Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows update Fehler 80070426 (https://www.trojaner-board.de/112017-windows-update-fehler-80070426-a.html)

Andi7770 21.03.2012 12:50
Windows update Fehler 80070426
 
Hallo Leute,

ich komme einfach nicht mehr weiter durch suchen und ausprobieren über google.

Wenn ich versuche mein Windows Vista upzudaten erhalte ich seit ca. 4 Monaten den Fehlercode 80070426.
Die Slsvc kann ich über Dienste auch garnicht starten.
Ich nutze Windows über die VMWare auf meinem Mac.

Ich habe jetzt den Hijack Test laufen lassen und würde mich über euere fachkundige Meinung sehr freuen.
Falls ich nicht den Forenregelen entsprechend genug Infos gepostet habe bitte entschuldigt das--bin zum ersten mal angemeldet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:07, on 21.03.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Andreas \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WUVEY3P\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing)
O3 - Toolbar: StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas \AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} (GO-Global 4) - https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: VMware-Upgrade-Hilfsprogramm (VMUpgradeHelper) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe

ich habe jetzt noch gelesen, dass Hijackthis nicht mehr sinnvoll ist, deshlab nun die Auswertungen wie in der Checkliste beschrieben.
DDS Attach GMER
DDS Logfile:
DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Andreas  at 12:58:16 on 2012-03-21
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.1023.426 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fondsfinanz.de/
mStart Page = hxxp://startsear.ch/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\ssBarLcher.dll
TB: StartSearchToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\ssBarLcher.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"
mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\andrea~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\andreas \appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} - hxxps://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab
DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.109.2
TCP: Interfaces\{16DA9B34-0EE4-4A52-9716-E2E232151574} : DhcpNameServer = 192.168.109.2
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andreas \appdata\roaming\mozilla\firefox\profiles\pvsw9u8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - plugin: c:\program files\java\j2re1.4.2_10\bin\NPJPI142_10.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl479cd8cd;MpKsl479cd8cd;c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys [2012-3-21 29904]
R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2011-1-13 129392]
R1 vmrawdsk;Hilfsdienst für physischen VMware Vista-Datenträger;c:\program files\vmware\vmware tools\vmrawdsk.sys [2010-11-30 37744]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-1 66616]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2010-6-30 2067344]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-16 21504]
R2 MSSQL$BTSQLINSTANZ;SQL Server (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 VMMEMCTL;Treiber für Speichersteuerung;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2011-5-21 14448]
R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\vmtoolsd.exe [2011-5-21 50288]
R2 VMUpgradeHelper;VMware-Upgrade-Hilfsprogramm;c:\program files\vmware\vmware tools\VMUpgradeHelper.exe [2011-5-21 174704]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2010-11-30 255304]
R3 vm3dmp;vm3dmp;c:\windows\system32\drivers\vm3dmp.sys [2011-6-1 77824]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-1-13 61872]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2011-1-13 11440]
S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2010-11-30 23152]
S2 AntiVirSchedulerService;Avira AntiVir Planer;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 TPVCGateway;TP VC Gateway Service;c:\program files\vmware\vmware tools\TPVCGateway.exe [2010-11-30 390432]
S3 vmvss;VMware Snapshot Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-15 84072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$BTSQLINSTANZ;SQL Server Agent (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-03-21 11:08:56    29904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys
2012-03-19 11:57:44    6552120    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-19 11:57:23    6552120    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\mpengine.dll
2012-03-07 15:28:50    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-03-07 15:28:50    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2012-03-07 15:09:58    713784    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-03-07 15:09:57    713784    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{770fb0e5-4d49-4a1b-bb27-d14b0ced2018}\gapaengine.dll
2012-03-07 14:49:59    --------    d-----w-    c:\program files\Microsoft Security Client
2012-03-07 14:49:45    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
.
==================== Find3M  ====================
.
2012-03-07 15:08:53    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:58:54,61 ===============
--- --- ---

--- --- ---




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 13.01.2011 20:45:56
System Uptime: 21.03.2012 12:07:28 (0 hours ago)
.
Motherboard: Intel Corporation | | 440BX Desktop Reference Platform
Processor: Intel(R) Core(TM)2 Duo CPU L9400 @ 1.86GHz | CPU socket #0 | 1859/mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 13,162 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP176: 07.03.2012 15:09:45 - Geplanter Prüfpunkt
RP177: 07.03.2012 15:49:33 - Windows Update
RP178: 19.03.2012 15:20:53 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt.
RP179: 19.03.2012 16:02:18 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1) - Deutsch
BeratungsNavigator Rechen-Zusatzmodul
Beratungsprogramme W&W-Konzern
CodeMeter Runtime Kit v4.20a
Finanzplaner
Free YouTube to MP3 Converter version 3.10.11.923
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 2 Runtime Environment, SE v1.4.2_10
KV-WIN
LV-WIN
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
PDFCreator
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Sentinel Protection Installer 7.5.0
Service Pack 1 for SQL Server 2008 (KB968369)
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
TAS
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Veetle TV 0.9.18
VideoLAN VLC media player 0.8.2
VMware Tools
VOLKSWOHL BUND - Angebotsprogramm Komfort
.
==== End Of File ===========================



GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-21 13:58:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 VMware,_ rev.1.0_
Running: 6oyd5cu5.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\kftoyaow.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT  86B58FE6                                                                                                            ZwCreateSection
SSDT  86B58FEB                                                                                                            ZwSetContextThread
SSDT  86B58F87                                                                                                            ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text  ntkrnlpa.exe!KeSetEvent + 215                                                                                      81CF3998 4 Bytes  [E6, 8F, B5, 86] {OUT 0x8f, AL; MOV CH, 0x86}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                                      81CF3CF0 4 Bytes  [EB, 8F, B5, 86] {JMP 0xffffffffffffff91; MOV CH, 0x86}
.text  ntkrnlpa.exe!KeSetEvent + 621                                                                                      81CF3DA4 4 Bytes  [87, 8F, B5, 86]
 
---- Files - GMER 1.0.15 ----
 
File  C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-55-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock  0 bytes
 
---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 21.03.2012 17:48
Zitat:
Die Slsvc kann ich über Dienste auch garnicht starten.
Warum nicht? :balla: Fehlermeldung??

Was du vor 4 Monaten gemacht hast, dass zu diesem Fehler führte kannst du wohl auch nicht mehr nachvollziehen?

Andi7770 22.03.2012 10:10
Hi,

leider kann ich das nichtmehr nachvollziehen :balla:

Als Fehlermeldung wenn ich slsvc starten will kommt:

- Der Dienst "slsvc" auf "Lokaler Computer" konnte nicht gestartet werden.
Fehler 1053: Der Dienst antwortet nicht rechtzeitig auf die start- oder Steuerungsanforderung -

Wenn ich auf slsvc draufgehe ohne es zu starten steht links in der Anzeige.

- Beschreibung: Fehler beim lesen der Beschreibung. Fehlercode 1813 -

cosinus 22.03.2012 12:41
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Andi7770 22.03.2012 14:14
Hi Arne,

danke schonmal für deine Tips.
hier vorab der scan mit malwarebytes.

Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19154
Andreas Haller :: LH-V96A6R7OK14D [Administrator]

22.03.2012 13:39:21
mbam-log-2012-03-22 (14-07-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255258
Laufzeit: 22 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: StartSearchTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

cosinus 22.03.2012 15:35
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Andi7770 22.03.2012 20:11
Hi,

die Funde hatte ich entfernt, danke trotzdem für den Hinweis! Manchmal sind es ja die einfachen Dinge ;-)
Ich hatte vorher noch nicht mit malwarebytes gescannt.

angefügt noch der zweite scan, ich hoffe das hilft weiter:confused:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f72befe755504fadaed09e5b9c897b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 02:37:49
# local_time=2012-03-22 03:37:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1296875 169958965 0 0
# compatibility_mode=8192 67108863 100 0 3727 3727 0 0
# scanned=7565
# found=0
# cleaned=0
# scan_time=806
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f72befe755504fadaed09e5b9c897b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 06:53:05
# local_time=2012-03-22 07:53:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1309438 169971528 0 0
# compatibility_mode=8192 67108863 100 0 16290 16290 0 0
# scanned=102860
# found=0
# cleaned=0
# scan_time=3558

cosinus 23.03.2012 21:05
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Andi7770 24.03.2012 10:22
Alles klar,

ist erledigt.

Grüße

OTL Logfile:
Code:
OTL logfile created on: 24.03.2012 09:38:24 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andreas Haller\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,79 Mb Total Physical Memory | 427,26 Mb Available Physical Memory | 41,77% Memory free
2,26 Gb Paging File | 1,57 Gb Available in Paging File | 69,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 12,64 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
 
Computer Name: LH-V96A6R7OK14D | User Name: Andreas Haller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.22 12:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.05.21 15:59:44 | 000,174,704 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMUpgradeHelper.exe
PRC - [2011.05.21 15:59:34 | 001,104,496 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMwareUser.exe
PRC - [2011.05.21 15:59:32 | 000,186,992 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMwareTray.exe
PRC - [2011.05.21 15:59:18 | 000,050,288 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.11.30 15:55:10 | 000,255,304 | R--- | M] (ThinPrint AG) -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe
PRC - [2010.11.30 15:55:08 | 000,451,880 | R--- | M] (ThinPrint AG) -- C:\Programme\VMware\VMware Tools\TPAutoConnect.exe
PRC - [2010.06.30 04:20:00 | 006,871,440 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2010.06.30 04:20:00 | 002,067,344 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.21 15:59:38 | 000,056,432 | ---- | M] () -- C:\Programme\VMware\VMware Tools\sigc-2.0.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.05.21 15:59:44 | 000,174,704 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe -- (VMUpgradeHelper)
SRV - [2011.05.21 15:59:18 | 000,050,288 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.30 15:55:10 | 000,390,432 | R--- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway)
SRV - [2010.11.30 15:55:10 | 000,255,304 | R--- | M] (ThinPrint AG) [On_Demand | Running] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2010.06.30 04:20:00 | 002,067,344 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2009.04.10 23:27:50 | 003,408,896 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009.03.31 05:55:56 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$BTSQLINSTANZ) SQL Server (BTSQLINSTANZ)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$BTSQLINSTANZ) SQL Server Agent (BTSQLINSTANZ)
SRV - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.22 20:15:49 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DC5D129-5531-4DB4-B39B-1F00DE735054}\MpKsl3d46a277.sys -- (MpKsl3d46a277)
DRV - [2011.06.30 13:51:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 13:51:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.21 15:59:38 | 000,014,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2011.05.21 15:59:34 | 000,129,392 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\vmhgfs.sys -- (vmhgfs)
DRV - [2011.05.21 15:56:56 | 000,077,824 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.30 15:59:06 | 000,023,152 | ---- | M] (VMware, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vmdebug.sys -- (vmdebug)
DRV - [2010.11.30 15:58:44 | 000,037,744 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk)
DRV - [2010.11.30 15:57:44 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV - [2010.11.30 15:57:32 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2010.11.30 15:55:46 | 000,061,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010.10.13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.07.11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2008.07.11 07:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fondsfinanz.de/
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.26 20:54:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.26 20:54:35 | 000,000,000 | ---D | M]
 
[2011.03.11 19:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Extensions
[2011.11.14 14:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.09 14:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
[2011.03.11 19:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.26 12:23:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 12:23:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.26 12:23:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.26 12:23:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.26 12:23:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.109.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16DA9B34-0EE4-4A52-9716-E2E232151574}: DhcpNameServer = 192.168.109.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 09:36:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
[2012.03.22 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.22 13:34:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\AppData\Roaming\Malwarebytes
[2012.03.22 13:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.22 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.22 13:33:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.22 13:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2012.03.22 10:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.03.22 10:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.03.22 10:29:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\Desktop\Steuererklärung
[2012.03.21 13:14:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.03.21 12:57:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Andreas Haller\Desktop\dds.scr
[2012.03.07 16:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.03.07 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.03.07 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.03.07 15:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 20:19:50 | 000,756,800 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.22 20:19:50 | 000,714,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.22 20:19:50 | 000,177,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.22 20:19:50 | 000,150,528 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.22 20:15:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 13:33:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 12:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
[2012.03.22 10:45:46 | 000,049,152 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.03.21 13:14:39 | 176,715,591 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.21 13:02:53 | 000,302,592 | ---- | M] () -- C:\Users\Andreas Haller\Desktop\6oyd5cu5.exe
[2012.03.21 11:47:30 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.07 16:29:10 | 000,001,055 | ---- | M] () -- C:\Users\Andreas Haller\Desktop\Spybot - Search & Destroy.lnk
[2012.03.07 15:51:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2012.03.22 13:33:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.21 13:14:39 | 176,715,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.21 13:02:59 | 000,302,592 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\6oyd5cu5.exe
[2012.03.21 12:53:37 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\Defogger.exe
[2012.03.07 16:29:10 | 000,001,055 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\Spybot - Search & Destroy.lnk
[2012.03.07 15:51:34 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.03.07 15:50:09 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.06.01 10:51:27 | 002,269,184 | ---- | C] () -- C:\Windows\System32\vm3dgl.dll
[2011.04.26 12:41:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 14:06:15 | 000,005,632 | ---- | C] () -- C:\Users\Andreas Haller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.07 12:05:51 | 000,045,163 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2011.02.07 12:05:51 | 000,045,161 | ---- | C] () -- C:\Windows\System32\java.exe
[2011.02.07 12:04:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.01.16 12:00:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.16 12:00:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.16 11:59:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.16 11:59:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.16 11:59:36 | 003,408,896 | ---- | C] () -- C:\Windows\System32\SLsvc.exe
[2011.01.16 00:48:08 | 000,274,944 | ---- | C] () -- C:\Windows\System32\AUDIOKSE.dll
[2011.01.15 20:18:11 | 001,966,592 | ---- | C] () -- C:\Windows\System32\NlsData0027.dll
[2011.01.15 20:18:07 | 004,495,360 | ---- | C] () -- C:\Windows\System32\NlsData0010.dll
[2011.01.15 20:18:06 | 002,657,280 | ---- | C] () -- C:\Windows\System32\NlsData0011.dll
[2011.01.13 20:49:23 | 000,000,680 | ---- | C] () -- C:\Users\Andreas Haller\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.11.09 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoft
[2011.11.09 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 10:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2011.01.14 13:56:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Finanzportal24
[2011.01.16 10:04:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\MORGEN & MORGEN
[2011.08.23 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Morgen&Morgen
[2011.01.20 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Volkswohl Bund
[2012.03.22 20:13:37 | 000,022,048 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.18 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Adobe
[2011.05.23 06:18:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Avira
[2011.11.09 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoft
[2011.11.09 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 10:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2011.01.14 13:56:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Finanzportal24
[2011.01.13 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Identities
[2011.03.11 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Macromedia
[2012.03.22 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Malwarebytes
[2011.07.01 15:31:51 | 000,000,000 | --SD | M] -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft
[2011.01.16 10:04:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\MORGEN & MORGEN
[2011.08.23 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Morgen&Morgen
[2011.03.11 19:54:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla
[2011.02.07 12:05:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Sun
[2011.09.27 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\vlc
[2011.01.20 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Volkswohl Bund
 
< %APPDATA%\*.exe /s >
[2011.01.19 10:47:05 | 000,212,480 | R--- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl2.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
[2011.01.19 10:47:05 | 002,067,344 | R--- | M] (WIBU-SYSTEMS AG) -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
[2011.01.19 10:47:05 | 000,723,352 | R--- | M] (WIBU-SYSTEMS AG) -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl6.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.01.15 20:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.01.15 20:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.01.15 20:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.01.14 17:55:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2011.01.14 17:55:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 24.03.2012 18:36
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = http://www.google.de/search?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Andi7770 24.03.2012 19:21
Moin,

habe ich erledigt.
Hab mal getestet upzudaten-das ging noch nicht.
Habe auch wieder versucht die slsvc zu starten, da kam nun ein anderer Fehler.
"Konfigurationsmanager: allgemeiner interner Fehler" dann auf ok geklickt dann wird angezeigt:
"Der angegebene Ressourcentyp wurde nicht in der Image-Datei gefunden"

Grüße Andi

Code:

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
:Commands
[emptytemp]
[resethosts]

cosinus 24.03.2012 19:23
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Andi7770 24.03.2012 19:34
Code:
19:29:52.0138 2360        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:29:52.0286 2360        ============================================================
19:29:52.0286 2360        Current date / time: 2012/03/24 19:29:52.0286
19:29:52.0286 2360        SystemInfo:
19:29:52.0286 2360       
19:29:52.0287 2360        OS Version: 6.0.6002 ServicePack: 2.0
19:29:52.0287 2360        Product type: Workstation
19:29:52.0287 2360        ComputerName: LH-V96A6R7OK14D
19:29:52.0288 2360        UserName: Andreas Haller
19:29:52.0288 2360        Windows directory: C:\Windows
19:29:52.0288 2360        System windows directory: C:\Windows
19:29:52.0288 2360        Processor architecture: Intel x86
19:29:52.0288 2360        Number of processors: 1
19:29:52.0288 2360        Page size: 0x1000
19:29:52.0288 2360        Boot type: Normal boot
19:29:52.0288 2360        ============================================================
19:29:53.0210 2360        Drive \Device\Harddisk0\DR0 - Size: 0xA00000000 (40.00 Gb), SectorSize: 0x200, Cylinders: 0x1465, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:29:53.0212 2360        \Device\Harddisk0\DR0:
19:29:53.0213 2360        MBR used
19:29:53.0213 2360        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4FFF000
19:29:53.0217 2360        Initialize success
19:29:53.0217 2360        ============================================================
19:30:19.0904 2368        ============================================================
19:30:19.0904 2368        Scan started
19:30:19.0904 2368        Mode: Manual; SigCheck; TDLFS;
19:30:19.0904 2368        ============================================================
19:30:20.0054 2368        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:30:20.0240 2368        ACPI - ok
19:30:20.0307 2368        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:30:20.0365 2368        adp94xx - ok
19:30:20.0405 2368        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:30:20.0543 2368        adpahci - ok
19:30:20.0579 2368        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:30:20.0645 2368        adpu160m - ok
19:30:20.0675 2368        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:30:20.0741 2368        adpu320 - ok
19:30:20.0773 2368        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:30:20.0848 2368        AeLookupSvc - ok
19:30:20.0886 2368        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:30:20.0951 2368        AFD - ok
19:30:21.0022 2368        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\DRIVERS\agp440.sys
19:30:21.0125 2368        agp440 - ok
19:30:21.0203 2368        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:30:21.0322 2368        aic78xx - ok
19:30:21.0383 2368        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:30:21.0511 2368        ALG - ok
19:30:21.0541 2368        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:30:21.0571 2368        aliide - ok
19:30:21.0601 2368        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:30:21.0657 2368        amdagp - ok
19:30:21.0686 2368        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:30:21.0716 2368        amdide - ok
19:30:21.0743 2368        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:30:21.0943 2368        AmdK7 - ok
19:30:21.0976 2368        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:30:22.0087 2368        AmdK8 - ok
19:30:22.0100 2368        AntiVirSchedulerService - ok
19:30:22.0108 2368        AntiVirService - ok
19:30:22.0143 2368        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:30:22.0200 2368        Appinfo - ok
19:30:22.0231 2368        AppMgmt        (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
19:30:22.0302 2368        AppMgmt - ok
19:30:22.0330 2368        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:30:22.0391 2368        arc - ok
19:30:22.0443 2368        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:30:22.0511 2368        arcsas - ok
19:30:22.0554 2368        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:30:22.0601 2368        aspnet_state - ok
19:30:22.0648 2368        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:22.0723 2368        AsyncMac - ok
19:30:22.0754 2368        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:30:22.0814 2368        atapi - ok
19:30:22.0852 2368        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:30:22.0986 2368        AudioEndpointBuilder - ok
19:30:23.0006 2368        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:30:23.0124 2368        Audiosrv - ok
19:30:23.0159 2368        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:30:23.0260 2368        avgntflt - ok
19:30:23.0308 2368        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:30:23.0431 2368        avipbb - ok
19:30:23.0492 2368        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:30:23.0548 2368        Beep - ok
19:30:23.0588 2368        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:30:23.0675 2368        BFE - ok
19:30:23.0750 2368        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:30:23.0927 2368        BITS - ok
19:30:23.0976 2368        blbdrive - ok
19:30:24.0019 2368        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:30:24.0090 2368        bowser - ok
19:30:24.0123 2368        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:30:24.0214 2368        BrFiltLo - ok
19:30:24.0253 2368        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:30:24.0297 2368        BrFiltUp - ok
19:30:24.0344 2368        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:30:24.0411 2368        Browser - ok
19:30:24.0478 2368        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:30:24.0579 2368        Brserid - ok
19:30:24.0693 2368        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:30:24.0802 2368        BrSerWdm - ok
19:30:24.0884 2368        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:30:25.0061 2368        BrUsbMdm - ok
19:30:25.0119 2368        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:30:25.0263 2368        BrUsbSer - ok
19:30:25.0344 2368        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:30:25.0440 2368        BTHMODEM - ok
19:30:25.0477 2368        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:30:25.0550 2368        cdfs - ok
19:30:25.0570 2368        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:30:25.0632 2368        cdrom - ok
19:30:25.0664 2368        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:30:25.0721 2368        CertPropSvc - ok
19:30:25.0740 2368        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:30:25.0837 2368        circlass - ok
19:30:25.0858 2368        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:30:25.0907 2368        CLFS - ok
19:30:25.0924 2368        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:25.0976 2368        clr_optimization_v2.0.50727_32 - ok
19:30:26.0003 2368        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:26.0050 2368        clr_optimization_v4.0.30319_32 - ok
19:30:26.0074 2368        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:30:26.0131 2368        CmBatt - ok
19:30:26.0149 2368        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:30:26.0177 2368        cmdide - ok
19:30:26.0249 2368        CodeMeter.exe  (c45bf59a5afb98e1f47c439bf57d4b04) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
19:30:27.0455 2368        CodeMeter.exe - ok
19:30:27.0496 2368        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:30:27.0524 2368        Compbatt - ok
19:30:27.0538 2368        COMSysApp - ok
19:30:27.0560 2368        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:30:27.0594 2368        crcdisk - ok
19:30:27.0611 2368        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:30:27.0711 2368        Crusoe - ok
19:30:27.0737 2368        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:30:27.0802 2368        CryptSvc - ok
19:30:27.0835 2368        CSC            (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
19:30:27.0894 2368        CSC - ok
19:30:27.0928 2368        CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
19:30:28.0006 2368        CscService - ok
19:30:28.0046 2368        DcomLaunch      (7dfe0213d272be8953906faa6c001888) C:\Windows\system32\rpcss.dll
19:30:28.0112 2368        DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:30:28.0112 2368        DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:30:28.0139 2368        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:30:28.0199 2368        DfsC - ok
19:30:28.0269 2368        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:30:28.0574 2368        DFSR - ok
19:30:28.0615 2368        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:30:28.0682 2368        Dhcp - ok
19:30:28.0707 2368        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:30:28.0756 2368        disk - ok
19:30:28.0779 2368        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:30:28.0830 2368        Dnscache - ok
19:30:28.0852 2368        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:30:28.0917 2368        dot3svc - ok
19:30:28.0947 2368        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:30:29.0014 2368        DPS - ok
19:30:29.0034 2368        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:30:29.0077 2368        drmkaud - ok
19:30:29.0125 2368        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:30:29.0187 2368        DXGKrnl - ok
19:30:29.0212 2368        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:30:29.0287 2368        E1G60 - ok
19:30:29.0308 2368        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:30:29.0361 2368        EapHost - ok
19:30:29.0382 2368        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:30:29.0429 2368        Ecache - ok
19:30:29.0458 2368        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:30:29.0527 2368        elxstor - ok
19:30:29.0563 2368        EMDMgmt        (a368a6e91fb231c27e28fad8e69c9328) C:\Windows\system32\emdmgmt.dll
19:30:29.0616 2368        EMDMgmt ( UnsignedFile.Multi.Generic ) - warning
19:30:29.0617 2368        EMDMgmt - detected UnsignedFile.Multi.Generic (1)
19:30:29.0651 2368        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:30:29.0774 2368        EventSystem - ok
19:30:29.0798 2368        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:30:29.0845 2368        exfat - ok
19:30:29.0868 2368        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:30:29.0916 2368        fastfat - ok
19:30:29.0956 2368        Fax            (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
19:30:30.0084 2368        Fax - ok
19:30:30.0119 2368        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:30:30.0179 2368        fdc - ok
19:30:30.0199 2368        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:30:30.0255 2368        fdPHost - ok
19:30:30.0275 2368        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:30:30.0371 2368        FDResPub - ok
19:30:30.0392 2368        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:30:30.0437 2368        FileInfo - ok
19:30:30.0457 2368        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:30:30.0532 2368        Filetrace - ok
19:30:30.0556 2368        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:30.0643 2368        flpydisk - ok
19:30:30.0666 2368        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:30:30.0711 2368        FltMgr - ok
19:30:30.0756 2368        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:30:30.0845 2368        FontCache - ok
19:30:30.0863 2368        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:30.0896 2368        FontCache3.0.0.0 - ok
19:30:30.0921 2368        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:30:30.0966 2368        Fs_Rec - ok
19:30:30.0988 2368        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:30:31.0031 2368        gagp30kx - ok
19:30:31.0069 2368        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:30:31.0187 2368        gpsvc - ok
19:30:31.0219 2368        HDAudBus        (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys
19:30:31.0321 2368        HDAudBus - ok
19:30:31.0350 2368        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:30:31.0436 2368        HidBth - ok
19:30:31.0459 2368        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:30:31.0553 2368        HidIr - ok
19:30:31.0576 2368        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:30:31.0626 2368        hidserv - ok
19:30:31.0646 2368        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:30:31.0694 2368        HidUsb - ok
19:30:31.0716 2368        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:30:31.0782 2368        hkmsvc - ok
19:30:31.0804 2368        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:30:31.0841 2368        HpCISSs - ok
19:30:31.0869 2368        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:30:31.0939 2368        HTTP - ok
19:30:31.0965 2368        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:30:31.0996 2368        i2omp - ok
19:30:32.0022 2368        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:32.0082 2368        i8042prt - ok
19:30:32.0120 2368        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:30:32.0166 2368        iaStorV - ok
19:30:32.0206 2368        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:32.0389 2368        idsvc - ok
19:30:32.0417 2368        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:30:32.0454 2368        iirsp - ok
19:30:32.0486 2368        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:30:32.0573 2368        IKEEXT - ok
19:30:32.0605 2368        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:30:32.0650 2368        intelide - ok
19:30:32.0677 2368        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:30:32.0738 2368        intelppm - ok
19:30:32.0757 2368        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:30:32.0824 2368        IPBusEnum - ok
19:30:32.0852 2368        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:32.0925 2368        IpFilterDriver - ok
19:30:32.0952 2368        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:30:33.0015 2368        iphlpsvc - ok
19:30:33.0037 2368        IpInIp - ok
19:30:33.0057 2368        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:30:33.0173 2368        IPMIDRV - ok
19:30:33.0202 2368        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:30:33.0262 2368        IPNAT - ok
19:30:33.0284 2368        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:30:33.0339 2368        IRENUM - ok
19:30:33.0366 2368        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:30:33.0406 2368        isapnp - ok
19:30:33.0431 2368        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:33.0477 2368        iScsiPrt - ok
19:30:33.0500 2368        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:30:33.0537 2368        iteatapi - ok
19:30:33.0558 2368        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:30:33.0592 2368        iteraid - ok
19:30:33.0614 2368        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:33.0653 2368        kbdclass - ok
19:30:33.0673 2368        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:30:33.0764 2368        kbdhid - ok
19:30:33.0785 2368        KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:33.0840 2368        KeyIso - ok
19:30:33.0871 2368        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:30:33.0929 2368        KSecDD - ok
19:30:33.0962 2368        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:30:34.0053 2368        KtmRm - ok
19:30:34.0079 2368        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:30:34.0136 2368        LanmanServer - ok
19:30:34.0157 2368        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:30:34.0208 2368        LanmanWorkstation - ok
19:30:34.0232 2368        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:30:34.0305 2368        lltdio - ok
19:30:34.0329 2368        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:30:34.0398 2368        lltdsvc - ok
19:30:34.0420 2368        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:30:34.0529 2368        lmhosts - ok
19:30:34.0557 2368        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:30:34.0599 2368        LSI_FC - ok
19:30:34.0620 2368        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:30:34.0680 2368        LSI_SAS - ok
19:30:34.0714 2368        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:30:34.0780 2368        LSI_SCSI - ok
19:30:34.0806 2368        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:30:34.0888 2368        luafv - ok
19:30:34.0911 2368        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:30:34.0944 2368        megasas - ok
19:30:34.0968 2368        mfetdi2k        (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
19:30:34.0989 2368        mfetdi2k - ok
19:30:35.0010 2368        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:30:35.0073 2368        MMCSS - ok
19:30:35.0095 2368        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:30:35.0164 2368        Modem - ok
19:30:35.0188 2368        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:30:35.0251 2368        monitor - ok
19:30:35.0271 2368        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:30:35.0306 2368        mouclass - ok
19:30:35.0325 2368        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:30:35.0385 2368        mouhid - ok
19:30:35.0408 2368        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:30:35.0453 2368        MountMgr - ok
19:30:35.0478 2368        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:30:35.0546 2368        MpFilter - ok
19:30:35.0571 2368        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:30:35.0619 2368        mpio - ok
19:30:35.0640 2368        MpKslf3b819c2  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DC5D129-5531-4DB4-B39B-1F00DE735054}\MpKslf3b819c2.sys
19:30:35.0698 2368        MpKslf3b819c2 - ok
19:30:35.0724 2368        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:30:35.0763 2368        MpNWMon - ok
19:30:35.0785 2368        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:30:35.0831 2368        mpsdrv - ok
19:30:35.0860 2368        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:30:35.0947 2368        MpsSvc - ok
19:30:35.0973 2368        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:30:36.0005 2368        Mraid35x - ok
19:30:36.0029 2368        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:30:36.0075 2368        MRxDAV - ok
19:30:36.0098 2368        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:36.0157 2368        mrxsmb - ok
19:30:36.0179 2368        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:36.0224 2368        mrxsmb10 - ok
19:30:36.0249 2368        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:36.0307 2368        mrxsmb20 - ok
19:30:36.0332 2368        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:30:36.0361 2368        msahci - ok
19:30:36.0386 2368        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:30:36.0451 2368        msdsm - ok
19:30:36.0474 2368        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:30:36.0541 2368        MSDTC - ok
19:30:36.0570 2368        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:30:36.0632 2368        Msfs - ok
19:30:36.0654 2368        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:30:36.0689 2368        msisadrv - ok
19:30:36.0721 2368        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:30:36.0792 2368        MSiSCSI - ok
19:30:36.0812 2368        msiserver - ok
19:30:36.0839 2368        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:30:36.0894 2368        MSKSSRV - ok
19:30:36.0908 2368        MsMpSvc        (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:30:36.0952 2368        MsMpSvc - ok
19:30:36.0976 2368        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:37.0027 2368        MSPCLOCK - ok
19:30:37.0046 2368        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:30:37.0099 2368        MSPQM - ok
19:30:37.0132 2368        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:30:37.0202 2368        MsRPC - ok
19:30:37.0233 2368        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:37.0270 2368        mssmbios - ok
19:30:37.0282 2368        MSSQL$BTSQLINSTANZ - ok
19:30:37.0297 2368        MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:30:37.0341 2368        MSSQLServerADHelper100 - ok
19:30:37.0364 2368        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:30:37.0417 2368        MSTEE - ok
19:30:37.0438 2368        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:30:37.0490 2368        Mup - ok
19:30:37.0530 2368        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:30:37.0601 2368        napagent - ok
19:30:37.0632 2368        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:30:37.0680 2368        NativeWifiP - ok
19:30:37.0717 2368        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:30:37.0796 2368        NDIS - ok
19:30:37.0825 2368        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:37.0877 2368        NdisTapi - ok
19:30:37.0898 2368        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:37.0952 2368        Ndisuio - ok
19:30:37.0974 2368        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:38.0034 2368        NdisWan - ok
19:30:38.0058 2368        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:30:38.0125 2368        NDProxy - ok
19:30:38.0145 2368        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:30:38.0209 2368        NetBIOS - ok
19:30:38.0232 2368        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:30:38.0303 2368        netbt - ok
19:30:38.0323 2368        Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:38.0369 2368        Netlogon - ok
19:30:38.0397 2368        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:30:38.0495 2368        Netman - ok
19:30:38.0529 2368        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0579 2368        NetMsmqActivator - ok
19:30:38.0589 2368        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0632 2368        NetPipeActivator - ok
19:30:38.0659 2368        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:30:38.0737 2368        netprofm - ok
19:30:38.0762 2368        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0808 2368        NetTcpActivator - ok
19:30:38.0816 2368        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0863 2368        NetTcpPortSharing - ok
19:30:38.0890 2368        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:30:38.0927 2368        nfrd960 - ok
19:30:38.0958 2368        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:30:39.0002 2368        NisDrv - ok
19:30:39.0016 2368        NisSrv          (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:30:39.0083 2368        NisSrv - ok
19:30:39.0125 2368        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:30:39.0200 2368        NlaSvc - ok
19:30:39.0225 2368        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:30:39.0283 2368        Npfs - ok
19:30:39.0306 2368        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:30:39.0377 2368        nsi - ok
19:30:39.0399 2368        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:30:39.0460 2368        nsiproxy - ok
19:30:39.0534 2368        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:30:39.0768 2368        Ntfs - ok
19:30:39.0801 2368        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:30:39.0896 2368        ntrigdigi - ok
19:30:39.0919 2368        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:30:39.0978 2368        Null - ok
19:30:40.0001 2368        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:30:40.0053 2368        nvraid - ok
19:30:40.0075 2368        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:30:40.0117 2368        nvstor - ok
19:30:40.0142 2368        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:30:40.0183 2368        nv_agp - ok
19:30:40.0200 2368        NwlnkFlt - ok
19:30:40.0217 2368        NwlnkFwd - ok
19:30:40.0238 2368        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:30:40.0332 2368        ohci1394 - ok
19:30:40.0365 2368        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:40.0440 2368        p2pimsvc - ok
19:30:40.0463 2368        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:40.0546 2368        p2psvc - ok
19:30:40.0575 2368        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:30:40.0657 2368        Parport - ok
19:30:40.0676 2368        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:30:40.0726 2368        partmgr - ok
19:30:40.0747 2368        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:30:40.0802 2368        Parvdm - ok
19:30:40.0826 2368        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:30:40.0881 2368        PcaSvc - ok
19:30:40.0903 2368        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:30:40.0943 2368        pci - ok
19:30:40.0963 2368        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:30:40.0994 2368        pciide - ok
19:30:41.0019 2368        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:30:41.0060 2368        pcmcia - ok
19:30:41.0116 2368        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:30:41.0238 2368        PEAUTH - ok
19:30:41.0327 2368        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:30:41.0492 2368        pla - ok
19:30:41.0542 2368        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:30:42.0966 2368        PlugPlay - ok
19:30:43.0005 2368        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:43.0104 2368        PNRPAutoReg - ok
19:30:43.0132 2368        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:43.0206 2368        PNRPsvc - ok
19:30:43.0245 2368        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:30:43.0326 2368        PolicyAgent - ok
19:30:43.0400 2368        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:30:43.0523 2368        PptpMiniport - ok
19:30:43.0553 2368        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:30:43.0656 2368        Processor - ok
19:30:43.0682 2368        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:30:43.0765 2368        ProfSvc - ok
19:30:43.0791 2368        ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:43.0837 2368        ProtectedStorage - ok
19:30:43.0866 2368        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:30:43.0931 2368        PSched - ok
19:30:43.0975 2368        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:30:44.0061 2368        ql2300 - ok
19:30:44.0091 2368        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:30:44.0170 2368        ql40xx - ok
19:30:44.0193 2368        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:30:44.0268 2368        QWAVE - ok
19:30:44.0296 2368        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:30:44.0340 2368        QWAVEdrv - ok
19:30:44.0360 2368        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:30:44.0407 2368        RasAcd - ok
19:30:44.0430 2368        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:30:44.0496 2368        RasAuto - ok
19:30:44.0518 2368        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:44.0605 2368        Rasl2tp - ok
19:30:44.0627 2368        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:30:44.0696 2368        RasMan - ok
19:30:44.0722 2368        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:44.0782 2368        RasPppoe - ok
19:30:44.0803 2368        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:30:44.0870 2368        RasSstp - ok
19:30:44.0900 2368        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:30:44.0986 2368        rdbss - ok
19:30:45.0016 2368        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:45.0069 2368        RDPCDD - ok
19:30:45.0098 2368        rdpdr          (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
19:30:45.0194 2368        rdpdr - ok
19:30:45.0220 2368        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:30:45.0269 2368        RDPENCDD - ok
19:30:45.0298 2368        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:30:45.0390 2368        RDPWD - ok
19:30:45.0416 2368        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:30:45.0495 2368        RemoteAccess - ok
19:30:45.0517 2368        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:30:45.0592 2368        RemoteRegistry - ok
19:30:45.0611 2368        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:30:45.0667 2368        RpcLocator - ok
19:30:45.0705 2368        RpcSs          (7dfe0213d272be8953906faa6c001888) C:\Windows\system32\rpcss.dll
19:30:45.0778 2368        RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:30:45.0779 2368        RpcSs - detected UnsignedFile.Multi.Generic (1)
19:30:45.0810 2368        RsFx0103        (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
19:30:45.0863 2368        RsFx0103 - ok
19:30:45.0890 2368        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:30:45.0967 2368        rspndr - ok
19:30:45.0986 2368        SamSs          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:46.0031 2368        SamSs - ok
19:30:46.0055 2368        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:30:46.0117 2368        sbp2port - ok
19:30:46.0139 2368        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:30:46.0196 2368        SCardSvr - ok
19:30:46.0231 2368        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:30:46.0312 2368        Schedule - ok
19:30:46.0338 2368        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:30:46.0390 2368        SCPolicySvc - ok
19:30:46.0412 2368        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:30:46.0461 2368        SDRSVC - ok
19:30:46.0485 2368        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:30:46.0586 2368        secdrv - ok
19:30:46.0611 2368        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:30:46.0672 2368        seclogon - ok
19:30:46.0693 2368        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:30:46.0756 2368        SENS ( UnsignedFile.Multi.Generic ) - warning
19:30:46.0756 2368        SENS - detected UnsignedFile.Multi.Generic (1)
19:30:46.0782 2368        Sentinel        (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
19:30:47.0129 2368        Sentinel - ok
19:30:47.0149 2368        SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
19:30:47.0333 2368        SentinelKeysServer - ok
19:30:47.0354 2368        SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
19:30:52.0641 2368        SentinelProtectionServer - ok
19:30:52.0758 2368        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:30:52.0812 2368        Serenum - ok
19:30:52.0838 2368        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:30:53.0052 2368        Serial - ok
19:30:53.0086 2368        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:30:53.0208 2368        sermouse - ok
19:30:53.0280 2368        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:30:53.0348 2368        SessionEnv - ok
19:30:53.0401 2368        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:30:53.0596 2368        sffdisk - ok
19:30:53.0617 2368        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:30:53.0853 2368        sffp_mmc - ok
19:30:53.0875 2368        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:30:53.0960 2368        sffp_sd - ok
19:30:53.0984 2368        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:30:54.0068 2368        sfloppy - ok
19:30:54.0099 2368        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:30:54.0306 2368        SharedAccess - ok
19:30:54.0340 2368        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:30:54.0405 2368        ShellHWDetection - ok
19:30:54.0432 2368        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:30:54.0475 2368        sisagp - ok
19:30:54.0494 2368        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:30:54.0526 2368        SiSRaid2 - ok
19:30:54.0590 2368        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:30:54.0701 2368        SiSRaid4 - ok
19:30:54.0814 2368        slsvc          (ade18a6dbc143253821d02f2ca39824b) C:\Windows\system32\SLsvc.exe
19:30:55.0269 2368        slsvc ( UnsignedFile.Multi.Generic ) - warning
19:30:55.0269 2368        slsvc - detected UnsignedFile.Multi.Generic (1)
19:30:55.0306 2368        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:30:55.0365 2368        SLUINotify - ok
19:30:55.0387 2368        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:30:55.0462 2368        Smb - ok
19:30:55.0493 2368        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:30:55.0542 2368        SNMPTRAP - ok
19:30:55.0582 2368        SNTNLUSB        (9de6e60ce7fd82b4985de5d9c22265ad) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
19:30:55.0650 2368        SNTNLUSB - ok
19:30:55.0744 2368        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:30:55.0790 2368        spldr - ok
19:30:55.0815 2368        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:30:55.0870 2368        Spooler - ok
19:30:55.0893 2368        SQLAgent$BTSQLINSTANZ (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\SQLAGENT.EXE
19:30:56.0099 2368        SQLAgent$BTSQLINSTANZ - ok
19:30:56.0127 2368        SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:30:56.0231 2368        SQLBrowser - ok
19:30:56.0363 2368        SQLWriter      (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:30:56.0580 2368        SQLWriter - ok
19:30:56.0673 2368        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:30:56.0723 2368        srv - ok
19:30:56.0796 2368        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:30:56.0936 2368        srv2 - ok
19:30:56.0961 2368        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:30:57.0073 2368        srvnet - ok
19:30:57.0100 2368        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:30:57.0182 2368        SSDPSRV - ok
19:30:57.0203 2368        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:30:57.0239 2368        ssmdrv - ok
19:30:57.0268 2368        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:30:57.0312 2368        SstpSvc - ok
19:30:57.0342 2368        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:30:57.0426 2368        stisvc - ok
19:30:57.0461 2368        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:30:57.0489 2368        swenum - ok
19:30:57.0531 2368        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:30:57.0613 2368        swprv - ok
19:30:57.0642 2368        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:30:57.0679 2368        Symc8xx - ok
19:30:57.0703 2368        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:30:57.0738 2368        Sym_hi - ok
19:30:57.0763 2368        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:30:57.0804 2368        Sym_u3 - ok
19:30:57.0839 2368        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:30:57.0920 2368        SysMain - ok
19:30:57.0947 2368        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:30:58.0001 2368        TabletInputService - ok
19:30:58.0024 2368        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:30:58.0108 2368        TapiSrv - ok
19:30:58.0175 2368        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:30:58.0273 2368        TBS - ok
19:30:58.0341 2368        Tcpip          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
19:30:58.0506 2368        Tcpip - ok
19:30:58.0583 2368        Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
19:30:58.0671 2368        Tcpip6 - ok
19:30:58.0701 2368        tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
19:30:58.0747 2368        tcpipreg - ok
19:30:58.0779 2368        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:30:58.0849 2368        TDPIPE - ok
19:30:58.0874 2368        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:30:58.0945 2368        TDTCP - ok
19:30:58.0969 2368        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:30:59.0043 2368        tdx - ok
19:30:59.0070 2368        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:30:59.0142 2368        TermDD - ok
19:30:59.0169 2368        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:30:59.0253 2368        TermService - ok
19:30:59.0280 2368        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:30:59.0335 2368        Themes - ok
19:30:59.0361 2368        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:30:59.0426 2368        THREADORDER - ok
19:30:59.0443 2368        TPAutoConnSvc  (318fecdb840272065bbb8d034749cb8a) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
19:30:59.0541 2368        TPAutoConnSvc - ok
19:30:59.0563 2368        TPVCGateway    (a2c4f995230dd11213bc465353e4c7a9) C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
19:30:59.0664 2368        TPVCGateway - ok
19:30:59.0690 2368        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:30:59.0790 2368        TrkWks - ok
19:30:59.0804 2368        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:30:59.0893 2368        TrustedInstaller - ok
19:30:59.0920 2368        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:59.0983 2368        tssecsrv - ok
19:31:00.0004 2368        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:31:00.0045 2368        tunmp - ok
19:31:00.0067 2368        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:31:00.0108 2368        tunnel - ok
19:31:00.0134 2368        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:31:00.0179 2368        uagp35 - ok
19:31:00.0205 2368        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:31:00.0261 2368        udfs - ok
19:31:00.0294 2368        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:31:00.0362 2368        UI0Detect - ok
19:31:00.0389 2368        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:31:00.0436 2368        uliagpkx - ok
19:31:00.0461 2368        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:31:00.0549 2368        uliahci - ok
19:31:00.0577 2368        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:31:00.0621 2368        UlSata - ok
19:31:00.0642 2368        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:31:00.0680 2368        ulsata2 - ok
19:31:00.0703 2368        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:31:00.0768 2368        umbus - ok
19:31:00.0798 2368        UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
19:31:00.0877 2368        UmRdpService - ok
19:31:00.0901 2368        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:31:00.0981 2368        upnphost - ok
19:31:01.0014 2368        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:31:01.0093 2368        usbccgp - ok
19:31:01.0127 2368        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:31:01.0241 2368        usbcir - ok
19:31:01.0263 2368        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:31:01.0320 2368        usbehci - ok
19:31:01.0353 2368        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:31:01.0411 2368        usbhub - ok
19:31:01.0433 2368        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:31:01.0520 2368        usbohci - ok
19:31:01.0543 2368        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:31:01.0643 2368        usbprint - ok
19:31:01.0667 2368        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:31:01.0732 2368        USBSTOR - ok
19:31:01.0757 2368        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:31:01.0809 2368        usbuhci - ok
19:31:01.0832 2368        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:31:01.0897 2368        UxSms - ok
19:31:01.0928 2368        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:31:02.0010 2368        vds - ok
19:31:02.0040 2368        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:31:02.0135 2368        vga - ok
19:31:02.0161 2368        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:31:02.0223 2368        VgaSave - ok
19:31:02.0243 2368        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:31:02.0290 2368        viaagp - ok
19:31:02.0327 2368        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:31:02.0456 2368        ViaC7 - ok
19:31:02.0477 2368        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:31:02.0504 2368        viaide - ok
19:31:02.0526 2368        vm3dmp          (16acb3a0e2d8dbe1e422d5f3756b6aeb) C:\Windows\system32\DRIVERS\vm3dmp.sys
19:31:02.0581 2368        vm3dmp - ok
19:31:02.0612 2368        VMAUDIO        (98e6cc4d5a21db9626a6b738c4f313a5) C:\Windows\system32\drivers\vmaudio.sys
19:31:02.0644 2368        VMAUDIO - ok
19:31:02.0665 2368        vmci            (c1a0a5232628cc4620aa2e6ff3cbbeea) C:\Windows\system32\DRIVERS\vmci.sys
19:31:02.0719 2368        vmci - ok
19:31:02.0742 2368        vmdebug        (6299222ebfc6c9d9600bbe45397e48ae) C:\Windows\system32\Drivers\vmdebug.sys
19:31:02.0775 2368        vmdebug - ok
19:31:02.0797 2368        vmhgfs          (33e56c44ca9559adbf264d7844d2d72d) C:\Windows\system32\DRIVERS\vmhgfs.sys
19:31:02.0858 2368        vmhgfs - ok
19:31:02.0877 2368        VMMEMCTL        (1aaa62c84cebe2188473d92984a9d25f) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
19:31:02.0907 2368        VMMEMCTL - ok
19:31:02.0930 2368        vmmouse        (794d1672caf56dbb6479d943f7ca1286) C:\Windows\system32\DRIVERS\vmmouse.sys
19:31:02.0963 2368        vmmouse - ok
19:31:02.0975 2368        vmrawdsk        (52066db3544737be01ecc605b4c6320f) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
19:31:03.0014 2368        vmrawdsk - ok
19:31:03.0028 2368        VMTools        (5d3daa74bd310dfd51902b3ea32c67df) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
19:31:03.0069 2368        VMTools - ok
19:31:03.0084 2368        VMUpgradeHelper (d0b6c8b189dc9bae0355c9719080875e) C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
19:31:03.0198 2368        VMUpgradeHelper - ok
19:31:03.0218 2368        vmvss - ok
19:31:03.0248 2368        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:31:03.0291 2368        volmgr - ok
19:31:03.0313 2368        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:31:03.0360 2368        volmgrx - ok
19:31:03.0390 2368        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:31:03.0435 2368        volsnap - ok
19:31:03.0462 2368        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:31:03.0527 2368        vsmraid - ok
19:31:03.0592 2368        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:31:03.0735 2368        VSS - ok
19:31:03.0775 2368        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:31:03.0848 2368        W32Time - ok
19:31:03.0881 2368        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:31:03.0969 2368        WacomPen - ok
19:31:03.0993 2368        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:04.0075 2368        Wanarp - ok
19:31:04.0084 2368        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:04.0160 2368        Wanarpv6 - ok
19:31:04.0212 2368        wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
19:31:04.0354 2368        wbengine - ok
19:31:04.0384 2368        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:31:04.0496 2368        wcncsvc - ok
19:31:04.0519 2368        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:31:04.0578 2368        WcsPlugInService - ok
19:31:04.0613 2368        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:31:04.0645 2368        Wd - ok
19:31:04.0681 2368        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:31:04.0742 2368        Wdf01000 - ok
19:31:04.0767 2368        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:31:04.0843 2368        WdiServiceHost - ok
19:31:04.0851 2368        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:31:04.0927 2368        WdiSystemHost - ok
19:31:04.0955 2368        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:31:05.0010 2368        WebClient - ok
19:31:05.0034 2368        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:31:05.0092 2368        Wecsvc - ok
19:31:05.0114 2368        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:31:05.0186 2368        wercplsupport - ok
19:31:05.0206 2368        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:31:05.0282 2368        WerSvc - ok
19:31:05.0302 2368        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:31:05.0361 2368        WinDefend - ok
19:31:05.0385 2368        WinHttpAutoProxySvc - ok
19:31:05.0422 2368        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:31:05.0485 2368        Winmgmt - ok
19:31:05.0542 2368        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:31:05.0681 2368        WinRM - ok
19:31:05.0735 2368        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:31:05.0817 2368        Wlansvc - ok
19:31:05.0847 2368        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:31:05.0939 2368        WmiAcpi - ok
19:31:05.0974 2368        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:31:06.0051 2368        wmiApSrv - ok
19:31:06.0101 2368        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:31:06.0426 2368        WMPNetworkSvc - ok
19:31:06.0459 2368        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:31:06.0509 2368        WPDBusEnum - ok
19:31:06.0554 2368        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:31:06.0633 2368        WPFFontCache_v0400 - ok
19:31:06.0665 2368        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:31:06.0725 2368        ws2ifsl - ok
19:31:06.0746 2368        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:31:06.0843 2368        wscsvc - ok
19:31:06.0863 2368        WSearch - ok
19:31:06.0947 2368        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:31:07.0161 2368        wuauserv - ok
19:31:07.0194 2368        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:31:07.0283 2368        WUDFRd - ok
19:31:07.0305 2368        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:31:07.0372 2368        wudfsvc - ok
19:31:07.0388 2368        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:31:07.0418 2368        \Device\Harddisk0\DR0 - ok
19:31:07.0423 2368        Boot (0x1200)  (73d1c7d47543451fff60838309b2232a) \Device\Harddisk0\DR0\Partition0
19:31:07.0424 2368        \Device\Harddisk0\DR0\Partition0 - ok
19:31:07.0428 2368        ============================================================
19:31:07.0428 2368        Scan finished
19:31:07.0428 2368        ============================================================
19:31:07.0445 3076        Detected object count: 5
19:31:07.0445 3076        Actual detected object count: 5
19:32:13.0506 3076        DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0506 3076        DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:13.0508 3076        EMDMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0508 3076        EMDMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:13.0510 3076        RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0510 3076        RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:13.0513 3076        SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0513 3076        SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:13.0515 3076        slsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0515 3076        slsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 24.03.2012 19:42
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Andi7770 24.03.2012 21:01
hmm…
am Ende des Checks wurde Windows neu gestartet, allerdings konnte Windows nicht geladen werden, da ntfs.sys nicht gefunden werden konnte.(wurde vom Combofix gelöscht)

Er will jetzt meine Windows CD um eine Reparatur durchzuführen, liegt allerdings im Büro ;-)

Ich geb dann Montag Bescheid und stelle die Log ein---vielen Dank dir bis hierhin

Grüße und schönen Sonntag
Andi


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:33 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131