Windows update Fehler 80070426

Andi7770 · 21.03.2012, 12:50

Hallo Leute,

ich komme einfach nicht mehr weiter durch suchen und ausprobieren über google.

Wenn ich versuche mein Windows Vista upzudaten erhalte ich seit ca. 4 Monaten den Fehlercode 80070426.
Die Slsvc kann ich über Dienste auch garnicht starten.
Ich nutze Windows über die VMWare auf meinem Mac.

Ich habe jetzt den Hijack Test laufen lassen und würde mich über euere fachkundige Meinung sehr freuen.
Falls ich nicht den Forenregelen entsprechend genug Infos gepostet habe bitte entschuldigt das--bin zum ersten mal angemeldet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:07, on 21.03.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Andreas \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WUVEY3P\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing)
O3 - Toolbar: StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas \AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} (GO-Global 4) - https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: VMware-Upgrade-Hilfsprogramm (VMUpgradeHelper) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe

ich habe jetzt noch gelesen, dass HijackThis nicht mehr sinnvoll ist, deshlab nun die Auswertungen wie in der Checkliste beschrieben.
DDS Attach GMER
DDS Logfile:
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19154
Run by Andreas  at 12:58:16 on 2012-03-21
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.1023.426 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fondsfinanz.de/
mStart Page = hxxp://startsear.ch/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\ssBarLcher.dll
TB: StartSearchToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\ssBarLcher.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"
mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\andrea~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\andreas \appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} - hxxps://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab
DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.109.2
TCP: Interfaces\{16DA9B34-0EE4-4A52-9716-E2E232151574} : DhcpNameServer = 192.168.109.2
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andreas \appdata\roaming\mozilla\firefox\profiles\pvsw9u8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - plugin: c:\program files\java\j2re1.4.2_10\bin\NPJPI142_10.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl479cd8cd;MpKsl479cd8cd;c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys [2012-3-21 29904]
R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2011-1-13 129392]
R1 vmrawdsk;Hilfsdienst fÃ¼r physischen VMware Vista-DatentrÃ¤ger;c:\program files\vmware\vmware tools\vmrawdsk.sys [2010-11-30 37744]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-1 66616]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2010-6-30 2067344]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-16 21504]
R2 MSSQL$BTSQLINSTANZ;SQL Server (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 VMMEMCTL;Treiber fÃ¼r Speichersteuerung;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2011-5-21 14448]
R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\vmtoolsd.exe [2011-5-21 50288]
R2 VMUpgradeHelper;VMware-Upgrade-Hilfsprogramm;c:\program files\vmware\vmware tools\VMUpgradeHelper.exe [2011-5-21 174704]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2010-11-30 255304]
R3 vm3dmp;vm3dmp;c:\windows\system32\drivers\vm3dmp.sys [2011-6-1 77824]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-1-13 61872]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2011-1-13 11440]
S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2010-11-30 23152]
S2 AntiVirSchedulerService;Avira AntiVir Planer;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 TPVCGateway;TP VC Gateway Service;c:\program files\vmware\vmware tools\TPVCGateway.exe [2010-11-30 390432]
S3 vmvss;VMware Snapshot Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-15 84072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$BTSQLINSTANZ;SQL Server Agent (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-03-21 11:08:56    29904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys
2012-03-19 11:57:44    6552120    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-19 11:57:23    6552120    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\mpengine.dll
2012-03-07 15:28:50    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-03-07 15:28:50    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2012-03-07 15:09:58    713784    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-03-07 15:09:57    713784    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{770fb0e5-4d49-4a1b-bb27-d14b0ced2018}\gapaengine.dll
2012-03-07 14:49:59    --------    d-----w-    c:\program files\Microsoft Security Client
2012-03-07 14:49:45    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
.
==================== Find3M  ====================
.
2012-03-07 15:08:53    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:58:54,61 ===============

--- --- ---

--- --- ---

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 13.01.2011 20:45:56
System Uptime: 21.03.2012 12:07:28 (0 hours ago)
.
Motherboard: Intel Corporation | | 440BX Desktop Reference Platform
Processor: Intel(R) Core(TM)2 Duo CPU L9400 @ 1.86GHz | CPU socket #0 | 1859/mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 13,162 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP176: 07.03.2012 15:09:45 - Geplanter Prüfpunkt
RP177: 07.03.2012 15:49:33 - Windows Update
RP178: 19.03.2012 15:20:53 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt.
RP179: 19.03.2012 16:02:18 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1) - Deutsch
BeratungsNavigator Rechen-Zusatzmodul
Beratungsprogramme W&W-Konzern
CodeMeter Runtime Kit v4.20a
Finanzplaner
Free YouTube to MP3 Converter version 3.10.11.923
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 2 Runtime Environment, SE v1.4.2_10
KV-WIN
LV-WIN
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
PDFCreator
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Sentinel Protection Installer 7.5.0
Service Pack 1 for SQL Server 2008 (KB968369)
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
TAS
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Veetle TV 0.9.18
VideoLAN VLC media player 0.8.2
VMware Tools
VOLKSWOHL BUND - Angebotsprogramm Komfort
.
==== End Of File ===========================

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-21 13:58:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 VMware,_ rev.1.0_
Running: 6oyd5cu5.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\kftoyaow.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT   86B58FE6                                                                                                            ZwCreateSection
SSDT   86B58FEB                                                                                                            ZwSetContextThread
SSDT   86B58F87                                                                                                            ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text  ntkrnlpa.exe!KeSetEvent + 215                                                                                       81CF3998 4 Bytes  [E6, 8F, B5, 86] {OUT 0x8f, AL; MOV CH, 0x86}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                                       81CF3CF0 4 Bytes  [EB, 8F, B5, 86] {JMP 0xffffffffffffff91; MOV CH, 0x86}
.text  ntkrnlpa.exe!KeSetEvent + 621                                                                                       81CF3DA4 4 Bytes  [87, 8F, B5, 86]
 
---- Files - GMER 1.0.15 ----
 
File   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-55-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock  0 bytes
 
---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 21.03.2012, 17:48

Zitat:

Die Slsvc kann ich über Dienste auch garnicht starten.

Warum nicht?

Fehlermeldung??

Was du vor 4 Monaten gemacht hast, dass zu diesem Fehler führte kannst du wohl auch nicht mehr nachvollziehen?

Andi7770 · 22.03.2012, 10:10

Hi,

leider kann ich das nichtmehr nachvollziehen

Als Fehlermeldung wenn ich slsvc starten will kommt:

- Der Dienst "slsvc" auf "Lokaler Computer" konnte nicht gestartet werden.
Fehler 1053: Der Dienst antwortet nicht rechtzeitig auf die start- oder Steuerungsanforderung -

Wenn ich auf slsvc draufgehe ohne es zu starten steht links in der Anzeige.

- Beschreibung: Fehler beim lesen der Beschreibung. Fehlercode 1813 -

cosinus · 22.03.2012, 12:41

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Andi7770 · 22.03.2012, 14:14

Hi Arne,

danke schonmal für deine Tips.
hier vorab der scan mit malwarebytes.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19154
Andreas Haller :: LH-V96A6R7OK14D [Administrator]

22.03.2012 13:39:21
mbam-log-2012-03-22 (14-07-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255258
Laufzeit: 22 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: StartSearchTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

cosinus · 22.03.2012, 15:35

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Andi7770 · 22.03.2012, 20:11

Hi,

die Funde hatte ich entfernt, danke trotzdem für den Hinweis! Manchmal sind es ja die einfachen Dinge ;-)
Ich hatte vorher noch nicht mit Malwarebytes gescannt.

angefügt noch der zweite scan, ich hoffe das hilft weiter

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f72befe755504fadaed09e5b9c897b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 02:37:49
# local_time=2012-03-22 03:37:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1296875 169958965 0 0
# compatibility_mode=8192 67108863 100 0 3727 3727 0 0
# scanned=7565
# found=0
# cleaned=0
# scan_time=806
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f72befe755504fadaed09e5b9c897b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 06:53:05
# local_time=2012-03-22 07:53:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1309438 169971528 0 0
# compatibility_mode=8192 67108863 100 0 16290 16290 0 0
# scanned=102860
# found=0
# cleaned=0
# scan_time=3558

cosinus · 23.03.2012, 21:05

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Andi7770 · 24.03.2012, 10:22

Alles klar,

ist erledigt.

Grüße

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.03.2012 09:38:24 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Andreas Haller\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,79 Mb Total Physical Memory | 427,26 Mb Available Physical Memory | 41,77% Memory free
2,26 Gb Paging File | 1,57 Gb Available in Paging File | 69,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 12,64 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
 
Computer Name: LH-V96A6R7OK14D | User Name: Andreas Haller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.22 12:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.05.21 15:59:44 | 000,174,704 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMUpgradeHelper.exe
PRC - [2011.05.21 15:59:34 | 001,104,496 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMwareUser.exe
PRC - [2011.05.21 15:59:32 | 000,186,992 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\VMwareTray.exe
PRC - [2011.05.21 15:59:18 | 000,050,288 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.11.30 15:55:10 | 000,255,304 | R--- | M] (ThinPrint AG) -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe
PRC - [2010.11.30 15:55:08 | 000,451,880 | R--- | M] (ThinPrint AG) -- C:\Programme\VMware\VMware Tools\TPAutoConnect.exe
PRC - [2010.06.30 04:20:00 | 006,871,440 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2010.06.30 04:20:00 | 002,067,344 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.21 15:59:38 | 000,056,432 | ---- | M] () -- C:\Programme\VMware\VMware Tools\sigc-2.0.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.05.21 15:59:44 | 000,174,704 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe -- (VMUpgradeHelper)
SRV - [2011.05.21 15:59:18 | 000,050,288 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Tools\vmtoolsd.exe -- (VMTools)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.30 15:55:10 | 000,390,432 | R--- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway)
SRV - [2010.11.30 15:55:10 | 000,255,304 | R--- | M] (ThinPrint AG) [On_Demand | Running] -- C:\Programme\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2010.06.30 04:20:00 | 002,067,344 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2009.04.10 23:27:50 | 003,408,896 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009.03.31 05:55:56 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe -- (MSSQL$BTSQLINSTANZ) SQL Server (BTSQLINSTANZ)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$BTSQLINSTANZ) SQL Server Agent (BTSQLINSTANZ)
SRV - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.22 20:15:49 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DC5D129-5531-4DB4-B39B-1F00DE735054}\MpKsl3d46a277.sys -- (MpKsl3d46a277)
DRV - [2011.06.30 13:51:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 13:51:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.21 15:59:38 | 000,014,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2011.05.21 15:59:34 | 000,129,392 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\vmhgfs.sys -- (vmhgfs)
DRV - [2011.05.21 15:56:56 | 000,077,824 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.30 15:59:06 | 000,023,152 | ---- | M] (VMware, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vmdebug.sys -- (vmdebug)
DRV - [2010.11.30 15:58:44 | 000,037,744 | ---- | M] (VMware, Inc.) [Kernel | System | Running] -- C:\Programme\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk)
DRV - [2010.11.30 15:57:44 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
DRV - [2010.11.30 15:57:32 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2010.11.30 15:55:46 | 000,061,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010.10.13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.07.11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2008.07.11 07:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fondsfinanz.de/
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.26 20:54:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.26 20:54:35 | 000,000,000 | ---D | M]
 
[2011.03.11 19:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Extensions
[2011.11.14 14:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.09 14:40:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
[2011.03.11 19:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.26 12:23:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 12:23:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.26 12:23:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.26 12:23:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.26 12:23:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.109.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16DA9B34-0EE4-4A52-9716-E2E232151574}: DhcpNameServer = 192.168.109.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 09:36:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
[2012.03.22 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.22 13:34:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\AppData\Roaming\Malwarebytes
[2012.03.22 13:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.22 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.22 13:33:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.22 13:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2012.03.22 10:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.03.22 10:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.03.22 10:29:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas Haller\Desktop\Steuererklärung
[2012.03.21 13:14:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.03.21 12:57:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Andreas Haller\Desktop\dds.scr
[2012.03.07 16:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.03.07 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.03.07 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.03.07 15:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 20:19:50 | 000,756,800 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.22 20:19:50 | 000,714,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.22 20:19:50 | 000,177,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.22 20:19:50 | 000,150,528 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.22 20:15:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 13:33:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 12:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Haller\Desktop\OTL.exe
[2012.03.22 10:45:46 | 000,049,152 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.03.21 13:14:39 | 176,715,591 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.21 13:02:53 | 000,302,592 | ---- | M] () -- C:\Users\Andreas Haller\Desktop\6oyd5cu5.exe
[2012.03.21 11:47:30 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.07 16:29:10 | 000,001,055 | ---- | M] () -- C:\Users\Andreas Haller\Desktop\Spybot - Search & Destroy.lnk
[2012.03.07 15:51:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2012.03.22 13:33:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.21 13:14:39 | 176,715,591 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.21 13:02:59 | 000,302,592 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\6oyd5cu5.exe
[2012.03.21 12:53:37 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\Defogger.exe
[2012.03.07 16:29:10 | 000,001,055 | ---- | C] () -- C:\Users\Andreas Haller\Desktop\Spybot - Search & Destroy.lnk
[2012.03.07 15:51:34 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.03.07 15:50:09 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.06.01 10:51:27 | 002,269,184 | ---- | C] () -- C:\Windows\System32\vm3dgl.dll
[2011.04.26 12:41:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 14:06:15 | 000,005,632 | ---- | C] () -- C:\Users\Andreas Haller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.07 12:05:51 | 000,045,163 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2011.02.07 12:05:51 | 000,045,161 | ---- | C] () -- C:\Windows\System32\java.exe
[2011.02.07 12:04:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.01.16 12:00:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.16 12:00:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.16 11:59:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.16 11:59:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.16 11:59:36 | 003,408,896 | ---- | C] () -- C:\Windows\System32\SLsvc.exe
[2011.01.16 00:48:08 | 000,274,944 | ---- | C] () -- C:\Windows\System32\AUDIOKSE.dll
[2011.01.15 20:18:11 | 001,966,592 | ---- | C] () -- C:\Windows\System32\NlsData0027.dll
[2011.01.15 20:18:07 | 004,495,360 | ---- | C] () -- C:\Windows\System32\NlsData0010.dll
[2011.01.15 20:18:06 | 002,657,280 | ---- | C] () -- C:\Windows\System32\NlsData0011.dll
[2011.01.13 20:49:23 | 000,000,680 | ---- | C] () -- C:\Users\Andreas Haller\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.11.09 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoft
[2011.11.09 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 10:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2011.01.14 13:56:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Finanzportal24
[2011.01.16 10:04:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\MORGEN & MORGEN
[2011.08.23 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Morgen&Morgen
[2011.01.20 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Volkswohl Bund
[2012.03.22 20:13:37 | 000,022,048 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.18 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Adobe
[2011.05.23 06:18:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Avira
[2011.11.09 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoft
[2011.11.09 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 10:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\elsterformular
[2011.01.14 13:56:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Finanzportal24
[2011.01.13 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Identities
[2011.03.11 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Macromedia
[2012.03.22 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Malwarebytes
[2011.07.01 15:31:51 | 000,000,000 | --SD | M] -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft
[2011.01.16 10:04:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\MORGEN & MORGEN
[2011.08.23 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Morgen&Morgen
[2011.03.11 19:54:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla
[2011.02.07 12:05:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Sun
[2011.09.27 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\vlc
[2011.01.20 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas Haller\AppData\Roaming\Volkswohl Bund
 
< %APPDATA%\*.exe /s >
[2011.01.19 10:47:05 | 000,212,480 | R--- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl2.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
[2011.01.19 10:47:05 | 002,067,344 | R--- | M] (WIBU-SYSTEMS AG) -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
[2011.01.19 10:47:05 | 000,723,352 | R--- | M] (WIBU-SYSTEMS AG) -- C:\Users\Andreas Haller\AppData\Roaming\Microsoft\Installer\{3D86163C-6E2A-4C00-A7C0-FB794D6BF476}\IconTmpl6.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.01.15 20:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.01.15 20:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.01.15 20:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.01.14 17:55:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2011.01.14 17:55:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 24.03.2012, 18:36

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = http://www.google.de/search?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Andi7770 · 24.03.2012, 19:21

Moin,

habe ich erledigt.
Hab mal getestet upzudaten-das ging noch nicht.
Habe auch wieder versucht die slsvc zu starten, da kam nun ein anderer Fehler.
"Konfigurationsmanager: allgemeiner interner Fehler" dann auf ok geklickt dann wird angezeigt:
"Der angegebene Ressourcentyp wurde nicht in der Image-Datei gefunden"

Grüße Andi

Code:

ATTFilter

 
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 49 39 77 1D E0 CB 01  [binary data]
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes,DefaultScope = {BADBA3A1-96D9-416C-A491-358925CF157F}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-376960569-257838592-3473430820-1000\..\SearchScopes\{BADBA3A1-96D9-416C-A491-358925CF157F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.11 20:27:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Andreas Haller\AppData\Roaming\mozilla\Firefox\Profiles\pvsw9u8k.default\extensions\vshare@toolbar
[2011.03.11 20:27:24 | 000,001,583 | ---- | M] () -- C:\Users\Andreas Haller\AppData\Roaming\Mozilla\Firefox\Profiles\pvsw9u8k.default\searchplugins\web-search.xml
O4 - HKU\S-1-5-21-376960569-257838592-3473430820-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca41a13-2093-11e0-9466-000c29012444}\Shell\AutoRun\command - "" = E:\StartMenuWWBeratungsCD.EXE
:Commands
[emptytemp]
[resethosts]

cosinus · 24.03.2012, 19:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Andi7770 · 24.03.2012, 19:34

Code:

ATTFilter

19:29:52.0138 2360	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:29:52.0286 2360	============================================================
19:29:52.0286 2360	Current date / time: 2012/03/24 19:29:52.0286
19:29:52.0286 2360	SystemInfo:
19:29:52.0286 2360	
19:29:52.0287 2360	OS Version: 6.0.6002 ServicePack: 2.0
19:29:52.0287 2360	Product type: Workstation
19:29:52.0287 2360	ComputerName: LH-V96A6R7OK14D
19:29:52.0288 2360	UserName: Andreas Haller
19:29:52.0288 2360	Windows directory: C:\Windows
19:29:52.0288 2360	System windows directory: C:\Windows
19:29:52.0288 2360	Processor architecture: Intel x86
19:29:52.0288 2360	Number of processors: 1
19:29:52.0288 2360	Page size: 0x1000
19:29:52.0288 2360	Boot type: Normal boot
19:29:52.0288 2360	============================================================
19:29:53.0210 2360	Drive \Device\Harddisk0\DR0 - Size: 0xA00000000 (40.00 Gb), SectorSize: 0x200, Cylinders: 0x1465, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:29:53.0212 2360	\Device\Harddisk0\DR0:
19:29:53.0213 2360	MBR used
19:29:53.0213 2360	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4FFF000
19:29:53.0217 2360	Initialize success
19:29:53.0217 2360	============================================================
19:30:19.0904 2368	============================================================
19:30:19.0904 2368	Scan started
19:30:19.0904 2368	Mode: Manual; SigCheck; TDLFS; 
19:30:19.0904 2368	============================================================
19:30:20.0054 2368	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:30:20.0240 2368	ACPI - ok
19:30:20.0307 2368	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:30:20.0365 2368	adp94xx - ok
19:30:20.0405 2368	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:30:20.0543 2368	adpahci - ok
19:30:20.0579 2368	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:30:20.0645 2368	adpu160m - ok
19:30:20.0675 2368	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:30:20.0741 2368	adpu320 - ok
19:30:20.0773 2368	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:30:20.0848 2368	AeLookupSvc - ok
19:30:20.0886 2368	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:30:20.0951 2368	AFD - ok
19:30:21.0022 2368	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\DRIVERS\agp440.sys
19:30:21.0125 2368	agp440 - ok
19:30:21.0203 2368	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:30:21.0322 2368	aic78xx - ok
19:30:21.0383 2368	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:30:21.0511 2368	ALG - ok
19:30:21.0541 2368	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:30:21.0571 2368	aliide - ok
19:30:21.0601 2368	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:30:21.0657 2368	amdagp - ok
19:30:21.0686 2368	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:30:21.0716 2368	amdide - ok
19:30:21.0743 2368	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:30:21.0943 2368	AmdK7 - ok
19:30:21.0976 2368	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:30:22.0087 2368	AmdK8 - ok
19:30:22.0100 2368	AntiVirSchedulerService - ok
19:30:22.0108 2368	AntiVirService - ok
19:30:22.0143 2368	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:30:22.0200 2368	Appinfo - ok
19:30:22.0231 2368	AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
19:30:22.0302 2368	AppMgmt - ok
19:30:22.0330 2368	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:30:22.0391 2368	arc - ok
19:30:22.0443 2368	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:30:22.0511 2368	arcsas - ok
19:30:22.0554 2368	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:30:22.0601 2368	aspnet_state - ok
19:30:22.0648 2368	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:22.0723 2368	AsyncMac - ok
19:30:22.0754 2368	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:30:22.0814 2368	atapi - ok
19:30:22.0852 2368	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:30:22.0986 2368	AudioEndpointBuilder - ok
19:30:23.0006 2368	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:30:23.0124 2368	Audiosrv - ok
19:30:23.0159 2368	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:30:23.0260 2368	avgntflt - ok
19:30:23.0308 2368	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:30:23.0431 2368	avipbb - ok
19:30:23.0492 2368	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:30:23.0548 2368	Beep - ok
19:30:23.0588 2368	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:30:23.0675 2368	BFE - ok
19:30:23.0750 2368	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:30:23.0927 2368	BITS - ok
19:30:23.0976 2368	blbdrive - ok
19:30:24.0019 2368	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:30:24.0090 2368	bowser - ok
19:30:24.0123 2368	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:30:24.0214 2368	BrFiltLo - ok
19:30:24.0253 2368	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:30:24.0297 2368	BrFiltUp - ok
19:30:24.0344 2368	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:30:24.0411 2368	Browser - ok
19:30:24.0478 2368	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:30:24.0579 2368	Brserid - ok
19:30:24.0693 2368	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:30:24.0802 2368	BrSerWdm - ok
19:30:24.0884 2368	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:30:25.0061 2368	BrUsbMdm - ok
19:30:25.0119 2368	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:30:25.0263 2368	BrUsbSer - ok
19:30:25.0344 2368	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:30:25.0440 2368	BTHMODEM - ok
19:30:25.0477 2368	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:30:25.0550 2368	cdfs - ok
19:30:25.0570 2368	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:30:25.0632 2368	cdrom - ok
19:30:25.0664 2368	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:30:25.0721 2368	CertPropSvc - ok
19:30:25.0740 2368	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:30:25.0837 2368	circlass - ok
19:30:25.0858 2368	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:30:25.0907 2368	CLFS - ok
19:30:25.0924 2368	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:25.0976 2368	clr_optimization_v2.0.50727_32 - ok
19:30:26.0003 2368	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:26.0050 2368	clr_optimization_v4.0.30319_32 - ok
19:30:26.0074 2368	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:30:26.0131 2368	CmBatt - ok
19:30:26.0149 2368	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:30:26.0177 2368	cmdide - ok
19:30:26.0249 2368	CodeMeter.exe   (c45bf59a5afb98e1f47c439bf57d4b04) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
19:30:27.0455 2368	CodeMeter.exe - ok
19:30:27.0496 2368	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:30:27.0524 2368	Compbatt - ok
19:30:27.0538 2368	COMSysApp - ok
19:30:27.0560 2368	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:30:27.0594 2368	crcdisk - ok
19:30:27.0611 2368	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:30:27.0711 2368	Crusoe - ok
19:30:27.0737 2368	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:30:27.0802 2368	CryptSvc - ok
19:30:27.0835 2368	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
19:30:27.0894 2368	CSC - ok
19:30:27.0928 2368	CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
19:30:28.0006 2368	CscService - ok
19:30:28.0046 2368	DcomLaunch      (7dfe0213d272be8953906faa6c001888) C:\Windows\system32\rpcss.dll
19:30:28.0112 2368	DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:30:28.0112 2368	DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:30:28.0139 2368	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:30:28.0199 2368	DfsC - ok
19:30:28.0269 2368	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:30:28.0574 2368	DFSR - ok
19:30:28.0615 2368	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:30:28.0682 2368	Dhcp - ok
19:30:28.0707 2368	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:30:28.0756 2368	disk - ok
19:30:28.0779 2368	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:30:28.0830 2368	Dnscache - ok
19:30:28.0852 2368	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:30:28.0917 2368	dot3svc - ok
19:30:28.0947 2368	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:30:29.0014 2368	DPS - ok
19:30:29.0034 2368	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:30:29.0077 2368	drmkaud - ok
19:30:29.0125 2368	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:30:29.0187 2368	DXGKrnl - ok
19:30:29.0212 2368	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:30:29.0287 2368	E1G60 - ok
19:30:29.0308 2368	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:30:29.0361 2368	EapHost - ok
19:30:29.0382 2368	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:30:29.0429 2368	Ecache - ok
19:30:29.0458 2368	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:30:29.0527 2368	elxstor - ok
19:30:29.0563 2368	EMDMgmt         (a368a6e91fb231c27e28fad8e69c9328) C:\Windows\system32\emdmgmt.dll
19:30:29.0616 2368	EMDMgmt ( UnsignedFile.Multi.Generic ) - warning
19:30:29.0617 2368	EMDMgmt - detected UnsignedFile.Multi.Generic (1)
19:30:29.0651 2368	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:30:29.0774 2368	EventSystem - ok
19:30:29.0798 2368	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:30:29.0845 2368	exfat - ok
19:30:29.0868 2368	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:30:29.0916 2368	fastfat - ok
19:30:29.0956 2368	Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
19:30:30.0084 2368	Fax - ok
19:30:30.0119 2368	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:30:30.0179 2368	fdc - ok
19:30:30.0199 2368	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:30:30.0255 2368	fdPHost - ok
19:30:30.0275 2368	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:30:30.0371 2368	FDResPub - ok
19:30:30.0392 2368	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:30:30.0437 2368	FileInfo - ok
19:30:30.0457 2368	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:30:30.0532 2368	Filetrace - ok
19:30:30.0556 2368	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:30.0643 2368	flpydisk - ok
19:30:30.0666 2368	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:30:30.0711 2368	FltMgr - ok
19:30:30.0756 2368	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:30:30.0845 2368	FontCache - ok
19:30:30.0863 2368	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:30.0896 2368	FontCache3.0.0.0 - ok
19:30:30.0921 2368	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:30:30.0966 2368	Fs_Rec - ok
19:30:30.0988 2368	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:30:31.0031 2368	gagp30kx - ok
19:30:31.0069 2368	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:30:31.0187 2368	gpsvc - ok
19:30:31.0219 2368	HDAudBus        (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys
19:30:31.0321 2368	HDAudBus - ok
19:30:31.0350 2368	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:30:31.0436 2368	HidBth - ok
19:30:31.0459 2368	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:30:31.0553 2368	HidIr - ok
19:30:31.0576 2368	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:30:31.0626 2368	hidserv - ok
19:30:31.0646 2368	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:30:31.0694 2368	HidUsb - ok
19:30:31.0716 2368	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:30:31.0782 2368	hkmsvc - ok
19:30:31.0804 2368	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:30:31.0841 2368	HpCISSs - ok
19:30:31.0869 2368	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:30:31.0939 2368	HTTP - ok
19:30:31.0965 2368	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:30:31.0996 2368	i2omp - ok
19:30:32.0022 2368	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:32.0082 2368	i8042prt - ok
19:30:32.0120 2368	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:30:32.0166 2368	iaStorV - ok
19:30:32.0206 2368	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:32.0389 2368	idsvc - ok
19:30:32.0417 2368	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:30:32.0454 2368	iirsp - ok
19:30:32.0486 2368	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:30:32.0573 2368	IKEEXT - ok
19:30:32.0605 2368	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:30:32.0650 2368	intelide - ok
19:30:32.0677 2368	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:30:32.0738 2368	intelppm - ok
19:30:32.0757 2368	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:30:32.0824 2368	IPBusEnum - ok
19:30:32.0852 2368	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:32.0925 2368	IpFilterDriver - ok
19:30:32.0952 2368	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:30:33.0015 2368	iphlpsvc - ok
19:30:33.0037 2368	IpInIp - ok
19:30:33.0057 2368	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:30:33.0173 2368	IPMIDRV - ok
19:30:33.0202 2368	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:30:33.0262 2368	IPNAT - ok
19:30:33.0284 2368	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:30:33.0339 2368	IRENUM - ok
19:30:33.0366 2368	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:30:33.0406 2368	isapnp - ok
19:30:33.0431 2368	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:33.0477 2368	iScsiPrt - ok
19:30:33.0500 2368	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:30:33.0537 2368	iteatapi - ok
19:30:33.0558 2368	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:30:33.0592 2368	iteraid - ok
19:30:33.0614 2368	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:33.0653 2368	kbdclass - ok
19:30:33.0673 2368	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:30:33.0764 2368	kbdhid - ok
19:30:33.0785 2368	KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:33.0840 2368	KeyIso - ok
19:30:33.0871 2368	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:30:33.0929 2368	KSecDD - ok
19:30:33.0962 2368	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:30:34.0053 2368	KtmRm - ok
19:30:34.0079 2368	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:30:34.0136 2368	LanmanServer - ok
19:30:34.0157 2368	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:30:34.0208 2368	LanmanWorkstation - ok
19:30:34.0232 2368	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:30:34.0305 2368	lltdio - ok
19:30:34.0329 2368	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:30:34.0398 2368	lltdsvc - ok
19:30:34.0420 2368	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:30:34.0529 2368	lmhosts - ok
19:30:34.0557 2368	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:30:34.0599 2368	LSI_FC - ok
19:30:34.0620 2368	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:30:34.0680 2368	LSI_SAS - ok
19:30:34.0714 2368	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:30:34.0780 2368	LSI_SCSI - ok
19:30:34.0806 2368	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:30:34.0888 2368	luafv - ok
19:30:34.0911 2368	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:30:34.0944 2368	megasas - ok
19:30:34.0968 2368	mfetdi2k        (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
19:30:34.0989 2368	mfetdi2k - ok
19:30:35.0010 2368	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:30:35.0073 2368	MMCSS - ok
19:30:35.0095 2368	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:30:35.0164 2368	Modem - ok
19:30:35.0188 2368	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:30:35.0251 2368	monitor - ok
19:30:35.0271 2368	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:30:35.0306 2368	mouclass - ok
19:30:35.0325 2368	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:30:35.0385 2368	mouhid - ok
19:30:35.0408 2368	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:30:35.0453 2368	MountMgr - ok
19:30:35.0478 2368	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:30:35.0546 2368	MpFilter - ok
19:30:35.0571 2368	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:30:35.0619 2368	mpio - ok
19:30:35.0640 2368	MpKslf3b819c2   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DC5D129-5531-4DB4-B39B-1F00DE735054}\MpKslf3b819c2.sys
19:30:35.0698 2368	MpKslf3b819c2 - ok
19:30:35.0724 2368	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:30:35.0763 2368	MpNWMon - ok
19:30:35.0785 2368	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:30:35.0831 2368	mpsdrv - ok
19:30:35.0860 2368	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:30:35.0947 2368	MpsSvc - ok
19:30:35.0973 2368	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:30:36.0005 2368	Mraid35x - ok
19:30:36.0029 2368	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:30:36.0075 2368	MRxDAV - ok
19:30:36.0098 2368	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:36.0157 2368	mrxsmb - ok
19:30:36.0179 2368	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:36.0224 2368	mrxsmb10 - ok
19:30:36.0249 2368	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:36.0307 2368	mrxsmb20 - ok
19:30:36.0332 2368	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:30:36.0361 2368	msahci - ok
19:30:36.0386 2368	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:30:36.0451 2368	msdsm - ok
19:30:36.0474 2368	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:30:36.0541 2368	MSDTC - ok
19:30:36.0570 2368	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:30:36.0632 2368	Msfs - ok
19:30:36.0654 2368	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:30:36.0689 2368	msisadrv - ok
19:30:36.0721 2368	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:30:36.0792 2368	MSiSCSI - ok
19:30:36.0812 2368	msiserver - ok
19:30:36.0839 2368	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:30:36.0894 2368	MSKSSRV - ok
19:30:36.0908 2368	MsMpSvc         (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:30:36.0952 2368	MsMpSvc - ok
19:30:36.0976 2368	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:37.0027 2368	MSPCLOCK - ok
19:30:37.0046 2368	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:30:37.0099 2368	MSPQM - ok
19:30:37.0132 2368	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:30:37.0202 2368	MsRPC - ok
19:30:37.0233 2368	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:37.0270 2368	mssmbios - ok
19:30:37.0282 2368	MSSQL$BTSQLINSTANZ - ok
19:30:37.0297 2368	MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:30:37.0341 2368	MSSQLServerADHelper100 - ok
19:30:37.0364 2368	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:30:37.0417 2368	MSTEE - ok
19:30:37.0438 2368	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:30:37.0490 2368	Mup - ok
19:30:37.0530 2368	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:30:37.0601 2368	napagent - ok
19:30:37.0632 2368	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:30:37.0680 2368	NativeWifiP - ok
19:30:37.0717 2368	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:30:37.0796 2368	NDIS - ok
19:30:37.0825 2368	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:37.0877 2368	NdisTapi - ok
19:30:37.0898 2368	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:37.0952 2368	Ndisuio - ok
19:30:37.0974 2368	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:38.0034 2368	NdisWan - ok
19:30:38.0058 2368	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:30:38.0125 2368	NDProxy - ok
19:30:38.0145 2368	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:30:38.0209 2368	NetBIOS - ok
19:30:38.0232 2368	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:30:38.0303 2368	netbt - ok
19:30:38.0323 2368	Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:38.0369 2368	Netlogon - ok
19:30:38.0397 2368	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:30:38.0495 2368	Netman - ok
19:30:38.0529 2368	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0579 2368	NetMsmqActivator - ok
19:30:38.0589 2368	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0632 2368	NetPipeActivator - ok
19:30:38.0659 2368	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:30:38.0737 2368	netprofm - ok
19:30:38.0762 2368	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0808 2368	NetTcpActivator - ok
19:30:38.0816 2368	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:30:38.0863 2368	NetTcpPortSharing - ok
19:30:38.0890 2368	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:30:38.0927 2368	nfrd960 - ok
19:30:38.0958 2368	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:30:39.0002 2368	NisDrv - ok
19:30:39.0016 2368	NisSrv          (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:30:39.0083 2368	NisSrv - ok
19:30:39.0125 2368	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:30:39.0200 2368	NlaSvc - ok
19:30:39.0225 2368	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:30:39.0283 2368	Npfs - ok
19:30:39.0306 2368	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:30:39.0377 2368	nsi - ok
19:30:39.0399 2368	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:30:39.0460 2368	nsiproxy - ok
19:30:39.0534 2368	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:30:39.0768 2368	Ntfs - ok
19:30:39.0801 2368	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:30:39.0896 2368	ntrigdigi - ok
19:30:39.0919 2368	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:30:39.0978 2368	Null - ok
19:30:40.0001 2368	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:30:40.0053 2368	nvraid - ok
19:30:40.0075 2368	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:30:40.0117 2368	nvstor - ok
19:30:40.0142 2368	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:30:40.0183 2368	nv_agp - ok
19:30:40.0200 2368	NwlnkFlt - ok
19:30:40.0217 2368	NwlnkFwd - ok
19:30:40.0238 2368	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:30:40.0332 2368	ohci1394 - ok
19:30:40.0365 2368	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:40.0440 2368	p2pimsvc - ok
19:30:40.0463 2368	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:40.0546 2368	p2psvc - ok
19:30:40.0575 2368	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:30:40.0657 2368	Parport - ok
19:30:40.0676 2368	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:30:40.0726 2368	partmgr - ok
19:30:40.0747 2368	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:30:40.0802 2368	Parvdm - ok
19:30:40.0826 2368	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:30:40.0881 2368	PcaSvc - ok
19:30:40.0903 2368	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:30:40.0943 2368	pci - ok
19:30:40.0963 2368	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:30:40.0994 2368	pciide - ok
19:30:41.0019 2368	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:30:41.0060 2368	pcmcia - ok
19:30:41.0116 2368	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:30:41.0238 2368	PEAUTH - ok
19:30:41.0327 2368	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:30:41.0492 2368	pla - ok
19:30:41.0542 2368	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:30:42.0966 2368	PlugPlay - ok
19:30:43.0005 2368	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:43.0104 2368	PNRPAutoReg - ok
19:30:43.0132 2368	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:30:43.0206 2368	PNRPsvc - ok
19:30:43.0245 2368	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:30:43.0326 2368	PolicyAgent - ok
19:30:43.0400 2368	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:30:43.0523 2368	PptpMiniport - ok
19:30:43.0553 2368	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:30:43.0656 2368	Processor - ok
19:30:43.0682 2368	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:30:43.0765 2368	ProfSvc - ok
19:30:43.0791 2368	ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:43.0837 2368	ProtectedStorage - ok
19:30:43.0866 2368	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:30:43.0931 2368	PSched - ok
19:30:43.0975 2368	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:30:44.0061 2368	ql2300 - ok
19:30:44.0091 2368	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:30:44.0170 2368	ql40xx - ok
19:30:44.0193 2368	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:30:44.0268 2368	QWAVE - ok
19:30:44.0296 2368	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:30:44.0340 2368	QWAVEdrv - ok
19:30:44.0360 2368	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:30:44.0407 2368	RasAcd - ok
19:30:44.0430 2368	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:30:44.0496 2368	RasAuto - ok
19:30:44.0518 2368	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:44.0605 2368	Rasl2tp - ok
19:30:44.0627 2368	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:30:44.0696 2368	RasMan - ok
19:30:44.0722 2368	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:44.0782 2368	RasPppoe - ok
19:30:44.0803 2368	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:30:44.0870 2368	RasSstp - ok
19:30:44.0900 2368	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:30:44.0986 2368	rdbss - ok
19:30:45.0016 2368	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:45.0069 2368	RDPCDD - ok
19:30:45.0098 2368	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
19:30:45.0194 2368	rdpdr - ok
19:30:45.0220 2368	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:30:45.0269 2368	RDPENCDD - ok
19:30:45.0298 2368	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:30:45.0390 2368	RDPWD - ok
19:30:45.0416 2368	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:30:45.0495 2368	RemoteAccess - ok
19:30:45.0517 2368	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:30:45.0592 2368	RemoteRegistry - ok
19:30:45.0611 2368	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:30:45.0667 2368	RpcLocator - ok
19:30:45.0705 2368	RpcSs           (7dfe0213d272be8953906faa6c001888) C:\Windows\system32\rpcss.dll
19:30:45.0778 2368	RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:30:45.0779 2368	RpcSs - detected UnsignedFile.Multi.Generic (1)
19:30:45.0810 2368	RsFx0103        (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
19:30:45.0863 2368	RsFx0103 - ok
19:30:45.0890 2368	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:30:45.0967 2368	rspndr - ok
19:30:45.0986 2368	SamSs           (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:30:46.0031 2368	SamSs - ok
19:30:46.0055 2368	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:30:46.0117 2368	sbp2port - ok
19:30:46.0139 2368	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:30:46.0196 2368	SCardSvr - ok
19:30:46.0231 2368	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:30:46.0312 2368	Schedule - ok
19:30:46.0338 2368	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:30:46.0390 2368	SCPolicySvc - ok
19:30:46.0412 2368	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:30:46.0461 2368	SDRSVC - ok
19:30:46.0485 2368	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:30:46.0586 2368	secdrv - ok
19:30:46.0611 2368	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:30:46.0672 2368	seclogon - ok
19:30:46.0693 2368	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:30:46.0756 2368	SENS ( UnsignedFile.Multi.Generic ) - warning
19:30:46.0756 2368	SENS - detected UnsignedFile.Multi.Generic (1)
19:30:46.0782 2368	Sentinel        (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
19:30:47.0129 2368	Sentinel - ok
19:30:47.0149 2368	SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
19:30:47.0333 2368	SentinelKeysServer - ok
19:30:47.0354 2368	SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
19:30:52.0641 2368	SentinelProtectionServer - ok
19:30:52.0758 2368	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:30:52.0812 2368	Serenum - ok
19:30:52.0838 2368	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:30:53.0052 2368	Serial - ok
19:30:53.0086 2368	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:30:53.0208 2368	sermouse - ok
19:30:53.0280 2368	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:30:53.0348 2368	SessionEnv - ok
19:30:53.0401 2368	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:30:53.0596 2368	sffdisk - ok
19:30:53.0617 2368	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:30:53.0853 2368	sffp_mmc - ok
19:30:53.0875 2368	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:30:53.0960 2368	sffp_sd - ok
19:30:53.0984 2368	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:30:54.0068 2368	sfloppy - ok
19:30:54.0099 2368	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:30:54.0306 2368	SharedAccess - ok
19:30:54.0340 2368	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:30:54.0405 2368	ShellHWDetection - ok
19:30:54.0432 2368	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:30:54.0475 2368	sisagp - ok
19:30:54.0494 2368	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:30:54.0526 2368	SiSRaid2 - ok
19:30:54.0590 2368	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:30:54.0701 2368	SiSRaid4 - ok
19:30:54.0814 2368	slsvc           (ade18a6dbc143253821d02f2ca39824b) C:\Windows\system32\SLsvc.exe
19:30:55.0269 2368	slsvc ( UnsignedFile.Multi.Generic ) - warning
19:30:55.0269 2368	slsvc - detected UnsignedFile.Multi.Generic (1)
19:30:55.0306 2368	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:30:55.0365 2368	SLUINotify - ok
19:30:55.0387 2368	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:30:55.0462 2368	Smb - ok
19:30:55.0493 2368	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:30:55.0542 2368	SNMPTRAP - ok
19:30:55.0582 2368	SNTNLUSB        (9de6e60ce7fd82b4985de5d9c22265ad) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
19:30:55.0650 2368	SNTNLUSB - ok
19:30:55.0744 2368	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:30:55.0790 2368	spldr - ok
19:30:55.0815 2368	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:30:55.0870 2368	Spooler - ok
19:30:55.0893 2368	SQLAgent$BTSQLINSTANZ (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\SQLAGENT.EXE
19:30:56.0099 2368	SQLAgent$BTSQLINSTANZ - ok
19:30:56.0127 2368	SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:30:56.0231 2368	SQLBrowser - ok
19:30:56.0363 2368	SQLWriter       (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:30:56.0580 2368	SQLWriter - ok
19:30:56.0673 2368	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:30:56.0723 2368	srv - ok
19:30:56.0796 2368	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:30:56.0936 2368	srv2 - ok
19:30:56.0961 2368	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:30:57.0073 2368	srvnet - ok
19:30:57.0100 2368	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:30:57.0182 2368	SSDPSRV - ok
19:30:57.0203 2368	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:30:57.0239 2368	ssmdrv - ok
19:30:57.0268 2368	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:30:57.0312 2368	SstpSvc - ok
19:30:57.0342 2368	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:30:57.0426 2368	stisvc - ok
19:30:57.0461 2368	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:30:57.0489 2368	swenum - ok
19:30:57.0531 2368	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:30:57.0613 2368	swprv - ok
19:30:57.0642 2368	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:30:57.0679 2368	Symc8xx - ok
19:30:57.0703 2368	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:30:57.0738 2368	Sym_hi - ok
19:30:57.0763 2368	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:30:57.0804 2368	Sym_u3 - ok
19:30:57.0839 2368	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:30:57.0920 2368	SysMain - ok
19:30:57.0947 2368	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:30:58.0001 2368	TabletInputService - ok
19:30:58.0024 2368	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:30:58.0108 2368	TapiSrv - ok
19:30:58.0175 2368	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:30:58.0273 2368	TBS - ok
19:30:58.0341 2368	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
19:30:58.0506 2368	Tcpip - ok
19:30:58.0583 2368	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
19:30:58.0671 2368	Tcpip6 - ok
19:30:58.0701 2368	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
19:30:58.0747 2368	tcpipreg - ok
19:30:58.0779 2368	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:30:58.0849 2368	TDPIPE - ok
19:30:58.0874 2368	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:30:58.0945 2368	TDTCP - ok
19:30:58.0969 2368	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:30:59.0043 2368	tdx - ok
19:30:59.0070 2368	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:30:59.0142 2368	TermDD - ok
19:30:59.0169 2368	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:30:59.0253 2368	TermService - ok
19:30:59.0280 2368	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:30:59.0335 2368	Themes - ok
19:30:59.0361 2368	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:30:59.0426 2368	THREADORDER - ok
19:30:59.0443 2368	TPAutoConnSvc   (318fecdb840272065bbb8d034749cb8a) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
19:30:59.0541 2368	TPAutoConnSvc - ok
19:30:59.0563 2368	TPVCGateway     (a2c4f995230dd11213bc465353e4c7a9) C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
19:30:59.0664 2368	TPVCGateway - ok
19:30:59.0690 2368	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:30:59.0790 2368	TrkWks - ok
19:30:59.0804 2368	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:30:59.0893 2368	TrustedInstaller - ok
19:30:59.0920 2368	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:59.0983 2368	tssecsrv - ok
19:31:00.0004 2368	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:31:00.0045 2368	tunmp - ok
19:31:00.0067 2368	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:31:00.0108 2368	tunnel - ok
19:31:00.0134 2368	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:31:00.0179 2368	uagp35 - ok
19:31:00.0205 2368	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:31:00.0261 2368	udfs - ok
19:31:00.0294 2368	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:31:00.0362 2368	UI0Detect - ok
19:31:00.0389 2368	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:31:00.0436 2368	uliagpkx - ok
19:31:00.0461 2368	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:31:00.0549 2368	uliahci - ok
19:31:00.0577 2368	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:31:00.0621 2368	UlSata - ok
19:31:00.0642 2368	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:31:00.0680 2368	ulsata2 - ok
19:31:00.0703 2368	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:31:00.0768 2368	umbus - ok
19:31:00.0798 2368	UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
19:31:00.0877 2368	UmRdpService - ok
19:31:00.0901 2368	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:31:00.0981 2368	upnphost - ok
19:31:01.0014 2368	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:31:01.0093 2368	usbccgp - ok
19:31:01.0127 2368	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:31:01.0241 2368	usbcir - ok
19:31:01.0263 2368	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:31:01.0320 2368	usbehci - ok
19:31:01.0353 2368	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:31:01.0411 2368	usbhub - ok
19:31:01.0433 2368	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:31:01.0520 2368	usbohci - ok
19:31:01.0543 2368	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:31:01.0643 2368	usbprint - ok
19:31:01.0667 2368	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:31:01.0732 2368	USBSTOR - ok
19:31:01.0757 2368	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:31:01.0809 2368	usbuhci - ok
19:31:01.0832 2368	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:31:01.0897 2368	UxSms - ok
19:31:01.0928 2368	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:31:02.0010 2368	vds - ok
19:31:02.0040 2368	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:31:02.0135 2368	vga - ok
19:31:02.0161 2368	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:31:02.0223 2368	VgaSave - ok
19:31:02.0243 2368	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:31:02.0290 2368	viaagp - ok
19:31:02.0327 2368	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:31:02.0456 2368	ViaC7 - ok
19:31:02.0477 2368	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:31:02.0504 2368	viaide - ok
19:31:02.0526 2368	vm3dmp          (16acb3a0e2d8dbe1e422d5f3756b6aeb) C:\Windows\system32\DRIVERS\vm3dmp.sys
19:31:02.0581 2368	vm3dmp - ok
19:31:02.0612 2368	VMAUDIO         (98e6cc4d5a21db9626a6b738c4f313a5) C:\Windows\system32\drivers\vmaudio.sys
19:31:02.0644 2368	VMAUDIO - ok
19:31:02.0665 2368	vmci            (c1a0a5232628cc4620aa2e6ff3cbbeea) C:\Windows\system32\DRIVERS\vmci.sys
19:31:02.0719 2368	vmci - ok
19:31:02.0742 2368	vmdebug         (6299222ebfc6c9d9600bbe45397e48ae) C:\Windows\system32\Drivers\vmdebug.sys
19:31:02.0775 2368	vmdebug - ok
19:31:02.0797 2368	vmhgfs          (33e56c44ca9559adbf264d7844d2d72d) C:\Windows\system32\DRIVERS\vmhgfs.sys
19:31:02.0858 2368	vmhgfs - ok
19:31:02.0877 2368	VMMEMCTL        (1aaa62c84cebe2188473d92984a9d25f) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
19:31:02.0907 2368	VMMEMCTL - ok
19:31:02.0930 2368	vmmouse         (794d1672caf56dbb6479d943f7ca1286) C:\Windows\system32\DRIVERS\vmmouse.sys
19:31:02.0963 2368	vmmouse - ok
19:31:02.0975 2368	vmrawdsk        (52066db3544737be01ecc605b4c6320f) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
19:31:03.0014 2368	vmrawdsk - ok
19:31:03.0028 2368	VMTools         (5d3daa74bd310dfd51902b3ea32c67df) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
19:31:03.0069 2368	VMTools - ok
19:31:03.0084 2368	VMUpgradeHelper (d0b6c8b189dc9bae0355c9719080875e) C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
19:31:03.0198 2368	VMUpgradeHelper - ok
19:31:03.0218 2368	vmvss - ok
19:31:03.0248 2368	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:31:03.0291 2368	volmgr - ok
19:31:03.0313 2368	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:31:03.0360 2368	volmgrx - ok
19:31:03.0390 2368	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:31:03.0435 2368	volsnap - ok
19:31:03.0462 2368	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:31:03.0527 2368	vsmraid - ok
19:31:03.0592 2368	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:31:03.0735 2368	VSS - ok
19:31:03.0775 2368	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:31:03.0848 2368	W32Time - ok
19:31:03.0881 2368	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:31:03.0969 2368	WacomPen - ok
19:31:03.0993 2368	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:04.0075 2368	Wanarp - ok
19:31:04.0084 2368	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:04.0160 2368	Wanarpv6 - ok
19:31:04.0212 2368	wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
19:31:04.0354 2368	wbengine - ok
19:31:04.0384 2368	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:31:04.0496 2368	wcncsvc - ok
19:31:04.0519 2368	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:31:04.0578 2368	WcsPlugInService - ok
19:31:04.0613 2368	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:31:04.0645 2368	Wd - ok
19:31:04.0681 2368	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:31:04.0742 2368	Wdf01000 - ok
19:31:04.0767 2368	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:31:04.0843 2368	WdiServiceHost - ok
19:31:04.0851 2368	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:31:04.0927 2368	WdiSystemHost - ok
19:31:04.0955 2368	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:31:05.0010 2368	WebClient - ok
19:31:05.0034 2368	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:31:05.0092 2368	Wecsvc - ok
19:31:05.0114 2368	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:31:05.0186 2368	wercplsupport - ok
19:31:05.0206 2368	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:31:05.0282 2368	WerSvc - ok
19:31:05.0302 2368	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:31:05.0361 2368	WinDefend - ok
19:31:05.0385 2368	WinHttpAutoProxySvc - ok
19:31:05.0422 2368	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:31:05.0485 2368	Winmgmt - ok
19:31:05.0542 2368	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:31:05.0681 2368	WinRM - ok
19:31:05.0735 2368	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:31:05.0817 2368	Wlansvc - ok
19:31:05.0847 2368	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:31:05.0939 2368	WmiAcpi - ok
19:31:05.0974 2368	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:31:06.0051 2368	wmiApSrv - ok
19:31:06.0101 2368	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:31:06.0426 2368	WMPNetworkSvc - ok
19:31:06.0459 2368	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:31:06.0509 2368	WPDBusEnum - ok
19:31:06.0554 2368	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:31:06.0633 2368	WPFFontCache_v0400 - ok
19:31:06.0665 2368	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:31:06.0725 2368	ws2ifsl - ok
19:31:06.0746 2368	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:31:06.0843 2368	wscsvc - ok
19:31:06.0863 2368	WSearch - ok
19:31:06.0947 2368	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:31:07.0161 2368	wuauserv - ok
19:31:07.0194 2368	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:31:07.0283 2368	WUDFRd - ok
19:31:07.0305 2368	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:31:07.0372 2368	wudfsvc - ok
19:31:07.0388 2368	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:31:07.0418 2368	\Device\Harddisk0\DR0 - ok
19:31:07.0423 2368	Boot (0x1200)   (73d1c7d47543451fff60838309b2232a) \Device\Harddisk0\DR0\Partition0
19:31:07.0424 2368	\Device\Harddisk0\DR0\Partition0 - ok
19:31:07.0428 2368	============================================================
19:31:07.0428 2368	Scan finished
19:31:07.0428 2368	============================================================
19:31:07.0445 3076	Detected object count: 5
19:31:07.0445 3076	Actual detected object count: 5
19:32:13.0506 3076	DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0506 3076	DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:13.0508 3076	EMDMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0508 3076	EMDMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:13.0510 3076	RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0510 3076	RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:13.0513 3076	SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0513 3076	SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:13.0515 3076	slsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:13.0515 3076	slsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 24.03.2012, 19:42

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Andi7770 · 24.03.2012, 21:01

hmm…
am Ende des Checks wurde Windows neu gestartet, allerdings konnte Windows nicht geladen werden, da ntfs.sys nicht gefunden werden konnte.(wurde vom Combofix gelöscht)

Er will jetzt meine Windows CD um eine Reparatur durchzuführen, liegt allerdings im Büro ;-)

Ich geb dann Montag Bescheid und stelle die Log ein---vielen Dank dir bis hierhin

Grüße und schönen Sonntag
Andi

Windows update Fehler 80070426

Log-Analyse und Auswertung: Windows update Fehler 80070426