| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WOW Account wurde gehackt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2012, 12:36
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  WOW Account wurde gehackt! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
:Files
C:\found.0??
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2012, 12:50
| #17 |
 | WOW Account wurde gehackt! Die Daten vom OTL-Fix:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
File D:\.\Bin\ASSETUP.exe not found.
========== FILES ==========
C:\found.000\dir0000.chk\{6b81c248-9ebd-4693-ad30-338acce4c9e8} folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Micha
->Temp folder emptied: 679991304 bytes
->Temporary Internet Files folder emptied: 453237039 bytes
->Java cache emptied: 1245488 bytes
->FireFox cache emptied: 20616416 bytes
->Google Chrome cache emptied: 7670993 bytes
->Flash cache emptied: 25895 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 503152 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116937026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.221,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_134527
Files\Folders moved on Reboot...
C:\Users\Micha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
27.03.2012, 13:42
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
27.03.2012, 14:02
| #19 |
| | WOW Account wurde gehackt! Hier die TDSS-Killer logs: Code:
ATTFilter 14:59:10.0408 4892 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:59:10.0518 4892 ============================================================
14:59:10.0518 4892 Current date / time: 2012/03/27 14:59:10.0518
14:59:10.0518 4892 SystemInfo:
14:59:10.0518 4892
14:59:10.0518 4892 OS Version: 6.1.7601 ServicePack: 1.0
14:59:10.0518 4892 Product type: Workstation
14:59:10.0518 4892 ComputerName: MICHA-PC
14:59:10.0518 4892 UserName: Micha
14:59:10.0518 4892 Windows directory: C:\Windows
14:59:10.0518 4892 System windows directory: C:\Windows
14:59:10.0518 4892 Running under WOW64
14:59:10.0518 4892 Processor architecture: Intel x64
14:59:10.0518 4892 Number of processors: 6
14:59:10.0518 4892 Page size: 0x1000
14:59:10.0518 4892 Boot type: Normal boot
14:59:10.0518 4892 ============================================================
14:59:10.0783 4892 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:59:10.0798 4892 \Device\Harddisk0\DR0:
14:59:10.0798 4892 MBR used
14:59:10.0798 4892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E572B0
14:59:10.0814 4892 Initialize success
14:59:10.0814 4892 ============================================================
15:00:12.0400 3336 ============================================================
15:00:12.0400 3336 Scan started
15:00:12.0400 3336 Mode: Manual; SigCheck; TDLFS;
15:00:12.0400 3336 ============================================================
15:00:12.0821 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:00:12.0930 3336 1394ohci - ok
15:00:12.0977 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:00:12.0993 3336 ACPI - ok
15:00:13.0008 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:00:13.0039 3336 AcpiPmi - ok
15:00:13.0071 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:00:13.0086 3336 adp94xx - ok
15:00:13.0117 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:00:13.0133 3336 adpahci - ok
15:00:13.0164 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:00:13.0180 3336 adpu320 - ok
15:00:13.0227 3336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:00:13.0414 3336 AeLookupSvc - ok
15:00:13.0476 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:00:13.0554 3336 AFD - ok
15:00:13.0632 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:00:13.0648 3336 agp440 - ok
15:00:13.0663 3336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:00:13.0695 3336 ALG - ok
15:00:13.0710 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:00:13.0726 3336 aliide - ok
15:00:13.0804 3336 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
15:00:13.0897 3336 AMD External Events Utility - ok
15:00:13.0944 3336 AMD FUEL Service - ok
15:00:13.0975 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:00:13.0991 3336 amdide - ok
15:00:14.0007 3336 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:00:14.0053 3336 amdiox64 - ok
15:00:14.0069 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:00:14.0100 3336 AmdK8 - ok
15:00:14.0303 3336 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:14.0553 3336 amdkmdag - ok
15:00:14.0584 3336 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:00:14.0631 3336 amdkmdap - ok
15:00:14.0677 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:00:14.0724 3336 AmdPPM - ok
15:00:14.0771 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:00:14.0787 3336 amdsata - ok
15:00:14.0818 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:00:14.0833 3336 amdsbs - ok
15:00:14.0849 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:00:14.0865 3336 amdxata - ok
15:00:14.0880 3336 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
15:00:14.0896 3336 amd_sata - ok
15:00:14.0911 3336 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
15:00:14.0927 3336 amd_xata - ok
15:00:14.0974 3336 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:00:14.0989 3336 AODDriver4.01 - ok
15:00:15.0005 3336 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:00:15.0021 3336 AODDriver4.1 - ok
15:00:15.0052 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:00:15.0099 3336 AppID - ok
15:00:15.0130 3336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:00:15.0192 3336 AppIDSvc - ok
15:00:15.0208 3336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:00:15.0286 3336 Appinfo - ok
15:00:15.0301 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:00:15.0317 3336 arc - ok
15:00:15.0317 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:00:15.0333 3336 arcsas - ok
15:00:15.0379 3336 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
15:00:15.0379 3336 asmthub3 - ok
15:00:15.0426 3336 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:00:15.0457 3336 asmtxhci - ok
15:00:15.0473 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:15.0535 3336 AsyncMac - ok
15:00:15.0567 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:00:15.0582 3336 atapi - ok
15:00:15.0629 3336 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
15:00:15.0645 3336 AtiHDAudioService - ok
15:00:15.0676 3336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:00:15.0754 3336 AudioEndpointBuilder - ok
15:00:15.0769 3336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:00:15.0801 3336 AudioSrv - ok
15:00:16.0003 3336 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:00:16.0019 3336 AVP - ok
15:00:16.0066 3336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:00:16.0113 3336 AxInstSV - ok
15:00:16.0159 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:00:16.0191 3336 b06bdrv - ok
15:00:16.0222 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:16.0284 3336 b57nd60a - ok
15:00:16.0300 3336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:00:16.0347 3336 BDESVC - ok
15:00:16.0362 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:00:16.0440 3336 Beep - ok
15:00:16.0487 3336 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:00:16.0549 3336 BFE - ok
15:00:16.0690 3336 BHDrvx64 (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
15:00:16.0721 3336 BHDrvx64 - ok
15:00:16.0752 3336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:00:16.0830 3336 BITS - ok
15:00:16.0861 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:16.0908 3336 blbdrive - ok
15:00:16.0955 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:00:17.0002 3336 bowser - ok
15:00:17.0033 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:00:17.0064 3336 BrFiltLo - ok
15:00:17.0080 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:00:17.0111 3336 BrFiltUp - ok
15:00:17.0158 3336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:00:17.0220 3336 Browser - ok
15:00:17.0251 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:00:17.0283 3336 Brserid - ok
15:00:17.0298 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:17.0329 3336 BrSerWdm - ok
15:00:17.0345 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:17.0361 3336 BrUsbMdm - ok
15:00:17.0392 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:17.0392 3336 BrUsbSer - ok
15:00:17.0407 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:00:17.0423 3336 BTHMODEM - ok
15:00:17.0454 3336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:00:17.0485 3336 bthserv - ok
15:00:17.0501 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:00:17.0548 3336 cdfs - ok
15:00:17.0579 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:00:17.0595 3336 cdrom - ok
15:00:17.0626 3336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:17.0673 3336 CertPropSvc - ok
15:00:17.0704 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:00:17.0719 3336 circlass - ok
15:00:17.0735 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:00:17.0751 3336 CLFS - ok
15:00:17.0829 3336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:17.0844 3336 clr_optimization_v2.0.50727_32 - ok
15:00:17.0891 3336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:17.0907 3336 clr_optimization_v2.0.50727_64 - ok
15:00:17.0953 3336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:17.0985 3336 clr_optimization_v4.0.30319_32 - ok
15:00:17.0985 3336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:18.0000 3336 clr_optimization_v4.0.30319_64 - ok
15:00:18.0031 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:00:18.0047 3336 CmBatt - ok
15:00:18.0078 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:00:18.0078 3336 cmdide - ok
15:00:18.0109 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:00:18.0156 3336 CNG - ok
15:00:18.0172 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:00:18.0172 3336 Compbatt - ok
15:00:18.0203 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:00:18.0250 3336 CompositeBus - ok
15:00:18.0265 3336 COMSysApp - ok
15:00:18.0281 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:00:18.0297 3336 crcdisk - ok
15:00:18.0328 3336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:00:18.0421 3336 CryptSvc - ok
15:00:18.0453 3336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:18.0531 3336 DcomLaunch - ok
15:00:18.0577 3336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:00:18.0624 3336 defragsvc - ok
15:00:18.0640 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:00:18.0702 3336 DfsC - ok
15:00:18.0733 3336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:00:18.0780 3336 Dhcp - ok
15:00:18.0796 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:00:18.0843 3336 discache - ok
15:00:18.0889 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:00:18.0889 3336 Disk - ok
15:00:18.0921 3336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:00:18.0967 3336 Dnscache - ok
15:00:18.0999 3336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:00:19.0061 3336 dot3svc - ok
15:00:19.0092 3336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:00:19.0155 3336 DPS - ok
15:00:19.0201 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:00:19.0233 3336 drmkaud - ok
15:00:19.0279 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:00:19.0311 3336 DXGKrnl - ok
15:00:19.0326 3336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:00:19.0389 3336 EapHost - ok
15:00:19.0467 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:00:19.0545 3336 ebdrv - ok
15:00:19.0576 3336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:00:19.0623 3336 EFS - ok
15:00:19.0669 3336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:00:19.0732 3336 ehRecvr - ok
15:00:19.0763 3336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:00:19.0810 3336 ehSched - ok
15:00:19.0872 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:00:19.0903 3336 elxstor - ok
15:00:19.0919 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:00:19.0950 3336 ErrDev - ok
15:00:19.0981 3336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:00:20.0028 3336 EventSystem - ok
15:00:20.0059 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:00:20.0091 3336 exfat - ok
15:00:20.0106 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:00:20.0153 3336 fastfat - ok
15:00:20.0184 3336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:00:20.0215 3336 Fax - ok
15:00:20.0231 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:00:20.0262 3336 fdc - ok
15:00:20.0293 3336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:00:20.0356 3336 fdPHost - ok
15:00:20.0371 3336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:00:20.0418 3336 FDResPub - ok
15:00:20.0434 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:00:20.0449 3336 FileInfo - ok
15:00:20.0449 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:00:20.0512 3336 Filetrace - ok
15:00:20.0527 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:00:20.0543 3336 flpydisk - ok
15:00:20.0559 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:00:20.0574 3336 FltMgr - ok
15:00:20.0605 3336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:00:20.0652 3336 FontCache - ok
15:00:20.0746 3336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:20.0761 3336 FontCache3.0.0.0 - ok
15:00:20.0777 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:00:20.0777 3336 FsDepends - ok
15:00:20.0793 3336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:00:20.0808 3336 Fs_Rec - ok
15:00:20.0824 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:00:20.0839 3336 fvevol - ok
15:00:20.0855 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:00:20.0871 3336 gagp30kx - ok
15:00:20.0902 3336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:00:20.0964 3336 gpsvc - ok
15:00:21.0042 3336 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:21.0058 3336 gupdate - ok
15:00:21.0073 3336 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:21.0089 3336 gupdatem - ok
15:00:21.0105 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:00:21.0151 3336 hcw85cir - ok
15:00:21.0198 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:00:21.0245 3336 HdAudAddService - ok
15:00:21.0276 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:21.0323 3336 HDAudBus - ok
15:00:21.0339 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:00:21.0385 3336 HidBatt - ok
15:00:21.0401 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:00:21.0448 3336 HidBth - ok
15:00:21.0463 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:00:21.0479 3336 HidIr - ok
15:00:21.0510 3336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:00:21.0557 3336 hidserv - ok
15:00:21.0604 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:00:21.0619 3336 HidUsb - ok
15:00:21.0651 3336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:00:21.0729 3336 hkmsvc - ok
15:00:21.0744 3336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:00:21.0760 3336 HomeGroupListener - ok
15:00:21.0775 3336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:00:21.0807 3336 HomeGroupProvider - ok
15:00:21.0838 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:00:21.0838 3336 HpSAMD - ok
15:00:21.0869 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:00:21.0900 3336 HTTP - ok
15:00:21.0916 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:00:21.0916 3336 hwpolicy - ok
15:00:21.0931 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:21.0947 3336 i8042prt - ok
15:00:21.0978 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:00:22.0009 3336 iaStorV - ok
15:00:22.0087 3336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:22.0119 3336 idsvc - ok
15:00:22.0228 3336 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
15:00:22.0259 3336 IDSVia64 - ok
15:00:22.0306 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:00:22.0321 3336 iirsp - ok
15:00:22.0353 3336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:00:22.0415 3336 IKEEXT - ok
15:00:22.0509 3336 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
15:00:22.0555 3336 IntcAzAudAddService - ok
15:00:22.0571 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:00:22.0571 3336 intelide - ok
15:00:22.0602 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:00:22.0649 3336 intelppm - ok
15:00:22.0665 3336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:00:22.0743 3336 IPBusEnum - ok
15:00:22.0774 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:22.0805 3336 IpFilterDriver - ok
15:00:22.0821 3336 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:00:22.0899 3336 iphlpsvc - ok
15:00:22.0930 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:00:22.0945 3336 IPMIDRV - ok
15:00:22.0945 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:00:22.0992 3336 IPNAT - ok
15:00:23.0023 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:00:23.0070 3336 IRENUM - ok
15:00:23.0101 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:00:23.0117 3336 isapnp - ok
15:00:23.0133 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:00:23.0148 3336 iScsiPrt - ok
15:00:23.0195 3336 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys
15:00:23.0211 3336 JRAID - ok
15:00:23.0257 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:23.0273 3336 kbdclass - ok
15:00:23.0289 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:23.0320 3336 kbdhid - ok
15:00:23.0351 3336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:23.0367 3336 KeyIso - ok
15:00:23.0429 3336 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
15:00:23.0445 3336 KL1 - ok
15:00:23.0460 3336 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
15:00:23.0476 3336 kl2 - ok
15:00:23.0538 3336 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
15:00:23.0554 3336 KLIF - ok
15:00:23.0585 3336 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
15:00:23.0585 3336 KLIM6 - ok
15:00:23.0601 3336 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:00:23.0601 3336 klmouflt - ok
15:00:23.0632 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:00:23.0632 3336 KSecDD - ok
15:00:23.0647 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:00:23.0663 3336 KSecPkg - ok
15:00:23.0679 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:00:23.0741 3336 ksthunk - ok
15:00:23.0772 3336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:00:23.0850 3336 KtmRm - ok
15:00:23.0881 3336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:00:23.0928 3336 LanmanServer - ok
15:00:23.0959 3336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:00:24.0037 3336 LanmanWorkstation - ok
15:00:24.0069 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:00:24.0131 3336 lltdio - ok
15:00:24.0178 3336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:00:24.0240 3336 lltdsvc - ok
15:00:24.0271 3336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:00:24.0318 3336 lmhosts - ok
15:00:24.0349 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:00:24.0349 3336 LSI_FC - ok
15:00:24.0365 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:00:24.0381 3336 LSI_SAS - ok
15:00:24.0381 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:00:24.0396 3336 LSI_SAS2 - ok
15:00:24.0396 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:00:24.0412 3336 LSI_SCSI - ok
15:00:24.0443 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:00:24.0505 3336 luafv - ok
15:00:24.0537 3336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:00:24.0583 3336 Mcx2Svc - ok
15:00:24.0615 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:00:24.0615 3336 megasas - ok
15:00:24.0630 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:00:24.0646 3336 MegaSR - ok
15:00:24.0661 3336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:24.0724 3336 MMCSS - ok
15:00:24.0739 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:00:24.0786 3336 Modem - ok
15:00:24.0802 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:00:24.0833 3336 monitor - ok
15:00:24.0880 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:00:24.0895 3336 mouclass - ok
15:00:24.0927 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:00:24.0958 3336 mouhid - ok
15:00:24.0989 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:00:25.0005 3336 mountmgr - ok
15:00:25.0020 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:00:25.0036 3336 mpio - ok
15:00:25.0051 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:00:25.0083 3336 mpsdrv - ok
15:00:25.0114 3336 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:00:25.0145 3336 MpsSvc - ok
15:00:25.0161 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:00:25.0192 3336 MRxDAV - ok
15:00:25.0223 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:25.0270 3336 mrxsmb - ok
15:00:25.0301 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:25.0332 3336 mrxsmb10 - ok
15:00:25.0348 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:25.0363 3336 mrxsmb20 - ok
15:00:25.0379 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:00:25.0379 3336 msahci - ok
15:00:25.0426 3336 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:00:25.0457 3336 MSCamSvc - ok
15:00:25.0457 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:00:25.0473 3336 msdsm - ok
15:00:25.0504 3336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:00:25.0535 3336 MSDTC - ok
15:00:25.0551 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:00:25.0597 3336 Msfs - ok
15:00:25.0613 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:00:25.0675 3336 mshidkmdf - ok
15:00:25.0691 3336 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
15:00:25.0691 3336 MSHUSBVideo - ok
15:00:25.0707 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:00:25.0707 3336 msisadrv - ok
15:00:25.0753 3336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:00:25.0785 3336 MSiSCSI - ok
15:00:25.0785 3336 msiserver - ok
15:00:25.0816 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:00:25.0878 3336 MSKSSRV - ok
15:00:25.0909 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:25.0972 3336 MSPCLOCK - ok
15:00:25.0987 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:00:26.0050 3336 MSPQM - ok
15:00:26.0081 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:00:26.0097 3336 MsRPC - ok
15:00:26.0112 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:26.0112 3336 mssmbios - ok
15:00:26.0128 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:00:26.0159 3336 MSTEE - ok
15:00:26.0175 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:00:26.0190 3336 MTConfig - ok
15:00:26.0206 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:00:26.0206 3336 Mup - ok
15:00:26.0237 3336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:00:26.0331 3336 napagent - ok
15:00:26.0362 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:00:26.0393 3336 NativeWifiP - ok
15:00:26.0502 3336 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
15:00:26.0518 3336 NAVENG - ok
15:00:26.0565 3336 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
15:00:26.0627 3336 NAVEX15 - ok
15:00:26.0658 3336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:00:26.0674 3336 NDIS - ok
15:00:26.0705 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:26.0721 3336 NdisCap - ok
15:00:26.0752 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:26.0799 3336 NdisTapi - ok
15:00:26.0830 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:26.0861 3336 Ndisuio - ok
15:00:26.0877 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:26.0908 3336 NdisWan - ok
15:00:26.0955 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:00:26.0970 3336 NDProxy - ok
15:00:26.0986 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:00:27.0033 3336 NetBIOS - ok
15:00:27.0033 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:00:27.0064 3336 NetBT - ok
15:00:27.0111 3336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:27.0111 3336 Netlogon - ok
15:00:27.0142 3336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:00:27.0220 3336 Netman - ok
15:00:27.0251 3336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:00:27.0329 3336 netprofm - ok
15:00:27.0423 3336 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:27.0438 3336 NetTcpPortSharing - ok
15:00:27.0454 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:00:27.0469 3336 nfrd960 - ok
15:00:27.0485 3336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:00:27.0547 3336 NlaSvc - ok
15:00:27.0563 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:00:27.0594 3336 Npfs - ok
15:00:27.0610 3336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:00:27.0657 3336 nsi - ok
15:00:27.0672 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:00:27.0719 3336 nsiproxy - ok
15:00:27.0781 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:00:27.0844 3336 Ntfs - ok
15:00:27.0859 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:00:27.0906 3336 Null - ok
15:00:27.0953 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:00:27.0953 3336 nvraid - ok
15:00:27.0984 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:00:27.0984 3336 nvstor - ok
15:00:28.0015 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:00:28.0031 3336 nv_agp - ok
15:00:28.0047 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:00:28.0062 3336 ohci1394 - ok
15:00:28.0109 3336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:28.0156 3336 p2pimsvc - ok
15:00:28.0203 3336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:00:28.0234 3336 p2psvc - ok
15:00:28.0249 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:00:28.0281 3336 Parport - ok
15:00:28.0296 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:00:28.0312 3336 partmgr - ok
15:00:28.0343 3336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:00:28.0405 3336 PcaSvc - ok
15:00:28.0437 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:00:28.0452 3336 pci - ok
15:00:28.0468 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:00:28.0468 3336 pciide - ok
15:00:28.0499 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:00:28.0499 3336 pcmcia - ok
15:00:28.0515 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:00:28.0530 3336 pcw - ok
15:00:28.0546 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:00:28.0593 3336 PEAUTH - ok
15:00:28.0686 3336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:00:28.0702 3336 PerfHost - ok
15:00:28.0749 3336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:00:28.0827 3336 pla - ok
15:00:28.0858 3336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:00:28.0905 3336 PlugPlay - ok
15:00:28.0920 3336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:00:28.0967 3336 PNRPAutoReg - ok
15:00:28.0998 3336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:29.0029 3336 PNRPsvc - ok
15:00:29.0061 3336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:00:29.0123 3336 PolicyAgent - ok
15:00:29.0154 3336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:00:29.0217 3336 Power - ok
15:00:29.0279 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:00:29.0357 3336 PptpMiniport - ok
15:00:29.0388 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:00:29.0419 3336 Processor - ok
15:00:29.0451 3336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:00:29.0529 3336 ProfSvc - ok
15:00:29.0560 3336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:29.0575 3336 ProtectedStorage - ok
15:00:29.0607 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:00:29.0685 3336 Psched - ok
15:00:29.0731 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:00:29.0794 3336 ql2300 - ok
15:00:29.0809 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:00:29.0809 3336 ql40xx - ok
15:00:29.0825 3336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:00:29.0841 3336 QWAVE - ok
15:00:29.0856 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:00:29.0872 3336 QWAVEdrv - ok
15:00:29.0887 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:00:29.0919 3336 RasAcd - ok
15:00:29.0950 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:29.0997 3336 RasAgileVpn - ok
15:00:30.0043 3336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:00:30.0106 3336 RasAuto - ok
15:00:30.0106 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:30.0168 3336 Rasl2tp - ok
15:00:30.0199 3336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:00:30.0231 3336 RasMan - ok
15:00:30.0246 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:30.0293 3336 RasPppoe - ok
15:00:30.0355 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:00:30.0418 3336 RasSstp - ok
15:00:30.0433 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:00:30.0480 3336 rdbss - ok
15:00:30.0511 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:00:30.0527 3336 rdpbus - ok
15:00:30.0558 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:30.0574 3336 RDPCDD - ok
15:00:30.0605 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:00:30.0667 3336 RDPENCDD - ok
15:00:30.0683 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:00:30.0714 3336 RDPREFMP - ok
15:00:30.0745 3336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:00:30.0761 3336 RDPWD - ok
15:00:30.0777 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:00:30.0792 3336 rdyboost - ok
15:00:30.0808 3336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:00:30.0870 3336 RemoteAccess - ok
15:00:30.0901 3336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:00:30.0948 3336 RemoteRegistry - ok
15:00:30.0964 3336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:00:31.0026 3336 RpcEptMapper - ok
15:00:31.0073 3336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:00:31.0104 3336 RpcLocator - ok
15:00:31.0135 3336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:31.0167 3336 RpcSs - ok
15:00:31.0182 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:00:31.0213 3336 rspndr - ok
15:00:31.0229 3336 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:00:31.0245 3336 RTL8167 - ok
15:00:31.0276 3336 SaiK0CEA (bd0eddcc9d5860dddbd04b4011fd8f48) C:\Windows\system32\DRIVERS\SaiK0CEA.sys
15:00:31.0338 3336 SaiK0CEA - ok
15:00:31.0354 3336 SaiMini (cdb5a5deac21be0a5ed0c433fbcd1aec) C:\Windows\system32\DRIVERS\SaiMini.sys
15:00:31.0369 3336 SaiMini - ok
15:00:31.0401 3336 SaiNtBus (46b4e7bc48194e578f744c43f06ec460) C:\Windows\system32\drivers\SaiBus.sys
15:00:31.0447 3336 SaiNtBus - ok
15:00:31.0494 3336 SaiU0CEA (1b083d5e6ebc06ead3e2c695493e9c2d) C:\Windows\system32\DRIVERS\SaiU0CEA.sys
15:00:31.0557 3336 SaiU0CEA - ok
15:00:31.0572 3336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:31.0588 3336 SamSs - ok
15:00:31.0603 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:00:31.0603 3336 sbp2port - ok
15:00:31.0635 3336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:00:31.0666 3336 SCardSvr - ok
15:00:31.0681 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:00:31.0728 3336 scfilter - ok
15:00:31.0759 3336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:00:31.0822 3336 Schedule - ok
15:00:31.0853 3336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:31.0884 3336 SCPolicySvc - ok
15:00:31.0900 3336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:00:31.0915 3336 SDRSVC - ok
15:00:31.0962 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:00:32.0040 3336 secdrv - ok
15:00:32.0056 3336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:00:32.0087 3336 seclogon - ok
15:00:32.0118 3336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:00:32.0165 3336 SENS - ok
15:00:32.0165 3336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:00:32.0181 3336 SensrSvc - ok
15:00:32.0227 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:00:32.0259 3336 Serenum - ok
15:00:32.0290 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:00:32.0321 3336 Serial - ok
15:00:32.0368 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:00:32.0415 3336 sermouse - ok
15:00:32.0446 3336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:00:32.0508 3336 SessionEnv - ok
15:00:32.0524 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:00:32.0539 3336 sffdisk - ok
15:00:32.0555 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:00:32.0586 3336 sffp_mmc - ok
15:00:32.0602 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:00:32.0633 3336 sffp_sd - ok
15:00:32.0680 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:00:32.0711 3336 sfloppy - ok
15:00:32.0742 3336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:00:32.0789 3336 SharedAccess - ok
15:00:32.0820 3336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:00:32.0851 3336 ShellHWDetection - ok
15:00:32.0867 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:00:32.0883 3336 SiSRaid2 - ok
15:00:32.0898 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:00:32.0898 3336 SiSRaid4 - ok
15:00:32.0961 3336 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:32.0976 3336 SkypeUpdate - ok
15:00:33.0007 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:00:33.0054 3336 Smb - ok
15:00:33.0101 3336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:00:33.0101 3336 SNMPTRAP - ok
15:00:33.0117 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:00:33.0132 3336 spldr - ok
15:00:33.0148 3336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:00:33.0179 3336 Spooler - ok
15:00:33.0257 3336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:00:33.0319 3336 sppsvc - ok
15:00:33.0335 3336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:00:33.0366 3336 sppuinotify - ok
15:00:33.0413 3336 SRTSP (0793ee947caa85e41f4606e8caca5fb3) C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS
15:00:33.0460 3336 SRTSP - ok
15:00:33.0460 3336 SRTSPX (d22ec4fbf847d23994186b301063d4cd) C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS
15:00:33.0475 3336 SRTSPX - ok
15:00:33.0507 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:00:33.0569 3336 srv - ok
15:00:33.0600 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:00:33.0647 3336 srv2 - ok
15:00:33.0678 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:00:33.0709 3336 srvnet - ok
15:00:33.0725 3336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:00:33.0756 3336 SSDPSRV - ok
15:00:33.0772 3336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:00:33.0803 3336 SstpSvc - ok
15:00:33.0819 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:00:33.0834 3336 stexstor - ok
15:00:33.0865 3336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:00:33.0912 3336 stisvc - ok
15:00:33.0928 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:00:33.0943 3336 swenum - ok
15:00:33.0975 3336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:00:34.0053 3336 swprv - ok
15:00:34.0115 3336 SymDS (c11f054e0bf9d233a59805d4ba17f882) C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
15:00:34.0146 3336 SymDS - ok
15:00:34.0177 3336 SymEFA (82d0f3950fa03116c99016e35f42c4c1) C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
15:00:34.0193 3336 SymEFA - ok
15:00:34.0209 3336 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:00:34.0224 3336 SymEvent - ok
15:00:34.0240 3336 SymIRON (53a3805411d3cec1402a315e7aab5dc8) C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS
15:00:34.0255 3336 SymIRON - ok
15:00:34.0271 3336 SymNetS (60cc03da318435300ab2e59ad2afe2d9) C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
15:00:34.0271 3336 SymNetS - ok
15:00:34.0318 3336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:00:34.0443 3336 SysMain - ok
15:00:34.0458 3336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:00:34.0489 3336 TabletInputService - ok
15:00:34.0521 3336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:00:34.0567 3336 TapiSrv - ok
15:00:34.0599 3336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:00:34.0630 3336 TBS - ok
15:00:34.0708 3336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:00:34.0755 3336 Tcpip - ok
15:00:34.0786 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:00:34.0817 3336 TCPIP6 - ok
15:00:34.0848 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:00:34.0911 3336 tcpipreg - ok
15:00:34.0926 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:00:34.0942 3336 TDPIPE - ok
15:00:34.0973 3336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:00:35.0004 3336 TDTCP - ok
15:00:35.0035 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:00:35.0082 3336 tdx - ok
15:00:35.0098 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:00:35.0113 3336 TermDD - ok
15:00:35.0129 3336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:00:35.0191 3336 TermService - ok
15:00:35.0223 3336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:00:35.0238 3336 Themes - ok
15:00:35.0254 3336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:35.0285 3336 THREADORDER - ok
15:00:35.0285 3336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:00:35.0332 3336 TrkWks - ok
15:00:35.0379 3336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:00:35.0441 3336 TrustedInstaller - ok
15:00:35.0472 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:35.0519 3336 tssecsrv - ok
15:00:35.0550 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:00:35.0566 3336 TsUsbFlt - ok
15:00:35.0581 3336 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:00:35.0613 3336 TsUsbGD - ok
15:00:35.0659 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:00:35.0737 3336 tunnel - ok
15:00:35.0753 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:00:35.0769 3336 uagp35 - ok
15:00:35.0784 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:00:35.0831 3336 udfs - ok
15:00:35.0847 3336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:00:35.0878 3336 UI0Detect - ok
15:00:35.0909 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:00:35.0925 3336 uliagpkx - ok
15:00:35.0971 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:00:36.0003 3336 umbus - ok
15:00:36.0018 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:00:36.0049 3336 UmPass - ok
15:00:36.0096 3336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:00:36.0174 3336 upnphost - ok
15:00:36.0205 3336 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:00:36.0252 3336 usbaudio - ok
15:00:36.0283 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:36.0299 3336 usbccgp - ok
15:00:36.0315 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:00:36.0330 3336 usbcir - ok
15:00:36.0361 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:00:36.0393 3336 usbehci - ok
15:00:36.0424 3336 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
15:00:36.0439 3336 usbfilter - ok
15:00:36.0486 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:00:36.0533 3336 usbhub - ok
15:00:36.0564 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:00:36.0595 3336 usbohci - ok
15:00:36.0642 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:00:36.0673 3336 usbprint - ok
15:00:36.0689 3336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:00:36.0705 3336 usbscan - ok
15:00:36.0720 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:36.0767 3336 USBSTOR - ok
15:00:36.0783 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:00:36.0829 3336 usbuhci - ok
15:00:36.0876 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:00:36.0923 3336 usbvideo - ok
15:00:36.0954 3336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:00:37.0017 3336 UxSms - ok
15:00:37.0048 3336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:37.0063 3336 VaultSvc - ok
15:00:37.0110 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:00:37.0126 3336 vdrvroot - ok
15:00:37.0157 3336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:00:37.0219 3336 vds - ok
15:00:37.0251 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:37.0282 3336 vga - ok
15:00:37.0297 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:00:37.0344 3336 VgaSave - ok
15:00:37.0375 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:00:37.0375 3336 vhdmp - ok
15:00:37.0391 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:00:37.0407 3336 viaide - ok
15:00:37.0422 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:00:37.0422 3336 volmgr - ok
15:00:37.0453 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:00:37.0469 3336 volmgrx - ok
15:00:37.0500 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:00:37.0531 3336 volsnap - ok
15:00:37.0547 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:00:37.0547 3336 vsmraid - ok
15:00:37.0578 3336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:00:37.0656 3336 VSS - ok
15:00:37.0687 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:00:37.0719 3336 vwifibus - ok
15:00:37.0734 3336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:00:37.0765 3336 W32Time - ok
15:00:37.0797 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:00:37.0828 3336 WacomPen - ok
15:00:37.0859 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:37.0921 3336 WANARP - ok
15:00:37.0953 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:37.0968 3336 Wanarpv6 - ok
15:00:37.0999 3336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:00:38.0046 3336 wbengine - ok
15:00:38.0062 3336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:00:38.0077 3336 WbioSrvc - ok
15:00:38.0077 3336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:00:38.0109 3336 wcncsvc - ok
15:00:38.0140 3336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:00:38.0171 3336 WcsPlugInService - ok
15:00:38.0187 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:00:38.0187 3336 Wd - ok
15:00:38.0218 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:00:38.0233 3336 Wdf01000 - ok
15:00:38.0249 3336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:38.0343 3336 WdiServiceHost - ok
15:00:38.0343 3336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:38.0358 3336 WdiSystemHost - ok
15:00:38.0389 3336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:00:38.0421 3336 WebClient - ok
15:00:38.0452 3336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:00:38.0499 3336 Wecsvc - ok
15:00:38.0530 3336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:00:38.0561 3336 wercplsupport - ok
15:00:38.0577 3336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:00:38.0608 3336 WerSvc - ok
15:00:38.0639 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:38.0670 3336 WfpLwf - ok
15:00:38.0686 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:00:38.0686 3336 WIMMount - ok
15:00:38.0717 3336 WinDefend - ok
15:00:38.0717 3336 WinHttpAutoProxySvc - ok
15:00:38.0764 3336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:00:38.0811 3336 Winmgmt - ok
15:00:38.0873 3336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:00:38.0951 3336 WinRM - ok
15:00:38.0998 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:39.0045 3336 WinUsb - ok
15:00:39.0091 3336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:00:39.0154 3336 Wlansvc - ok
15:00:39.0169 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:39.0185 3336 WmiAcpi - ok
15:00:39.0201 3336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:00:39.0232 3336 wmiApSrv - ok
15:00:39.0263 3336 WMPNetworkSvc - ok
15:00:39.0263 3336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:00:39.0294 3336 WPCSvc - ok
15:00:39.0310 3336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:00:39.0341 3336 WPDBusEnum - ok
15:00:39.0357 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:00:39.0388 3336 ws2ifsl - ok
15:00:39.0403 3336 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:00:39.0435 3336 wscsvc - ok
15:00:39.0435 3336 WSearch - ok
15:00:39.0513 3336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:00:39.0622 3336 wuauserv - ok
15:00:39.0637 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:00:39.0700 3336 WudfPf - ok
15:00:39.0731 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:39.0778 3336 WUDFRd - ok
15:00:39.0793 3336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:00:39.0825 3336 wudfsvc - ok
15:00:39.0840 3336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:00:39.0871 3336 WwanSvc - ok
15:00:39.0903 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:00:40.0043 3336 \Device\Harddisk0\DR0 - ok
15:00:40.0043 3336 Boot (0x1200) (d98fdb6601e7cb4af9e01258d9aadd60) \Device\Harddisk0\DR0\Partition0
15:00:40.0059 3336 \Device\Harddisk0\DR0\Partition0 - ok
15:00:40.0059 3336 ============================================================
15:00:40.0059 3336 Scan finished
15:00:40.0059 3336 ============================================================
15:00:40.0059 4076 Detected object count: 0
15:00:40.0059 4076 Actual detected object count: 0
|
|
27.03.2012, 14:10
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 14:34
| #21 |
| | WOW Account wurde gehackt! Combofix Logfile: Code:
ATTFilter ComboFix 12-03-27.02 - Micha 27.03.2012 15:19:59.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8137.6537 [GMT 2:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Micha\AppData\Local\._Revolution_
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:24 . 2012-03-27 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 11:45 . 2012-03-27 11:45 -------- d-----w- C:\_OTL
2012-03-27 08:36 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CAC751-B76E-49BD-83CC-12BA795C221D}\mpengine.dll
2012-03-26 19:59 . 2012-03-26 19:59 -------- d-----w- c:\program files (x86)\ESET
2012-03-26 12:24 . 2012-03-26 12:24 -------- d-----w- c:\users\Micha\AppData\Roaming\Malwarebytes
2012-03-26 12:24 . 2012-03-26 12:24 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 12:24 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 12:24 . 2012-03-26 13:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 16:47 . 2012-03-26 13:54 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-23 17:26 . 2012-03-27 13:25 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-23 17:26 . 2012-03-23 17:26 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-03-20 15:37 . 2012-03-20 15:37 -------- d-----w- C:\Games
2012-03-17 14:27 . 2012-03-17 14:27 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-16 14:48 . 2012-03-16 20:17 -------- d-----w- c:\users\Micha\AppData\Roaming\gtk-2.0
2012-03-14 18:43 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:43 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:43 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 15:47 . 2012-03-14 16:47 -------- d-----w- c:\users\Micha\AppData\Roaming\dvdcss
2012-03-14 14:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:20 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 13:54 . 2012-03-13 13:54 -------- d-----w- c:\programdata\ATI
2012-03-13 13:49 . 2012-03-13 13:49 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-13 13:49 . 2012-03-13 13:49 -------- d-----w- c:\program files\AMD
2012-03-13 13:49 . 2012-03-13 13:49 -------- d-----w- c:\program files (x86)\AMD
2012-03-13 13:49 . 2012-03-13 13:49 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-09 18:24 . 2012-03-09 18:24 -------- d-----w- c:\users\Micha\.thumbnails
2012-03-09 18:18 . 2012-03-25 20:42 -------- d-----w- c:\users\Micha\.gimp-2.6
2012-03-09 18:17 . 2012-03-09 18:17 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-03-09 18:01 . 2012-03-09 18:01 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-09 18:01 . 2012-03-09 18:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-09 18:01 . 2012-03-09 18:01 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-29 17:31 . 2012-02-29 17:31 -------- d-----w- C:\Cache
2012-02-29 12:34 . 2012-02-29 17:32 -------- d-----w- C:\Logs
2012-02-29 10:15 . 2012-02-29 17:38 -------- d-----w- C:\Data
2012-02-29 10:15 . 2012-03-02 09:50 -------- d-----w- C:\WTF
2012-02-27 15:31 . 2012-02-29 17:29 83024 ----a-w- C:\MovieProxy.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 07:50 . 2012-02-01 20:42 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-27 07:50 . 2012-02-01 20:42 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 10:08 . 2012-02-11 13:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 14:08 . 2012-02-16 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-12-06 03:17 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-10-26 02:04 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-12-06 03:06 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-10-26 01:46 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2012-01-31 19:46 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-10-26 01:21 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-12-06 02:11 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 22:20 . 2012-01-31 22:20 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-31 22:20 . 2012-01-31 22:20 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-31 22:20 . 2012-01-31 22:20 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-31 22:20 . 2012-01-31 22:20 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-31 22:20 . 2012-01-31 22:20 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-31 22:20 . 2012-01-31 22:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-31 22:20 . 2012-01-31 22:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-31 22:20 . 2012-01-31 22:20 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-31 22:20 . 2012-01-31 22:20 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-31 22:20 . 2012-01-31 22:20 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-31 22:20 . 2012-01-31 22:20 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-31 22:20 . 2012-01-31 22:20 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-31 22:20 . 2012-01-31 22:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-31 22:20 . 2012-01-31 22:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-31 22:20 . 2012-01-31 22:20 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-31 22:20 . 2012-01-31 22:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-31 22:20 . 2012-01-31 22:20 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-31 22:20 . 2012-01-31 22:20 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-31 22:20 . 2012-01-31 22:20 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-31 22:20 . 2012-01-31 22:20 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-31 22:20 . 2012-01-31 22:20 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-31 22:20 . 2012-01-31 22:20 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-31 22:20 . 2012-01-31 22:20 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-31 22:20 . 2012-01-31 22:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-31 22:20 . 2012-01-31 22:20 448512 ----a-w- c:\windows\system32\html.iec
2012-01-31 22:20 . 2012-01-31 22:20 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-31 22:20 . 2012-01-31 22:20 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-31 22:20 . 2012-01-31 22:20 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-31 22:20 . 2012-01-31 22:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-31 22:20 . 2012-01-31 22:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-31 22:20 . 2012-01-31 22:20 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-31 22:20 . 2012-01-31 22:20 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-31 22:20 . 2012-01-31 22:20 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-31 22:20 . 2012-01-31 22:20 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-31 19:35 . 2012-01-31 19:35 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-15 14:07 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 14:07 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 14:07 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 14:07 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys [x]
S3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 19:25]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 19:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-12-07 352256]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-12-07 194560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\b2sfawmt.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-27 15:29:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-27 13:29
.
Vor Suchlauf: 19 Verzeichnis(se), 424.036.659.200 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 423.866.777.600 Bytes frei
.
- - End Of File - - 9056A39C6562277C21FE38C7BC3B2283
|
|
27.03.2012, 15:34
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 15:53
| #23 |
| | WOW Account wurde gehackt! Hier wurde was gefunden: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 16:44:11
-----------------------------
16:44:11.380 OS Version: Windows x64 6.1.7601 Service Pack 1
16:44:11.380 Number of processors: 6 586 0x102
16:44:11.396 ComputerName: MICHA-PC UserName: Micha
16:44:13.580 Initialize success
16:45:34.441 AVAST engine defs: 12032701
16:45:41.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
16:45:41.570 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
16:45:41.585 Disk 0 MBR read successfully
16:45:41.585 Disk 0 MBR scan
16:45:41.601 Disk 0 Windows 7 default MBR code
16:45:41.601 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
16:45:41.617 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 597166 MB offset 27265024
16:45:41.632 Disk 0 scanning C:\Windows\system32\drivers
16:45:48.652 Service scanning
16:46:02.333 Modules scanning
16:46:02.333 Disk 0 trace - called modules:
16:46:02.349 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:46:02.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e01790]
16:46:02.365 3 CLASSPNP.SYS[fffff880023be43f] -> nt!IofCallDriver -> [0xfffffa8006e2f540]
16:46:02.365 5 amd_xata.sys[fffff8800110d8f7] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8006e2d7a0]
16:46:04.205 AVAST engine scan C:\Windows
16:46:07.013 AVAST engine scan C:\Windows\system32
16:47:46.682 AVAST engine scan C:\Windows\system32\drivers
16:47:55.168 AVAST engine scan C:\Users\Micha
16:48:32.858 File: C:\Users\Micha\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
16:48:32.952 File: C:\Users\Micha\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
16:49:34.073 AVAST engine scan C:\ProgramData
16:50:33.665 Scan finished successfully
16:51:09.623 Disk 0 MBR has been saved successfully to "C:\Users\Micha\Desktop\MBR.dat"
16:51:09.623 The log file has been saved successfully to "C:\Users\Micha\Desktop\aswMBR.txt"
|
|
27.03.2012, 18:57
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 10:47
| #25 |
| | WOW Account wurde gehackt! Obwohl da steht "infected"? Naja, du bist der Profi:-)! Mache wenn ich Feierabend habe die Scans, letztes mal hat sich Malwarebytes beim Vollscan immer aufgehangen, hoffentlich läuft er diesmal durch. lg |
|
28.03.2012, 11:49
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt!Zitat:
NUr weil in INFECTED da vorkommt muss man nicht gleich Panik fallen, das ist ein Fehlalarm weil Avast da anscheinend seine eigene Virussignaturen anmeckert 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 14:21
| #27 |
| | WOW Account wurde gehackt! Hey! Malewwarebytes hat sich mal wieder bei ca 40min. aufgehangen... warum passiert das immer? (keine Rückmeldung). Gibt es irgendeine möglichkeit den Scan zu beenden? irgendwie kann ich nur durch den Powerknopf resetten. Ich mache erstmal den SUPERAntiSpyware Scan. |
|
28.03.2012, 14:29
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! Ist das auch im abgesicherten Modus so, immer noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 14:46
| #29 |
| | WOW Account wurde gehackt! Im Abgesicherten Modus hatte ich Malwarebytes noch nicht laufen, mache ich dann sobald SUPERAntiSpyware fertig ist. War das F2 um in den Abgesicherten Modus zu kommen? |
|
28.03.2012, 15:07
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WOW Account wurde gehackt! nein so geht das Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu WOW Account wurde gehackt! |
| anti, anti vir, aufsetzen, checken, folge, frage, fragen, free, freund, gehackt, gekauft, internet, kaspersky, keylogger, neu, neu aufsetzen, nichts, problem, rechner, security, spiele, trojaner, version, windows, wow account |
Linear-Darstellung
