4408 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:54.0689 4408 Winmgmt - ok
20:24:54.0798 4408 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:54.0845 4408 WinRM - ok
20:24:54.0908 4408 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
20:24:54.0908 4408 winusb - ok
20:24:54.0954 4408 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:54.0970 4408 Wlansvc - ok
20:24:55.0126 4408 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:55.0173 4408 wlidsvc - ok
20:24:55.0220 4408 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:55.0220 4408 WmiAcpi - ok
20:24:55.0266 4408 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:55.0282 4408 wmiApSrv - ok
20:24:55.0329 4408 WMPNetworkSvc - ok
20:24:55.0360 4408 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:55.0360 4408 WPCSvc - ok
20:24:55.0438 4408 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:55.0438 4408 WPDBusEnum - ok
20:24:55.0485 4408 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:24:55.0485 4408 WpdUsb - ok
20:24:55.0906 4408 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:24:55.0953 4408 WPFFontCache_v0400 - ok
20:24:56.0000 4408 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:56.0000 4408 ws2ifsl - ok
20:24:56.0124 4408 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
20:24:56.0140 4408 wscsvc - ok
20:24:56.0140 4408 WSearch - ok
20:24:56.0296 4408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:56.0358 4408 wuauserv - ok
20:24:56.0405 4408 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:56.0405 4408 WUDFRd - ok
20:24:56.0436 4408 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:56.0452 4408 wudfsvc - ok
20:24:56.0530 4408 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
20:24:56.0530 4408 yukonx64 - ok
20:24:56.0624 4408 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
20:24:56.0624 4408 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
20:24:56.0624 4408 ================ Scan global ===============================
20:24:56.0702 4408 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:24:56.0748 4408 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:24:56.0780 4408 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:24:56.0858 4408 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:24:56.0858 4408 [Global] - ok
20:24:56.0858 4408 ================ Scan MBR ==================================
20:24:56.0889 4408 [ 48E3F1D37D7213D84BE3E5B9893067F6 ] \Device\Harddisk0\DR0
20:24:58.0308 4408 \Device\Harddisk0\DR0 - ok
20:24:58.0308 4408 ================ Scan VBR ==================================
20:24:58.0340 4408 [ 4F671ACB12D2B23C2A215D3B242A1E8F ] \Device\Harddisk0\DR0\Partition1
20:24:58.0340 4408 \Device\Harddisk0\DR0\Partition1 - ok
20:24:58.0386 4408 [ 7B194D67144E38317068B1DBCA999781 ] \Device\Harddisk0\DR0\Partition2
20:24:58.0386 4408 \Device\Harddisk0\DR0\Partition2 - ok
20:24:58.0386 4408 ============================================================
20:24:58.0386 4408 Scan finished
20:24:58.0386 4408 ============================================================
20:24:58.0402 4804 Detected object count: 0
20:24:58.0402 4804 Actual detected object count: 0
DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Andreas at 22:02:46 on 2013-01-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.2499 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AAVUpdateManager\aavus.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andreas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Programme\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webzugang.brnet.de/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{552B14CB-20AD-4649-BAFC-D79E76C6329F} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
x64-Run: [Ocs_SM] C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-08-21 16:22; firejump@firejump.net; C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\extensions\firejump@firejump.net
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-10 27800]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2011-11-13 99152]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/20 03:13:30];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-3-2 89600]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-10 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-10 109344]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-10 99912]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2010-7-6 106888]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 30520]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-21 365952]
R2 SearchAnonymizer;SearchAnonymizer;C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-8-21 40960]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-21 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-4-17 138592]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-21 3154432]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-2-9 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2009-3-19 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2009-3-19 172544]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-2-9 18944]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-26 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: FRONTPG.EXE: edit=C:\Programme\Microsoft Office\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-13 19:39:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 19:39:42 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-13 17:56:39 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-12-11 17:12:00 129216 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2012-12-11 17:11:59 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-20 07:17:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 07:17:24 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-20 07:17:24 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-20 07:17:24 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-10-20 07:17:24 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-10-20 07:17:24 174056 ----a-w- C:\Windows\SysWow64\java.exe
.
============= FINISH: 22:03:34,37 ===============
Schritt 4 / DDS+-Attach Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 20.03.2009 02:34:19 System Uptime: 08.01.2013 19:02:43 (3 hours ago) . Motherboard: Quanta | | 3624 Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | CPU | 2400/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 454 GiB total, 235,511 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1,928 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . AAVUpdateManager Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS Adobe Reader X (10.1.4) - Deutsch Advanced Renamer Advertising Center Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Burning Studio 2012 v.10.0.15 ATI Catalyst Install Manager Audacity 2.0 Audiograbber 1.83 SE Audiograbber Lame-MP3-Plugin AutoUpdate Avira Free Antivirus Bigasoft Audio Converter 3.7.16.4643 BILD-Steuer 2010 Bonjour CanoScan Toolbox Ver4.9 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Citrix Online Plug-in - Web Citrix Online Plug-in (DV) Citrix Online Plug-in (HDX) Citrix Online Plug-in (USB) Citrix Online Plug-in (Web) Compatibility Pack für 2007 Office System CyberLink DVD Suite D3DX10 Desktop Icon für Amazon DIE SIEDLER III MISSION CD DivX Codec DivX Converter DivX Version Checker DivX Web Player dm-Fotowelt Dokan Library 0.5.3 Dropbox ElsterFormular ElsterFormular-Update ESET Online Scanner v3 ESU for Microsoft Vista FileZilla Client 3.5.3 FireJump Free Audio CD Burner version 1.4.7 Free Studio version 5.7.3.903 Free WAV to MP3 Converter Free YouTube to MP3 Converter version 3.11.32.918 GMX SMS-Manager Google Calendar Sync Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Common Access Service Library HP Customer Experience Enhancements HP Help and Support HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart TV HP MediaSmart Webcam HP Quick Launch Buttons 6.40 L1 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0134 HP Wireless Assistant HPAsset component for HP Active Support Library IDT Audio ImagXpress IrfanView (remove only) iTunes Java 7 Update 9 Java Auto Updater Java(TM) 6 Update 35 Java(TM) 6 Update 7 JMicron JMB38X Flash Media Controller Driver Juniper Networks Host Checker Juniper Networks Secure Application Manager Juniper Networks Setup Client Activex Control Juniper Networks, Inc. Setup Client K-Lite Codec Pack 9.2.0 (64-bit) LabelPrint LAME v3.99.3 (for Windows) LightScribe System Software Logitech Z-series Software 1.04 Malwarebytes Anti-Malware Version 1.65.0.1400 McAfee Security Scan Plus Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Professional Edition 2003 Microsoft Office XP Professional mit FrontPage Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works mIRC MixPad Audio Mixer MozBackup 1.5.1 Mozilla Firefox 17.0.1 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 17.0 (x86 de) MSVC80_x64 MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal NCH Toolbox Nero 9 Lite Nero ControlCenter Nero Installer Nero Online Upgrade Nero StartSmart neroxml No23 Recorder Nokia Connectivity Cable Driver PC Connectivity Solution PC Inspector smart recovery PDF24 Creator 4.1.2 Phase 5 HTML-Editor Pidgin Pixum Fotobuch Power2Go PowerDirector ProtectSmart Hard Drive Protection QIP 2010 3.1.6116 QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver RedMon - Redirection Port Monitor Reimage Repair SearchAnonymizer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Segoe UI Siedler3 SimonT Hockey Simulator Support Files Skins Skype Click to Call Skype™ 5.8 SopCast 3.2.8 SUPERAntiSpyware Synaptics Pointing Device Driver Tinypic 3.18 TomTom HOME TomTom HOME Visual Studio Merge Modules Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VC80CRTRedist - 8.0.50727.762 VideoPad Videobearbeitungs-Software WavePad Audiobearbeitungs-Software Winamp Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR xp-AntiSpy 3.97-2 . ==== End Of File =========================== Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-08 22:30:11
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG002C 465,76GB
Running: GMER.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:3068] 000000006e938d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:356] 000000006e938fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1148] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1088] 000000006e9388f0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1452] 0000000072927456
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:4480] 0000000075643402
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:3928] 0000000075643402
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2456] 0000000074f3f36f
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2464] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2496] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2500] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2580] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3204] 00000000736ae2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3208] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3212] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3216] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3220] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3228] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3236] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3240] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3252] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3260] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3264] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3268] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3272] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3276] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3280] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3284] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3288] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3292] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3296] 0000000073d0c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3312] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3316] 000000006ea48de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3320] 000000006ea48de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3324] 000000006ea48de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3328] 000000006ea44e00
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3448] 0000000073d0c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:4664] 0000000073d0c59c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2584:2648] 000007fefbebb8ec
Thread C:\Windows\system32\SearchIndexer.exe [2704:3912] 000007fef42539f0
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2196] 0000000073210000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264] 0000000077200000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448] 0000000077200000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2584] 00000000701b0000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [2704] 000007fefe420000
---- EOF - GMER 2.0 ----
|
|
09.01.2013, 16:23
| #13 | |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... Hm nichts verdächtiges ... Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.01.2013, 22:45
| #14 |
| | kann Windows-Firewall nicht mehr starten ... et voila ... Code:
ATTFilter ComboFix 13-01-08.01 - Andreas 09.01.2013 19:51:03.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.2160 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 19:00 . 2013-01-09 19:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-09 19:00 . 2013-01-09 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 19:00 . 2013-01-09 19:00 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-01-09 16:00 . 2013-01-09 18:46 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 16
2013-01-08 08:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{105CB14D-FF86-4A02-BB87-5409B9DD83C9}\mpengine.dll
2013-01-06 12:14 . 2013-01-06 12:14 -------- d--h--w- c:\users\Andreas\.shsh
2013-01-05 19:37 . 2013-01-06 10:31 -------- d-----w- c:\users\Andreas\AppData\Roaming\PCToolsFirewallPlus
2013-01-05 19:30 . 2013-01-06 10:31 -------- d-----w- c:\program files (x86)\PC Tools Firewall Plus
2013-01-05 17:03 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-05 17:02 . 2013-01-05 17:02 -------- d-----w- c:\program files\iPod
2013-01-05 17:02 . 2013-01-05 17:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-05 17:02 . 2013-01-05 17:03 -------- d-----w- c:\program files\iTunes
2013-01-05 17:02 . 2013-01-05 17:03 -------- d-----w- c:\program files (x86)\iTunes
2013-01-05 16:59 . 2013-01-05 16:59 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-05 16:54 . 2013-01-05 16:54 -------- d-----w- c:\program files\Bonjour
2013-01-05 16:54 . 2013-01-05 16:54 -------- d-----w- c:\program files (x86)\Bonjour
2012-12-22 02:02 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 02:02 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 02:02 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 02:02 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 17:54 . 2012-11-14 07:11 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-12-13 08:03 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-13 08:03 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 08:03 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 08:03 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 08:03 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 08:03 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 08:03 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-13 08:03 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 08:03 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 08:03 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:39 . 2012-08-18 18:25 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 19:39 . 2011-05-31 06:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 17:56 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-12-11 17:12 . 2012-10-10 21:18 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 17:11 . 2012-10-10 21:18 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-20 07:17 . 2012-10-20 07:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 07:17 . 2012-08-18 17:52 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-20 07:17 . 2010-05-12 05:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-03-02 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2010-07-06 c:\windows\Tasks\{05622D7C-E102-421F-B9BD-F587BF569F37}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2010-07-06 c:\windows\Tasks\{26D45942-2C27-4338-93C2-049F1A435729}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{5B63F7D2-B10D-4B25-BCB3-4D2BBBDB9ABC}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{6E02B945-C0CE-453A-9BA6-230DC76E1BAC}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2011-04-01 c:\windows\Tasks\{83EBD7E3-5521-4D5A-897A-E105084669EA}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2009-05-18 c:\windows\Tasks\{B9B31758-9ABD-4FBC-875D-D4AA867B25D5}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 790552]
"Ocs_SM"="c:\users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page =
mDefault_Page_URL =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/
FF - ExtSQL: !HIDDEN! 2012-08-21 16:22; firejump@firejump.net; c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
AddRemove-Winamp - c:\programme\Winamp\UninstWA.exe
AddRemove-WinRAR archiver - c:\programme\WinRaR\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dokan\DokanLibrary\mounter.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-09 20:13:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-09 19:13
.
Vor Suchlauf: 18 Verzeichnis(se), 253.572.988.928 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 253.852.020.736 Bytes frei
.
- - End Of File - - 27F454D55194BF63DD763E2878DCF660
|
|
09.01.2013, 22:50
| #15 |
| /// TB-Ausbilder | kann Windows-Firewall nicht mehr starten ... So gut. Also keine Malware. Deinstalliere mal das hier: c:\program files (x86)\PC Tools Firewall Plus Ausserdem Super Anti Spyware Ausserdem hiermit Reste entfernen: ftp://ftp.symantec.com/public/englis...moval_Tool.exe und wenn das nicht hilft gehen mir dann auch langsam die Ideen aus.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu kann Windows-Firewall nicht mehr starten ... |
| angezeigt, arten, ausgeführt, beheben, dankbar, dienst, einfach, einschalten, fehlermeldung, festgestellt, gen, gestartet, gestellt, konnte, manuell, nicht mehr, problem, schalten, sicherheitscenter, starte, starten, virenproblem, windows firewall, windows-firewall, zugehörige |
kann Windows-Firewall nicht mehr starten ...
Linear-Darstellung
