Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: kann Windows-Firewall nicht mehr starten ...

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 06.01.2013, 13:52   #1
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Hallo,

nach einem (gelösten) Virenproblem habe ich festgestellt, dass ich meine Windows-Firewall nicht mehr starten kann.

Klicke ich auf "Jetzt einschalten", heißt es "Das Sicherheitscenter konnte die Windows Firewall nicht einschalten". Ich habe dann die Option das manuell zu machen ...

Dann heißt es: "Die Windows-Firewalleinstellungen können nicht angezeigt werden, da der zugehörige Dienst nicht ausgeführt wird. Soll der Dienst "MpsSvc" gestartet werden?"

Stimme ich zu, kommt die Fehlermeldung "Der Dienst MpsSvc konnte nicht gestartet werden"

ist das ein generelles Problem - oder soll ich einfach ne Freeware-Firewall nehmen? oder muss ich irgendwas tun um das problem zu beheben? wenn ja was?

für Hilfe bin ich sehr dankbar!

Alt 06.01.2013, 14:14   #2
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Wir können mal schauen, ob wir das Problem einkreisen können.

Scan mit Farbar's Service Scanner

Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________

__________________

Alt 07.01.2013, 19:23   #3
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



et voila ...

Code:
ATTFilter
Farbar Service Scanner Version: 05-01-2013
Ran by Andreas (administrator) on 07-01-2013 at 19:22:13
Running from "C:\Users\Andreas\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:31] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 06:08] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-05-26 21:40] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-05-26 21:40] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-05-26 21:40] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 17:18] - [2012-06-02 01:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-26 21:41] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
         
__________________

Alt 07.01.2013, 21:27   #4
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Probier doch mal das Folgende:

Service Repair von ESET
Downloader dir bitte das Tool von folgendem Link: Service Repair

Nach dem Start wird das Tool versuchen einige Standarddienste wiederherzustellen. Poste mit bitte das anfallende Logfile.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 08.01.2013, 09:38   #5
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



danke schonmal .. hier das Sepair-Service Logfile ...

Code:
ATTFilter
Log Opened: 2013-01-08 @ 09:30:27
09:30:27 - -----------------
09:30:27 - | Begin Logging |
09:30:27 - -----------------
09:30:27 - Fix started on a WIN_VISTA X64 computer
09:30:27 - Prep in progress.  Please Wait.
09:30:28 - Prep complete
09:30:28 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
09:30:30 - Services Repair Complete.
09:30:45 - Reboot Initiated
         


Alt 08.01.2013, 13:57   #6
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Okay

Hat sich dadurch jetzt etwas geändert?
__________________
--> kann Windows-Firewall nicht mehr starten ...

Alt 08.01.2013, 17:47   #7
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



leider nicht :-/

soll ich ne freeware-firewall nehmen? oder ist das problem ein allgemeines?

Alt 08.01.2013, 17:49   #8
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Es könnte ein eher allgemeines Problem sein ...




Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Bitte Lesen:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Gelesen und verstanden?


Schritt 1:
Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Schritt 3:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread (bitte dringend in CODE-Tags mit dem #-Symbol im Editor).

Schritt 4:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 08.01.2013, 17:50   #9
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Schritt 5:
Scan mit GMER
Bitte lade dir GMER herunter: (Dateiname zufällig)
  • Schliesse alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhälst du einen Bluescreen, dann entferne den Haken vor Devices.

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 08.01.2013, 18:27   #10
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Danke! Schritt 1 habe ich gerade gemacht ..

Es bleibt ein schwarzes Fenster offen, obwohl "Finished" angezeigt wird. Und das logfile sieht recht schmal aus ...

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:12 on 08/01/2013 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
wollte ich nur kurz rückmelden, ehe ich die weiteren schritte durchführe ...

Alt 08.01.2013, 18:28   #11
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



... ja kann passieren. Jetzt aber bitte alles in einer Antwort.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 08.01.2013, 22:34   #12
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



also ... hier alle logs:

Schritt 1 / defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:25 on 08/01/2013 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Schritt 2 / aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-08 18:29:46
-----------------------------
18:29:46.964    OS Version: Windows x64 6.0.6002 Service Pack 2
18:29:46.964    Number of processors: 2 586 0x1706
18:29:46.964    ComputerName: ANDREAS-PC  UserName: Andreas
18:29:48.478    Initialize success
18:32:03.895    AVAST engine defs: 13010800
18:33:55.326    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:55.326    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3
18:33:55.358    Disk 0 MBR read successfully
18:33:55.373    Disk 0 MBR scan
18:33:55.404    Disk 0 Windows VISTA default MBR code
18:33:55.420    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       464628 MB offset 2048
18:33:55.436    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        12308 MB offset 951560192
18:33:55.498    Disk 0 scanning C:\Windows\system32\drivers
18:34:12.674    Service scanning
18:35:07.027    Modules scanning
18:35:07.027    Disk 0 trace - called modules:
18:35:07.058    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
18:35:07.074    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e98790]
18:35:07.604    3 CLASSPNP.SYS[fffffa6000a24c33] -> nt!IofCallDriver -> [0xfffffa8004e935a0]
18:35:07.604    5 hpdskflt.sys[fffffa6001bf1189] -> nt!IofCallDriver -> [0xfffffa8004c00780]
18:35:07.620    7 acpi.sys[fffffa60008c2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be4590]
18:35:09.258    AVAST engine scan C:\Windows
18:35:16.387    AVAST engine scan C:\Windows\system32
18:41:24.670    AVAST engine scan C:\Windows\system32\drivers
18:41:51.660    AVAST engine scan C:\Users\Andreas
19:55:40.915    AVAST engine scan C:\ProgramData
20:00:59.094    Scan finished successfully
20:22:18.312    Disk 0 MBR has been saved successfully to "C:\Users\Andreas\Desktop\MBR.dat"
20:22:18.312    The log file has been saved successfully to "C:\Users\Andreas\Desktop\aswMBR.txt"
         
Schritt 3 / TDSS-Killer
Code:
ATTFilter
20:22:59.0078 5020  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:22:59.0327 5020  ============================================================
20:22:59.0327 5020  Current date / time: 2013/01/08 20:22:59.0327
20:22:59.0327 5020  SystemInfo:
20:22:59.0327 5020  
20:22:59.0327 5020  OS Version: 6.0.6002 ServicePack: 2.0
20:22:59.0327 5020  Product type: Workstation
20:22:59.0327 5020  ComputerName: ANDREAS-PC
20:22:59.0327 5020  UserName: Andreas
20:22:59.0327 5020  Windows directory: C:\Windows
20:22:59.0327 5020  System windows directory: C:\Windows
20:22:59.0327 5020  Running under WOW64
20:22:59.0327 5020  Processor architecture: Intel x64
20:22:59.0327 5020  Number of processors: 2
20:22:59.0327 5020  Page size: 0x1000
20:22:59.0327 5020  Boot type: Normal boot
20:22:59.0327 5020  ============================================================
20:23:01.0121 5020  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:23:01.0121 5020  ============================================================
20:23:01.0121 5020  \Device\Harddisk0\DR0:
20:23:01.0121 5020  MBR partitions:
20:23:01.0121 5020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38B7A000
20:23:01.0121 5020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38B7A800, BlocksNum 0x180A000
20:23:01.0121 5020  ============================================================
20:23:01.0152 5020  C: <-> \Device\Harddisk0\DR0\Partition1
20:23:01.0355 5020  D: <-> \Device\Harddisk0\DR0\Partition2
20:23:01.0355 5020  ============================================================
20:23:01.0355 5020  Initialize success
20:23:01.0355 5020  ============================================================
20:24:27.0764 4408  ============================================================
20:24:27.0764 4408  Scan started
20:24:27.0764 4408  Mode: Manual; TDLFS; 
20:24:27.0764 4408  ============================================================
20:24:28.0481 4408  ================ Scan system memory ========================
20:24:28.0481 4408  System memory - ok
20:24:28.0481 4408  ================ Scan services =============================
20:24:28.0622 4408  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:24:28.0622 4408  !SASCORE - ok
20:24:28.0809 4408  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
20:24:28.0809 4408  AAV UpdateService - ok
20:24:28.0996 4408  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
20:24:28.0996 4408  Accelerometer - ok
20:24:29.0074 4408  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:24:29.0074 4408  ACPI - ok
20:24:29.0183 4408  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:24:29.0183 4408  Adobe LM Service - ok
20:24:29.0324 4408  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:29.0370 4408  AdobeARMservice - ok
20:24:29.0448 4408  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:24:29.0448 4408  adp94xx - ok
20:24:29.0495 4408  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:24:29.0511 4408  adpahci - ok
20:24:29.0558 4408  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:24:29.0558 4408  adpu160m - ok
20:24:29.0573 4408  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:24:29.0573 4408  adpu320 - ok
20:24:29.0651 4408  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:24:29.0667 4408  AeLookupSvc - ok
20:24:29.0838 4408  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
20:24:29.0854 4408  AESTFilters - ok
20:24:29.0932 4408  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
20:24:29.0948 4408  AFD - ok
20:24:30.0026 4408  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:24:30.0026 4408  agp440 - ok
20:24:30.0072 4408  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:24:30.0072 4408  aic78xx - ok
20:24:30.0104 4408  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:24:30.0104 4408  ALG - ok
20:24:30.0166 4408  [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide          C:\Windows\system32\drivers\aliide.sys
20:24:30.0166 4408  aliide - ok
20:24:30.0182 4408  [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide          C:\Windows\system32\drivers\amdide.sys
20:24:30.0182 4408  amdide - ok
20:24:30.0228 4408  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:24:30.0228 4408  AmdK8 - ok
20:24:30.0525 4408  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:24:30.0540 4408  AntiVirSchedulerService - ok
20:24:30.0587 4408  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:24:30.0618 4408  AntiVirService - ok
20:24:30.0681 4408  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:24:30.0681 4408  Appinfo - ok
20:24:30.0899 4408  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:30.0899 4408  Apple Mobile Device - ok
20:24:31.0008 4408  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:24:31.0008 4408  arc - ok
20:24:31.0055 4408  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:24:31.0071 4408  arcsas - ok
20:24:31.0430 4408  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:31.0461 4408  aspnet_state - ok
20:24:31.0508 4408  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:31.0508 4408  AsyncMac - ok
20:24:31.0539 4408  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:24:31.0539 4408  atapi - ok
20:24:31.0632 4408  [ 54CA8AAC988B441A692311E3B584D944 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:24:31.0648 4408  Ati External Event Utility - ok
20:24:31.0804 4408  [ 4B42547AE95A31D0E1E200B68A6C7647 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:31.0913 4408  atikmdag - ok
20:24:32.0007 4408  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:32.0007 4408  AudioEndpointBuilder - ok
20:24:32.0022 4408  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:24:32.0022 4408  AudioSrv - ok
20:24:32.0069 4408  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:32.0069 4408  avgntflt - ok
20:24:32.0116 4408  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:24:32.0116 4408  avipbb - ok
20:24:32.0132 4408  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:32.0132 4408  avkmgr - ok
20:24:32.0163 4408  Beep - ok
20:24:32.0225 4408  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
20:24:32.0241 4408  BFE - ok
20:24:32.0334 4408  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
20:24:32.0350 4408  BITS - ok
20:24:32.0412 4408  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:24:32.0412 4408  blbdrive - ok
20:24:32.0537 4408  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:24:32.0568 4408  Bonjour Service - ok
20:24:32.0615 4408  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:24:32.0615 4408  bowser - ok
20:24:32.0678 4408  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:24:32.0678 4408  BrFiltLo - ok
20:24:32.0693 4408  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:24:32.0709 4408  BrFiltUp - ok
20:24:32.0771 4408  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:24:32.0771 4408  Browser - ok
20:24:32.0834 4408  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:24:32.0834 4408  Brserid - ok
20:24:32.0865 4408  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:24:32.0865 4408  BrSerWdm - ok
20:24:32.0880 4408  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:24:32.0880 4408  BrUsbMdm - ok
20:24:32.0896 4408  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:24:32.0896 4408  BrUsbSer - ok
20:24:32.0958 4408  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:24:32.0974 4408  BTHMODEM - ok
20:24:32.0990 4408  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:24:32.0990 4408  cdfs - ok
20:24:33.0036 4408  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:24:33.0036 4408  cdrom - ok
20:24:33.0083 4408  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:24:33.0083 4408  CertPropSvc - ok
20:24:33.0130 4408  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:24:33.0130 4408  circlass - ok
20:24:33.0161 4408  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
20:24:33.0161 4408  CLFS - ok
20:24:33.0255 4408  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:33.0302 4408  clr_optimization_v2.0.50727_32 - ok
20:24:33.0333 4408  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:33.0348 4408  clr_optimization_v2.0.50727_64 - ok
20:24:33.0614 4408  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:33.0645 4408  clr_optimization_v4.0.30319_32 - ok
20:24:33.0692 4408  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:33.0692 4408  clr_optimization_v4.0.30319_64 - ok
20:24:33.0738 4408  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:33.0738 4408  CmBatt - ok
20:24:33.0770 4408  [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:24:33.0770 4408  cmdide - ok
20:24:33.0879 4408  [ 12E94E225BD7B05A2BCCD5C0B841E921 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:24:33.0879 4408  Com4QLBEx - ok
20:24:33.0910 4408  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:24:33.0910 4408  Compbatt - ok
20:24:33.0926 4408  COMSysApp - ok
20:24:34.0238 4408  cpuz134 - ok
20:24:34.0269 4408  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:24:34.0269 4408  crcdisk - ok
20:24:34.0316 4408  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:24:34.0316 4408  CryptSvc - ok
20:24:34.0409 4408  [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
20:24:34.0425 4408  ctxusbm - ok
20:24:34.0550 4408  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:24:34.0550 4408  DcomLaunch - ok
20:24:34.0612 4408  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:24:34.0612 4408  DfsC - ok
20:24:34.0768 4408  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
20:24:34.0862 4408  DFSR - ok
20:24:34.0955 4408  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:24:34.0955 4408  Dhcp - ok
20:24:35.0002 4408  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
20:24:35.0002 4408  disk - ok
20:24:35.0080 4408  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:24:35.0080 4408  Dnscache - ok
20:24:35.0174 4408  [ 57AE249F2C6A90476E8E400F0EEC3C56 ] Dokan           C:\Windows\system32\drivers\dokan.sys
20:24:35.0174 4408  Dokan - ok
20:24:35.0236 4408  [ F4FEAE56DA1B5B7DC78D5F9214CDEF5E ] DokanMounter    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
20:24:35.0236 4408  DokanMounter - ok
20:24:35.0298 4408  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:24:35.0298 4408  dot3svc - ok
20:24:35.0345 4408  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:24:35.0345 4408  DPS - ok
20:24:35.0423 4408  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:24:35.0423 4408  drmkaud - ok
20:24:35.0517 4408  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:24:35.0532 4408  DXGKrnl - ok
20:24:35.0579 4408  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:24:35.0579 4408  E1G60 - ok
20:24:35.0657 4408  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:24:35.0657 4408  EapHost - ok
20:24:35.0751 4408  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:24:35.0766 4408  Ecache - ok
20:24:35.0876 4408  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:24:35.0876 4408  ehRecvr - ok
20:24:35.0907 4408  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:24:35.0922 4408  ehSched - ok
20:24:35.0985 4408  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:24:35.0985 4408  ehstart - ok
20:24:36.0032 4408  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:24:36.0047 4408  elxstor - ok
20:24:36.0110 4408  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:24:36.0125 4408  EMDMgmt - ok
20:24:36.0188 4408  [ F218A3A27ED6592C0E22EC3595554447 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
20:24:36.0188 4408  enecir - ok
20:24:36.0234 4408  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:24:36.0234 4408  ErrDev - ok
20:24:36.0297 4408  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
20:24:36.0312 4408  EventSystem - ok
20:24:36.0344 4408  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:24:36.0359 4408  exfat - ok
20:24:36.0359 4408  ezSharedSvc - ok
20:24:36.0375 4408  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:24:36.0390 4408  fastfat - ok
20:24:36.0437 4408  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:24:36.0437 4408  fdc - ok
20:24:36.0484 4408  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:24:36.0484 4408  fdPHost - ok
20:24:36.0484 4408  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:24:36.0484 4408  FDResPub - ok
20:24:36.0515 4408  Fildro - ok
20:24:36.0578 4408  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:24:36.0578 4408  FileInfo - ok
20:24:36.0593 4408  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:24:36.0593 4408  Filetrace - ok
20:24:36.0624 4408  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:36.0624 4408  flpydisk - ok
20:24:36.0656 4408  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:24:36.0671 4408  FltMgr - ok
20:24:36.0827 4408  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
20:24:36.0843 4408  FontCache - ok
20:24:36.0905 4408  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:36.0905 4408  FontCache3.0.0.0 - ok
20:24:36.0952 4408  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:24:36.0952 4408  Fs_Rec - ok
20:24:36.0999 4408  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:24:36.0999 4408  gagp30kx - ok
20:24:37.0124 4408  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:37.0124 4408  GEARAspiWDM - ok
20:24:37.0186 4408  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:24:37.0202 4408  gpsvc - ok
20:24:37.0280 4408  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:37.0280 4408  HdAudAddService - ok
20:24:37.0342 4408  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:37.0358 4408  HDAudBus - ok
20:24:37.0420 4408  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:24:37.0420 4408  HidBth - ok
20:24:37.0436 4408  [ 5F47839455D01FF6403B008D481A6F5B ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:24:37.0451 4408  HidIr - ok
20:24:37.0482 4408  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
20:24:37.0498 4408  hidserv - ok
20:24:37.0529 4408  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:24:37.0529 4408  HidUsb - ok
20:24:37.0560 4408  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:24:37.0576 4408  hkmsvc - ok
20:24:37.0716 4408  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:24:37.0716 4408  HP Health Check Service - ok
20:24:37.0794 4408  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:24:37.0794 4408  HpCISSs - ok
20:24:37.0841 4408  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
20:24:37.0841 4408  hpdskflt - ok
20:24:37.0888 4408  [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:24:37.0904 4408  HpqKbFiltr - ok
20:24:37.0997 4408  [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:24:37.0997 4408  hpqwmiex - ok
20:24:38.0028 4408  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
20:24:38.0044 4408  hpsrv - ok
20:24:38.0153 4408  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:24:38.0169 4408  HTTP - ok
20:24:38.0200 4408  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:24:38.0200 4408  i2omp - ok
20:24:38.0262 4408  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:38.0262 4408  i8042prt - ok
20:24:38.0294 4408  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:24:38.0294 4408  iaStorV - ok
20:24:38.0387 4408  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:38.0450 4408  idsvc - ok
20:24:38.0496 4408  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:24:38.0512 4408  iirsp - ok
20:24:38.0559 4408  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
20:24:38.0574 4408  IKEEXT - ok
20:24:38.0637 4408  [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:24:38.0637 4408  intelide - ok
20:24:38.0668 4408  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:24:38.0684 4408  intelppm - ok
20:24:38.0715 4408  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:24:38.0730 4408  IPBusEnum - ok
20:24:38.0777 4408  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:38.0777 4408  IpFilterDriver - ok
20:24:38.0840 4408  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:24:38.0855 4408  iphlpsvc - ok
20:24:38.0855 4408  IpInIp - ok
20:24:38.0918 4408  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:24:38.0918 4408  IPMIDRV - ok
20:24:38.0949 4408  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:24:38.0949 4408  IPNAT - ok
20:24:39.0198 4408  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:24:39.0261 4408  iPod Service - ok
20:24:39.0308 4408  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:24:39.0308 4408  IRENUM - ok
20:24:39.0370 4408  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:24:39.0370 4408  isapnp - ok
20:24:39.0417 4408  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:39.0417 4408  iScsiPrt - ok
20:24:39.0448 4408  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:24:39.0448 4408  iteatapi - ok
20:24:39.0526 4408  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:24:39.0526 4408  iteraid - ok
20:24:39.0573 4408  [ BB86B1C3489463BBA1FD04C876DBE414 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
20:24:39.0573 4408  JMCR - ok
20:24:39.0588 4408  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:39.0604 4408  kbdclass - ok
20:24:39.0635 4408  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:39.0635 4408  kbdhid - ok
20:24:39.0682 4408  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
20:24:39.0682 4408  KeyIso - ok
20:24:39.0791 4408  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:24:39.0807 4408  KSecDD - ok
20:24:39.0854 4408  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:24:39.0854 4408  ksthunk - ok
20:24:39.0932 4408  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:24:39.0932 4408  KtmRm - ok
20:24:40.0025 4408  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:24:40.0025 4408  LanmanServer - ok
20:24:40.0088 4408  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:40.0088 4408  LanmanWorkstation - ok
20:24:40.0212 4408  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:24:40.0228 4408  LightScribeService - ok
20:24:40.0244 4408  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:24:40.0244 4408  lltdio - ok
20:24:40.0290 4408  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:24:40.0290 4408  lltdsvc - ok
20:24:40.0306 4408  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:24:40.0306 4408  lmhosts - ok
20:24:40.0353 4408  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:24:40.0353 4408  LSI_FC - ok
20:24:40.0384 4408  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:24:40.0400 4408  LSI_SAS - ok
20:24:40.0415 4408  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:24:40.0415 4408  LSI_SCSI - ok
20:24:40.0431 4408  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:24:40.0431 4408  luafv - ok
20:24:40.0602 4408  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
20:24:40.0649 4408  McComponentHostService - ok
20:24:40.0680 4408  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:24:40.0680 4408  Mcx2Svc - ok
20:24:40.0758 4408  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:24:40.0758 4408  megasas - ok
20:24:40.0774 4408  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:24:40.0790 4408  MegaSR - ok
20:24:40.0821 4408  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:24:40.0821 4408  MMCSS - ok
20:24:40.0852 4408  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:24:40.0852 4408  Modem - ok
20:24:40.0868 4408  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:24:40.0868 4408  monitor - ok
20:24:40.0883 4408  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:24:40.0883 4408  mouclass - ok
20:24:40.0961 4408  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:24:40.0961 4408  mouhid - ok
20:24:40.0992 4408  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:24:40.0992 4408  MountMgr - ok
20:24:41.0102 4408  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:41.0133 4408  MozillaMaintenance - ok
20:24:41.0195 4408  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:24:41.0195 4408  mpio - ok
20:24:41.0242 4408  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:24:41.0242 4408  mpsdrv - ok
20:24:41.0367 4408  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:24:41.0367 4408  MpsSvc - ok
20:24:41.0398 4408  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:24:41.0398 4408  Mraid35x - ok
20:24:41.0429 4408  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:24:41.0445 4408  MRxDAV - ok
20:24:41.0492 4408  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:41.0507 4408  mrxsmb - ok
20:24:41.0554 4408  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:41.0554 4408  mrxsmb10 - ok
20:24:41.0570 4408  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:41.0570 4408  mrxsmb20 - ok
20:24:41.0648 4408  [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:24:41.0648 4408  msahci - ok
20:24:41.0694 4408  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:24:41.0694 4408  msdsm - ok
20:24:41.0741 4408  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:24:41.0741 4408  MSDTC - ok
20:24:41.0819 4408  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:24:41.0819 4408  Msfs - ok
20:24:41.0850 4408  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:24:41.0850 4408  msisadrv - ok
20:24:41.0882 4408  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:24:41.0897 4408  MSiSCSI - ok
20:24:41.0897 4408  msiserver - ok
20:24:41.0960 4408  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:24:41.0960 4408  MSKSSRV - ok
20:24:41.0991 4408  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:41.0991 4408  MSPCLOCK - ok
20:24:42.0006 4408  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:24:42.0006 4408  MSPQM - ok
20:24:42.0069 4408  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:24:42.0069 4408  MsRPC - ok
20:24:42.0116 4408  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:42.0116 4408  mssmbios - ok
20:24:42.0178 4408  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:24:42.0178 4408  MSTEE - ok
20:24:42.0209 4408  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:24:42.0209 4408  Mup - ok
20:24:42.0272 4408  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
20:24:42.0287 4408  napagent - ok
20:24:42.0350 4408  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:24:42.0350 4408  NativeWifiP - ok
20:24:42.0443 4408  NAVENG - ok
20:24:42.0443 4408  NAVEX15 - ok
20:24:42.0537 4408  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:24:42.0537 4408  NDIS - ok
20:24:42.0584 4408  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:42.0584 4408  NdisTapi - ok
20:24:42.0630 4408  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:42.0630 4408  Ndisuio - ok
20:24:42.0677 4408  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:42.0693 4408  NdisWan - ok
20:24:42.0724 4408  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:24:42.0724 4408  NDProxy - ok
20:24:42.0818 4408  [ 89FD76A90CBE63F03A70C2D1B85E802C ] NEOFLTR_710_19243 C:\Windows\system32\Drivers\NEOFLTR_710_19243.SYS
20:24:42.0818 4408  NEOFLTR_710_19243 - ok
20:24:42.0864 4408  Nero BackItUp Scheduler 4.0 - ok
20:24:42.0880 4408  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:24:42.0880 4408  NetBIOS - ok
20:24:42.0942 4408  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:24:42.0942 4408  netbt - ok
20:24:42.0974 4408  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
20:24:42.0974 4408  Netlogon - ok
20:24:43.0020 4408  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:24:43.0020 4408  Netman - ok
20:24:43.0067 4408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0098 4408  NetMsmqActivator - ok
20:24:43.0114 4408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0114 4408  NetPipeActivator - ok
20:24:43.0145 4408  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:24:43.0145 4408  netprofm - ok
20:24:43.0161 4408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0161 4408  NetTcpActivator - ok
20:24:43.0176 4408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:43.0176 4408  NetTcpPortSharing - ok
20:24:43.0332 4408  [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64        C:\Windows\system32\DRIVERS\NETw3v64.sys
20:24:43.0426 4408  NETw3v64 - ok
20:24:43.0598 4408  [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
20:24:43.0707 4408  NETw5v64 - ok
20:24:43.0754 4408  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:24:43.0754 4408  nfrd960 - ok
20:24:43.0785 4408  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:24:43.0785 4408  NlaSvc - ok
20:24:43.0863 4408  [ 02C1198276C0D4F39E54EB5148AF1E2A ] nmwcdcx64       C:\Windows\system32\drivers\ccdcmbox64.sys
20:24:43.0863 4408  nmwcdcx64 - ok
20:24:43.0894 4408  [ 76292103C5149EB140419F36DCF26C1B ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
20:24:43.0894 4408  nmwcdnsucx64 - ok
20:24:43.0956 4408  [ 2974296DA6296B4FEA3E313BF98C693D ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
20:24:43.0956 4408  nmwcdnsux64 - ok
20:24:44.0019 4408  [ D8F00FCC82451BDAA3DB93BB62AE6AC3 ] nmwcdx64        C:\Windows\system32\drivers\ccdcmbx64.sys
20:24:44.0019 4408  nmwcdx64 - ok
20:24:44.0019 4408  Norton Internet Security - ok
20:24:44.0097 4408  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:24:44.0097 4408  Npfs - ok
20:24:44.0144 4408  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:24:44.0144 4408  nsi - ok
20:24:44.0175 4408  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:24:44.0175 4408  nsiproxy - ok
20:24:44.0253 4408  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:24:44.0268 4408  Ntfs - ok
20:24:44.0315 4408  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:24:44.0331 4408  Null - ok
20:24:44.0346 4408  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:24:44.0346 4408  nvraid - ok
20:24:44.0362 4408  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:24:44.0362 4408  nvstor - ok
20:24:44.0378 4408  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:24:44.0393 4408  nv_agp - ok
20:24:44.0393 4408  NwlnkFlt - ok
20:24:44.0393 4408  NwlnkFwd - ok
20:24:44.0471 4408  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:44.0487 4408  ohci1394 - ok
20:24:44.0549 4408  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:44.0565 4408  ose - ok
20:24:44.0674 4408  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:24:44.0721 4408  p2pimsvc - ok
20:24:44.0736 4408  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
20:24:44.0752 4408  p2psvc - ok
20:24:44.0814 4408  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:24:44.0814 4408  Parport - ok
20:24:44.0861 4408  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:24:44.0861 4408  partmgr - ok
20:24:44.0908 4408  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:24:44.0908 4408  PcaSvc - ok
20:24:44.0986 4408  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:24:44.0986 4408  pccsmcfd - ok
20:24:45.0033 4408  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
20:24:45.0033 4408  pci - ok
20:24:45.0095 4408  [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide          C:\Windows\system32\drivers\pciide.sys
20:24:45.0095 4408  pciide - ok
20:24:45.0111 4408  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:24:45.0111 4408  pcmcia - ok
20:24:45.0158 4408  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:24:45.0173 4408  PEAUTH - ok
20:24:45.0282 4408  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:24:45.0282 4408  PerfHost - ok
20:24:45.0392 4408  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:24:45.0407 4408  pla - ok
20:24:45.0454 4408  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:24:45.0470 4408  PlugPlay - ok
20:24:45.0501 4408  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:24:45.0516 4408  PNRPAutoReg - ok
20:24:45.0532 4408  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:24:45.0532 4408  PNRPsvc - ok
20:24:45.0594 4408  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:24:45.0594 4408  PolicyAgent - ok
20:24:45.0688 4408  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:24:45.0688 4408  PptpMiniport - ok
20:24:45.0735 4408  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:24:45.0735 4408  Processor - ok
20:24:45.0782 4408  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:24:45.0782 4408  ProfSvc - ok
20:24:45.0813 4408  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:45.0813 4408  ProtectedStorage - ok
20:24:45.0860 4408  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:24:45.0860 4408  PSched - ok
20:24:45.0938 4408  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:24:45.0953 4408  ql2300 - ok
20:24:45.0969 4408  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:24:45.0969 4408  ql40xx - ok
20:24:46.0016 4408  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:24:46.0031 4408  QWAVE - ok
20:24:46.0062 4408  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:24:46.0078 4408  QWAVEdrv - ok
20:24:46.0156 4408  [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
20:24:46.0156 4408  RapiMgr - ok
20:24:46.0203 4408  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:24:46.0218 4408  RasAcd - ok
20:24:46.0250 4408  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:24:46.0250 4408  RasAuto - ok
20:24:46.0296 4408  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:46.0296 4408  Rasl2tp - ok
20:24:46.0359 4408  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
20:24:46.0359 4408  RasMan - ok
20:24:46.0390 4408  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:46.0390 4408  RasPppoe - ok
20:24:46.0452 4408  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:24:46.0468 4408  RasSstp - ok
20:24:46.0484 4408  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:24:46.0499 4408  rdbss - ok
20:24:46.0546 4408  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:46.0546 4408  RDPCDD - ok
20:24:46.0593 4408  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:24:46.0593 4408  rdpdr - ok
20:24:46.0624 4408  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:24:46.0624 4408  RDPENCDD - ok
20:24:46.0686 4408  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:24:46.0686 4408  RDPWD - ok
20:24:46.0749 4408  [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
20:24:46.0796 4408  Recovery Service for Windows - ok
20:24:46.0858 4408  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:24:46.0858 4408  RemoteAccess - ok
20:24:46.0920 4408  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:24:46.0936 4408  RemoteRegistry - ok
20:24:47.0045 4408  [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:24:47.0108 4408  RichVideo - ok
20:24:47.0139 4408  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:24:47.0139 4408  RpcLocator - ok
20:24:47.0217 4408  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\System32\rpcss.dll
20:24:47.0232 4408  RpcSs - ok
20:24:47.0295 4408  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:24:47.0295 4408  rspndr - ok
20:24:47.0373 4408  [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
20:24:47.0373 4408  RTL8169 - ok
20:24:47.0404 4408  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
20:24:47.0404 4408  SamSs - ok
20:24:47.0498 4408  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:24:47.0498 4408  SASDIFSV - ok
20:24:47.0513 4408  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:24:47.0529 4408  SASKUTIL - ok
20:24:47.0576 4408  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:24:47.0576 4408  sbp2port - ok
20:24:47.0622 4408  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:24:47.0638 4408  SCardSvr - ok
20:24:47.0700 4408  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
20:24:47.0732 4408  Schedule - ok
20:24:47.0778 4408  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:24:47.0778 4408  SCPolicySvc - ok
20:24:47.0841 4408  [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:24:47.0841 4408  sdbus - ok
20:24:47.0888 4408  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:24:47.0888 4408  SDRSVC - ok
20:24:48.0122 4408  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:24:48.0122 4408  SearchAnonymizer - ok
20:24:48.0153 4408  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:24:48.0153 4408  secdrv - ok
20:24:48.0231 4408  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:24:48.0231 4408  seclogon - ok
20:24:48.0246 4408  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
20:24:48.0262 4408  SENS - ok
20:24:48.0278 4408  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:24:48.0278 4408  Serenum - ok
20:24:48.0309 4408  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:24:48.0309 4408  Serial - ok
20:24:48.0340 4408  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:24:48.0340 4408  sermouse - ok
20:24:48.0465 4408  [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:24:48.0496 4408  ServiceLayer - ok
20:24:48.0574 4408  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:24:48.0574 4408  SessionEnv - ok
20:24:48.0621 4408  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:24:48.0621 4408  sffdisk - ok
20:24:48.0636 4408  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:24:48.0636 4408  sffp_mmc - ok
20:24:48.0652 4408  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:24:48.0668 4408  sffp_sd - ok
20:24:48.0683 4408  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:24:48.0683 4408  sfloppy - ok
20:24:48.0730 4408  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:24:48.0730 4408  SharedAccess - ok
20:24:48.0792 4408  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:48.0808 4408  ShellHWDetection - ok
20:24:48.0855 4408  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:24:48.0870 4408  SiSRaid2 - ok
20:24:48.0886 4408  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:24:48.0902 4408  SiSRaid4 - ok
20:24:48.0980 4408  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:49.0120 4408  SkypeUpdate - ok
20:24:49.0260 4408  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
20:24:49.0338 4408  slsvc - ok
20:24:49.0401 4408  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:24:49.0416 4408  SLUINotify - ok
20:24:49.0479 4408  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:24:49.0479 4408  Smb - ok
20:24:49.0541 4408  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:24:49.0557 4408  SNMPTRAP - ok
20:24:49.0604 4408  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
20:24:49.0604 4408  spldr - ok
20:24:49.0635 4408  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
20:24:49.0650 4408  Spooler - ok
20:24:49.0666 4408  SRTSP - ok
20:24:49.0666 4408  SRTSPX - ok
20:24:49.0728 4408  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:24:49.0744 4408  srv - ok
20:24:49.0791 4408  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:24:49.0806 4408  srv2 - ok
20:24:49.0838 4408  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:24:49.0838 4408  srvnet - ok
20:24:49.0884 4408  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:24:49.0900 4408  SSDPSRV - ok
20:24:49.0962 4408  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:24:49.0962 4408  SstpSvc - ok
20:24:50.0103 4408  [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
20:24:50.0118 4408  STacSV - ok
20:24:50.0212 4408  [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:24:50.0228 4408  STHDA - ok
20:24:50.0290 4408  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
20:24:50.0321 4408  stisvc - ok
20:24:50.0352 4408  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:24:50.0352 4408  swenum - ok
20:24:50.0415 4408  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
20:24:50.0430 4408  swprv - ok
20:24:50.0462 4408  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:24:50.0462 4408  Symc8xx - ok
20:24:50.0524 4408  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:24:50.0524 4408  Sym_hi - ok
20:24:50.0540 4408  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:24:50.0540 4408  Sym_u3 - ok
20:24:50.0602 4408  [ 3A706A967295E16511E40842B1A2761D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:24:50.0618 4408  SynTP - ok
20:24:50.0696 4408  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
20:24:50.0711 4408  SysMain - ok
20:24:50.0758 4408  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:50.0758 4408  TabletInputService - ok
20:24:50.0805 4408  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:24:50.0805 4408  TapiSrv - ok
20:24:50.0852 4408  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:24:50.0852 4408  TBS - ok
20:24:50.0945 4408  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:24:50.0976 4408  Tcpip - ok
20:24:51.0023 4408  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:24:51.0039 4408  Tcpip6 - ok
20:24:51.0101 4408  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:24:51.0117 4408  tcpipreg - ok
20:24:51.0148 4408  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0148 4408  TDPIPE - ok
20:24:51.0164 4408  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0164 4408  TDTCP - ok
20:24:51.0210 4408  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0210 4408  tdx - ok
20:24:51.0257 4408  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0257 4408  TermDD - ok
20:24:51.0288 4408  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
20:24:51.0288 4408  TermService - ok
20:24:51.0335 4408  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
20:24:51.0335 4408  Themes - ok
20:24:51.0382 4408  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:24:51.0382 4408  THREADORDER - ok
20:24:51.0460 4408  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:24:51.0476 4408  TomTomHOMEService - ok
20:24:51.0507 4408  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:24:51.0507 4408  TrkWks - ok
20:24:51.0585 4408  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0600 4408  TrustedInstaller - ok
20:24:51.0632 4408  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0632 4408  tssecsrv - ok
20:24:51.0694 4408  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:24:51.0694 4408  tunmp - ok
20:24:51.0725 4408  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:24:51.0725 4408  tunnel - ok
20:24:51.0928 4408  [ 1C31169DDDC70C1605F703DA701EAEEA ] TVCapSvc        C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
20:24:51.0928 4408  TVCapSvc - ok
20:24:51.0944 4408  [ 290B8C381DBC15D3DBCBD2BDB6B0BA12 ] TVSched         C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
20:24:51.0959 4408  TVSched - ok
20:24:52.0006 4408  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:24:52.0006 4408  uagp35 - ok
20:24:52.0084 4408  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0084 4408  udfs - ok
20:24:52.0131 4408  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:24:52.0146 4408  UI0Detect - ok
20:24:52.0178 4408  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:24:52.0178 4408  uliagpkx - ok
20:24:52.0209 4408  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:24:52.0209 4408  uliahci - ok
20:24:52.0240 4408  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:24:52.0240 4408  UlSata - ok
20:24:52.0287 4408  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:24:52.0287 4408  ulsata2 - ok
20:24:52.0318 4408  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:24:52.0318 4408  umbus - ok
20:24:52.0380 4408  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:24:52.0380 4408  upnphost - ok
20:24:52.0427 4408  [ 9856C38AB8FAACCA4DD99DAC7B42F838 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:24:52.0443 4408  upperdev - ok
20:24:52.0490 4408  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:24:52.0505 4408  USBAAPL64 - ok
20:24:52.0599 4408  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:24:52.0599 4408  usbaudio - ok
20:24:52.0661 4408  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:52.0661 4408  usbccgp - ok
20:24:52.0692 4408  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:24:52.0692 4408  usbcir - ok
20:24:52.0724 4408  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:24:52.0724 4408  usbehci - ok
20:24:52.0786 4408  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:24:52.0786 4408  usbhub - ok
20:24:52.0848 4408  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:24:52.0848 4408  usbohci - ok
20:24:52.0864 4408  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:24:52.0864 4408  usbprint - ok
20:24:52.0911 4408  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:24:52.0911 4408  usbscan - ok
20:24:52.0973 4408  [ F7386007FB19E7685FC7B298560AA81F ] usbser          C:\Windows\system32\drivers\usbser.sys
20:24:52.0973 4408  usbser - ok
20:24:53.0004 4408  [ 89123DC822AC7A708BD4C9E196A37610 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
20:24:53.0004 4408  UsbserFilt - ok
20:24:53.0082 4408  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:53.0082 4408  USBSTOR - ok
20:24:53.0129 4408  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:53.0129 4408  usbuhci - ok
20:24:53.0192 4408  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:24:53.0207 4408  usbvideo - ok
20:24:53.0254 4408  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
20:24:53.0254 4408  UxSms - ok
20:24:53.0285 4408  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
20:24:53.0301 4408  vds - ok
20:24:53.0379 4408  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:53.0394 4408  vga - ok
20:24:53.0410 4408  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:24:53.0410 4408  VgaSave - ok
20:24:53.0426 4408  [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide          C:\Windows\system32\drivers\viaide.sys
20:24:53.0426 4408  viaide - ok
20:24:53.0457 4408  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:24:53.0457 4408  volmgr - ok
20:24:53.0519 4408  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:24:53.0535 4408  volmgrx - ok
20:24:53.0597 4408  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:24:53.0597 4408  volsnap - ok
20:24:53.0644 4408  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:24:53.0644 4408  vsmraid - ok
20:24:53.0722 4408  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
20:24:53.0738 4408  VSS - ok
20:24:53.0753 4408  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
20:24:53.0769 4408  W32Time - ok
20:24:53.0816 4408  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:24:53.0816 4408  WacomPen - ok
20:24:53.0909 4408  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:24:53.0909 4408  Wanarp - ok
20:24:53.0909 4408  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:24:53.0909 4408  Wanarpv6 - ok
20:24:53.0956 4408  [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
20:24:53.0972 4408  WcesComm - ok
20:24:54.0003 4408  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:24:54.0018 4408  wcncsvc - ok
20:24:54.0065 4408  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:54.0081 4408  WcsPlugInService - ok
20:24:54.0112 4408  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:24:54.0112 4408  Wd - ok
20:24:54.0206 4408  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:24:54.0252 4408  Wdf01000 - ok
20:24:54.0284 4408  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:24:54.0284 4408  WdiServiceHost - ok
20:24:54.0299 4408  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:24:54.0299 4408  WdiSystemHost - ok
20:24:54.0362 4408  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
20:24:54.0362 4408  WebClient - ok
20:24:54.0424 4408  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:24:54.0440 4408  Wecsvc - ok
20:24:54.0471 4408  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:24:54.0486 4408  wercplsupport - ok
20:24:54.0502 4408  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
20:24:54.0502 4408  WerSvc - ok
20:24:54.0564 4408  WinDefend - ok
20:24:54.0596 4408  WinHttpAutoProxySvc - ok
20:24:54.0658 4408  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:24:54.0689 4408  Winmgmt - ok
20:24:54.0798 4408  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:24:54.0845 4408  WinRM - ok
20:24:54.0908 4408  [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
20:24:54.0908 4408  winusb - ok
20:24:54.0954 4408  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:24:54.0970 4408  Wlansvc - ok
20:24:55.0126 4408  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:55.0173 4408  wlidsvc - ok
20:24:55.0220 4408  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:55.0220 4408  WmiAcpi - ok
20:24:55.0266 4408  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:24:55.0282 4408  wmiApSrv - ok
20:24:55.0329 4408  WMPNetworkSvc - ok
20:24:55.0360 4408  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:24:55.0360 4408  WPCSvc - ok
20:24:55.0438 4408  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:24:55.0438 4408  WPDBusEnum - ok
20:24:55.0485 4408  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:24:55.0485 4408  WpdUsb - ok
20:24:55.0906 4408  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:24:55.0953 4408  WPFFontCache_v0400 - ok
20:24:56.0000 4408  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:24:56.0000 4408  ws2ifsl - ok
20:24:56.0124 4408  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
20:24:56.0140 4408  wscsvc - ok
20:24:56.0140 4408  WSearch - ok
20:24:56.0296 4408  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:24:56.0358 4408  wuauserv - ok
20:24:56.0405 4408  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:56.0405 4408  WUDFRd - ok
20:24:56.0436 4408  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:24:56.0452 4408  wudfsvc - ok
20:24:56.0530 4408  [ 07F7285220307AAFB755D890295F0F9A ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
20:24:56.0530 4408  yukonx64 - ok
20:24:56.0624 4408  [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
20:24:56.0624 4408  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
20:24:56.0624 4408  ================ Scan global ===============================
20:24:56.0702 4408  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:24:56.0748 4408  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:24:56.0780 4408  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:24:56.0858 4408  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:24:56.0858 4408  [Global] - ok
20:24:56.0858 4408  ================ Scan MBR ==================================
20:24:56.0889 4408  [ 48E3F1D37D7213D84BE3E5B9893067F6 ] \Device\Harddisk0\DR0
20:24:58.0308 4408  \Device\Harddisk0\DR0 - ok
20:24:58.0308 4408  ================ Scan VBR ==================================
20:24:58.0340 4408  [ 4F671ACB12D2B23C2A215D3B242A1E8F ] \Device\Harddisk0\DR0\Partition1
20:24:58.0340 4408  \Device\Harddisk0\DR0\Partition1 - ok
20:24:58.0386 4408  [ 7B194D67144E38317068B1DBCA999781 ] \Device\Harddisk0\DR0\Partition2
20:24:58.0386 4408  \Device\Harddisk0\DR0\Partition2 - ok
20:24:58.0386 4408  ============================================================
20:24:58.0386 4408  Scan finished
20:24:58.0386 4408  ============================================================
20:24:58.0402 4804  Detected object count: 0
20:24:58.0402 4804  Actual detected object count: 0
         
Schritt 4 / DDS+
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Andreas at 22:02:46 on 2013-01-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4092.2499 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AAVUpdateManager\aavus.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andreas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Programme\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webzugang.brnet.de/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{552B14CB-20AD-4649-BAFC-D79E76C6329F} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
x64-Run: [Ocs_SM] C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-08-21 16:22; firejump@firejump.net; C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\extensions\firejump@firejump.net
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-10 27800]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2011-11-13 99152]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/20 03:13:30];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-3-2 89600]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-10 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-10 109344]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-10 99912]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2010-7-6 106888]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 30520]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-21 365952]
R2 SearchAnonymizer;SearchAnonymizer;C:\Users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-8-21 40960]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-21 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-4-17 138592]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-21 3154432]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-2-9 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2009-3-19 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2009-3-19 172544]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-2-9 18944]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-5-26 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: FRONTPG.EXE: edit=C:\Programme\Microsoft Office\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2012-12-16 13:31:20	48128	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21	368128	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29	293376	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-13 19:39:42	73656	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 19:39:42	697272	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-13 17:56:39	67413224	----a-w-	C:\Windows\System32\mrt.exe
2012-12-11 17:12:00	129216	----a-w-	C:\Windows\System32\drivers\avipbb.sys
2012-12-11 17:11:59	99912	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2012-11-14 07:06:18	17811968	----a-w-	C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33	10925568	----a-w-	C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44	1346048	----a-w-	C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-11-14 06:02:49	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04	237056	----a-w-	C:\Windows\System32\url.dll
2012-11-14 05:59:52	85504	----a-w-	C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36	816640	----a-w-	C:\Windows\System32\jscript.dll
2012-11-14 05:57:46	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45	2144768	----a-w-	C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26	729088	----a-w-	C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22	96768	----a-w-	C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25	248320	----a-w-	C:\Windows\System32\ieui.dll
2012-11-14 02:48:26	12320256	----a-w-	C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59	9738240	----a-w-	C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44	1103872	----a-w-	C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46	231936	----a-w-	C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44	65024	----a-w-	C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19	717824	----a-w-	C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20	607744	----a-w-	C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38	1793024	----a-w-	C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01	73216	----a-w-	C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30	176640	----a-w-	C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22	2770432	----a-w-	C:\Windows\System32\win32k.sys
2012-11-13 01:45:48	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-13 01:29:51	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-11-02 10:45:52	477696	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51	68096	----a-w-	C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17	376320	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56	26112	----a-w-	C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06	23040	----a-w-	C:\Windows\SysWow64\dpnsvr.exe
2012-10-20 07:17:26	95208	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 07:17:24	821736	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-10-20 07:17:24	746984	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-10-20 07:17:24	246760	----a-w-	C:\Windows\SysWow64\javaws.exe
2012-10-20 07:17:24	174056	----a-w-	C:\Windows\SysWow64\javaw.exe
2012-10-20 07:17:24	174056	----a-w-	C:\Windows\SysWow64\java.exe
.
============= FINISH: 22:03:34,37 ===============
         
--- --- ---


Schritt 4 / DDS+-Attach
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 20.03.2009 02:34:19
System Uptime: 08.01.2013 19:02:43 (3 hours ago)
.
Motherboard: Quanta |  | 3624
Processor: Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz | CPU | 2400/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 235,511 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1,928 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
AAVUpdateManager
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Reader X (10.1.4) - Deutsch
Advanced Renamer
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 2012 v.10.0.15
ATI Catalyst Install Manager
Audacity 2.0
Audiograbber 1.83 SE 
Audiograbber Lame-MP3-Plugin
AutoUpdate
Avira Free Antivirus
Bigasoft Audio Converter 3.7.16.4643
BILD-Steuer 2010
Bonjour
CanoScan Toolbox Ver4.9
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix Online Plug-in - Web
Citrix Online Plug-in (DV)
Citrix Online Plug-in (HDX)
Citrix Online Plug-in (USB)
Citrix Online Plug-in (Web)
Compatibility Pack für 2007 Office System
CyberLink DVD Suite
D3DX10
Desktop Icon für Amazon
DIE SIEDLER III MISSION CD
DivX Codec
DivX Converter
DivX Version Checker
DivX Web Player
dm-Fotowelt
Dokan Library 0.5.3
Dropbox
ElsterFormular
ElsterFormular-Update
ESET Online Scanner v3
ESU for Microsoft Vista
FileZilla Client 3.5.3
FireJump
Free Audio CD Burner version 1.4.7
Free Studio version 5.7.3.903
Free WAV to MP3 Converter
Free YouTube to MP3 Converter version 3.11.32.918
GMX SMS-Manager
Google Calendar Sync
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0134
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
ImagXpress
IrfanView (remove only)
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 35
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller Driver
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
K-Lite Codec Pack 9.2.0 (64-bit)
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software
Logitech Z-series Software 1.04
Malwarebytes Anti-Malware Version 1.65.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional mit FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
mIRC
MixPad Audio Mixer
MozBackup 1.5.1
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 de)
MSVC80_x64
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
NCH Toolbox
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
No23 Recorder
Nokia Connectivity Cable Driver
PC Connectivity Solution
PC Inspector smart recovery
PDF24 Creator 4.1.2
Phase 5 HTML-Editor
Pidgin
Pixum Fotobuch
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QIP 2010 3.1.6116
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RedMon - Redirection Port Monitor
Reimage Repair
SearchAnonymizer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
Siedler3
SimonT Hockey Simulator Support Files
Skins
Skype Click to Call
Skype™ 5.8
SopCast 3.2.8
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tinypic 3.18
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VideoPad Videobearbeitungs-Software
WavePad Audiobearbeitungs-Software
Winamp
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
Windows-Treiberpaket - Hewlett-Packard Image  (04/27/2007 9.0.0.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR
xp-AntiSpy 3.97-2
.
==== End Of File ===========================
         
Schritt 5 / GMER
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-08 22:30:11
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG002C 465,76GB
Running: GMER.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys


---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:3068]                                   000000006e938d07
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:356]                                    000000006e938fdc
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1148]                                   0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1088]                                   000000006e9388f0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:1452]                                   0000000072927456
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:4480]                                   0000000075643402
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264:3928]                                   0000000075643402
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2456]                                 0000000074f3f36f
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2464]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2496]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2500]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:2580]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3204]                                 00000000736ae2db
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3208]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3212]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3216]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3220]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3228]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3236]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3240]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3252]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3260]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3264]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3268]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3272]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3276]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3280]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3284]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3288]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3292]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3296]                                 0000000073d0c41c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3312]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3316]                                 000000006ea48de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3320]                                 000000006ea48de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3324]                                 000000006ea48de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3328]                                 000000006ea44e00
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:3448]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448:4664]                                 0000000073d0c59c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2584:2648]                      000007fefbebb8ec
Thread   C:\Windows\system32\SearchIndexer.exe [2704:3912]                                                    000007fef42539f0
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2196]  0000000073210000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264]               0000000077200000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2448]             0000000077200000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2584]  00000000701b0000
Library  ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [2704]                                000007fefe420000

---- EOF - GMER 2.0 ----
         

Alt 09.01.2013, 16:23   #13
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



Hm nichts verdächtiges ...


Schritt 1:
Windows-Defender abschalten

Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
  • Gehe in die Systemsteuerung und klicke auf Windows Defender.
  • Klicke Extras > Optionen.
  • Administratoroptionen > Haken entfernen bei Windows Defender verwenden.
  • Bestätige und schliesse alle offenen Fenster.


Schritt 2:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.01.2013, 22:45   #14
schustan
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



et voila ...

Code:
ATTFilter
ComboFix 13-01-08.01 - Andreas 09.01.2013  19:51:03.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4092.2160 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 19:00 . 2013-01-09 19:00	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-01-09 19:00 . 2013-01-09 19:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-09 19:00 . 2013-01-09 19:00	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2013-01-09 16:00 . 2013-01-09 18:46	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird 16
2013-01-08 08:31 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{105CB14D-FF86-4A02-BB87-5409B9DD83C9}\mpengine.dll
2013-01-06 12:14 . 2013-01-06 12:14	--------	d--h--w-	c:\users\Andreas\.shsh
2013-01-05 19:37 . 2013-01-06 10:31	--------	d-----w-	c:\users\Andreas\AppData\Roaming\PCToolsFirewallPlus
2013-01-05 19:30 . 2013-01-06 10:31	--------	d-----w-	c:\program files (x86)\PC Tools Firewall Plus
2013-01-05 17:03 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-05 17:02 . 2013-01-05 17:02	--------	d-----w-	c:\program files\iPod
2013-01-05 17:02 . 2013-01-05 17:03	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-05 17:02 . 2013-01-05 17:03	--------	d-----w-	c:\program files\iTunes
2013-01-05 17:02 . 2013-01-05 17:03	--------	d-----w-	c:\program files (x86)\iTunes
2013-01-05 16:59 . 2013-01-05 16:59	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-01-05 16:54 . 2013-01-05 16:54	--------	d-----w-	c:\program files\Bonjour
2013-01-05 16:54 . 2013-01-05 16:54	--------	d-----w-	c:\program files (x86)\Bonjour
2012-12-22 02:02 . 2012-12-16 13:31	48128	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 02:02 . 2012-12-16 13:12	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 02:02 . 2012-12-16 11:08	368128	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 02:02 . 2012-12-16 10:50	293376	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-13 17:54 . 2012-11-14 07:11	763424	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-12-13 08:03 . 2012-09-28 16:34	1210368	----a-w-	c:\windows\system32\kernel32.dll
2012-12-13 08:03 . 2012-08-21 11:50	267648	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-13 08:03 . 2012-11-13 01:55	2770432	----a-w-	c:\windows\system32\win32k.sys
2012-12-13 08:03 . 2012-11-13 01:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 08:03 . 2012-11-13 01:29	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-13 08:03 . 2012-11-02 10:45	477696	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 08:03 . 2012-11-02 10:45	68096	----a-w-	c:\windows\system32\dpnathlp.dll
2012-12-13 08:03 . 2012-11-02 10:18	376320	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-13 08:03 . 2012-11-02 08:59	26112	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-13 08:03 . 2012-11-02 08:26	23040	----a-w-	c:\windows\SysWow64\dpnsvr.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 19:39 . 2012-08-18 18:25	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 19:39 . 2011-05-31 06:56	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 17:56 . 2006-11-02 12:35	67413224	----a-w-	c:\windows\system32\mrt.exe
2012-12-11 17:12 . 2012-10-10 21:18	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 17:11 . 2012-10-10 21:18	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-20 07:17 . 2012-10-20 07:17	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 07:17 . 2012-08-18 17:52	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-10-20 07:17 . 2010-05-12 05:05	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-03-02 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2010-07-06 c:\windows\Tasks\{05622D7C-E102-421F-B9BD-F587BF569F37}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2010-07-06 c:\windows\Tasks\{26D45942-2C27-4338-93C2-049F1A435729}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{5B63F7D2-B10D-4B25-BCB3-4D2BBBDB9ABC}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{6E02B945-C0CE-453A-9BA6-230DC76E1BAC}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2011-04-01 c:\windows\Tasks\{83EBD7E3-5521-4D5A-897A-E105084669EA}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2012-10-27 19:16]
.
2009-05-18 c:\windows\Tasks\{B9B31758-9ABD-4FBC-875D-D4AA867B25D5}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 790552]
"Ocs_SM"="c:\users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page = 
mDefault_Page_URL = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/
FF - ExtSQL: !HIDDEN! 2012-08-21 16:22; firejump@firejump.net; c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
AddRemove-Winamp - c:\programme\Winamp\UninstWA.exe
AddRemove-WinRAR archiver - c:\programme\WinRaR\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dokan\DokanLibrary\mounter.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-09  20:13:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-09 19:13
.
Vor Suchlauf: 18 Verzeichnis(se), 253.572.988.928 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 253.852.020.736 Bytes frei
.
- - End Of File - - 27F454D55194BF63DD763E2878DCF660
         

Alt 09.01.2013, 22:50   #15
ryder
/// TB-Ausbilder
 
kann Windows-Firewall nicht mehr starten ... - Standard

kann Windows-Firewall nicht mehr starten ...



So gut. Also keine Malware.

Deinstalliere mal das hier:
c:\program files (x86)\PC Tools Firewall Plus
Ausserdem Super Anti Spyware

Ausserdem hiermit Reste entfernen:
ftp://ftp.symantec.com/public/englis...moval_Tool.exe

und wenn das nicht hilft gehen mir dann auch langsam die Ideen aus.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu kann Windows-Firewall nicht mehr starten ...
angezeigt, arten, ausgeführt, beheben, dankbar, dienst, einfach, einschalten, fehlermeldung, festgestellt, gen, gestartet, gestellt, konnte, manuell, nicht mehr, problem, schalten, sicherheitscenter, starte, starten, virenproblem, windows firewall, windows-firewall, zugehörige



Ähnliche Themen: kann Windows-Firewall nicht mehr starten ...


  1. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (12)
  2. Firewall lässt sich nicht mehr starten
    Alles rund um Windows - 30.03.2015 (15)
  3. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (11)
  4. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Antiviren-, Firewall- und andere Schutzprogramme - 09.12.2014 (19)
  5. Windows-Sicherheitscenter war deaktiviert - nun kann ich Windows-Defender nicht mehr starten
    Log-Analyse und Auswertung - 20.12.2013 (13)
  6. Nach Virusbefall (TR/ATRAPS.Gen) kann ich meine Firewall nicht starten!
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (22)
  7. 2x Nach Virusbefall kann ich meine Firewall nicht starten / TR/ATRAPS.Gen
    Mülltonne - 15.11.2013 (5)
  8. Firewall und Defender lassen sich nicht mehr starten nach 0.Access Virus.
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (4)
  9. Windows wurde aus Sicherheitsgründen blockiert, ich kann den Laptop nicht mehr normal starten
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (20)
  10. Google Suchergebnisse werden weiter geleitet Windows 7 Firewall kann nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 15.07.2011 (19)
  11. Firewall lässt sich nicht mehr starten - ist mein System infiziert?
    Log-Analyse und Auswertung - 24.08.2010 (11)
  12. Programme starten nicht mehr / Explorer nicht mehr durch Firewall blockiert
    Log-Analyse und Auswertung - 08.10.2009 (11)
  13. Kann keine EXE mehr starten, und viele Internetseiten funktionieren nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 24.08.2009 (6)
  14. Windows Firewall lässt sich net mehr starten.
    Plagegeister aller Art und deren Bekämpfung - 21.08.2009 (17)
  15. Outpost Firewall und Antivir starten nicht mehr; virtumonde
    Log-Analyse und Auswertung - 24.12.2007 (20)
  16. Kann Windows nicht mehr richtig starten
    Mülltonne - 22.01.2007 (1)
  17. Kann Windows nicht mehr richtig starten
    Plagegeister aller Art und deren Bekämpfung - 22.01.2007 (3)

Zum Thema kann Windows-Firewall nicht mehr starten ... - Hallo, nach einem (gelösten) Virenproblem habe ich festgestellt, dass ich meine Windows-Firewall nicht mehr starten kann. Klicke ich auf "Jetzt einschalten", heißt es "Das Sicherheitscenter konnte die Windows Firewall nicht - kann Windows-Firewall nicht mehr starten ......
Archiv
Du betrachtest: kann Windows-Firewall nicht mehr starten ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.