| |
| |||||||
Log-Analyse und Auswertung: GMX wurde gehackt, Angst vor TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.05.2012, 11:16
| #16 |
 |  GMX wurde gehackt, Angst vor Trojaner Hallo Arne, habe eben den Upload durchgeführt. Grüße Bebbo |
|
21.05.2012, 11:24
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMX wurde gehackt, Angst vor Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
21.05.2012, 11:50
| #18 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne,
__________________hier das TDSS Logfile: Code:
ATTFilter 12:44:25.0150 3128 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:44:25.0169 3128 ============================================================
12:44:25.0169 3128 Current date / time: 2012/05/21 12:44:25.0169
12:44:25.0169 3128 SystemInfo:
12:44:25.0169 3128
12:44:25.0169 3128 OS Version: 6.1.7601 ServicePack: 1.0
12:44:25.0169 3128 Product type: Workstation
12:44:25.0169 3128 ComputerName: ***-PC
12:44:25.0169 3128 UserName: ***
12:44:25.0170 3128 Windows directory: C:\Windows
12:44:25.0170 3128 System windows directory: C:\Windows
12:44:25.0170 3128 Running under WOW64
12:44:25.0170 3128 Processor architecture: Intel x64
12:44:25.0170 3128 Number of processors: 2
12:44:25.0170 3128 Page size: 0x1000
12:44:25.0170 3128 Boot type: Normal boot
12:44:25.0170 3128 ============================================================
12:44:26.0868 3128 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:26.0879 3128 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:29.0929 3128 ============================================================
12:44:29.0929 3128 \Device\Harddisk0\DR0:
12:44:29.0992 3128 MBR partitions:
12:44:29.0992 3128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
12:44:29.0992 3128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
12:44:29.0992 3128 \Device\Harddisk1\DR1:
12:44:29.0993 3128 MBR partitions:
12:44:29.0993 3128 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x4A856E81
12:44:29.0993 3128 ============================================================
12:44:30.0017 3128 C: <-> \Device\Harddisk0\DR0\Partition1
12:44:30.0049 3128 D: <-> \Device\Harddisk0\DR0\Partition0
12:44:30.0089 3128 G: <-> \Device\Harddisk1\DR1\Partition0
12:44:30.0089 3128 ============================================================
12:44:30.0089 3128 Initialize success
12:44:30.0089 3128 ============================================================
12:45:04.0109 5472 ============================================================
12:45:04.0109 5472 Scan started
12:45:04.0109 5472 Mode: Manual; SigCheck; TDLFS;
12:45:04.0109 5472 ============================================================
12:45:04.0914 5472 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:45:04.0999 5472 !SASCORE - ok
12:45:05.0559 5472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:45:05.0657 5472 1394ohci - ok
12:45:05.0800 5472 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
12:45:05.0822 5472 AAV UpdateService - ok
12:45:05.0899 5472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:45:05.0931 5472 ACPI - ok
12:45:05.0976 5472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:45:06.0075 5472 AcpiPmi - ok
12:45:06.0197 5472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:45:06.0214 5472 AdobeARMservice - ok
12:45:06.0388 5472 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:06.0420 5472 AdobeFlashPlayerUpdateSvc - ok
12:45:06.0501 5472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:06.0540 5472 adp94xx - ok
12:45:06.0600 5472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:06.0634 5472 adpahci - ok
12:45:06.0711 5472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:06.0740 5472 adpu320 - ok
12:45:06.0795 5472 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:45:06.0893 5472 AeLookupSvc - ok
12:45:07.0049 5472 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
12:45:07.0140 5472 AESTFilters - ok
12:45:07.0243 5472 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:45:07.0318 5472 AFD - ok
12:45:07.0359 5472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:45:07.0391 5472 agp440 - ok
12:45:07.0454 5472 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:45:07.0539 5472 ALG - ok
12:45:07.0569 5472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:45:07.0593 5472 aliide - ok
12:45:07.0660 5472 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe
12:45:07.0769 5472 AMD External Events Utility - ok
12:45:07.0796 5472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:45:07.0820 5472 amdide - ok
12:45:07.0875 5472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:07.0926 5472 AmdK8 - ok
12:45:07.0963 5472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:08.0028 5472 AmdPPM - ok
12:45:08.0076 5472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:45:08.0102 5472 amdsata - ok
12:45:08.0129 5472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:08.0160 5472 amdsbs - ok
12:45:08.0191 5472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:45:08.0214 5472 amdxata - ok
12:45:08.0274 5472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:45:08.0367 5472 AppID - ok
12:45:08.0417 5472 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:45:08.0511 5472 AppIDSvc - ok
12:45:08.0600 5472 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:45:08.0702 5472 Appinfo - ok
12:45:08.0852 5472 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:08.0870 5472 Apple Mobile Device - ok
12:45:08.0942 5472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:45:08.0967 5472 arc - ok
12:45:09.0147 5472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:09.0252 5472 arcsas - ok
12:45:09.0295 5472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:09.0385 5472 AsyncMac - ok
12:45:09.0439 5472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:45:09.0462 5472 atapi - ok
12:45:09.0524 5472 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
12:45:09.0568 5472 AtiHdmiService - ok
12:45:09.0987 5472 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:45:10.0177 5472 atikmdag - ok
12:45:10.0457 5472 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:10.0564 5472 AudioEndpointBuilder - ok
12:45:10.0576 5472 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:10.0667 5472 AudioSrv - ok
12:45:10.0746 5472 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:45:10.0857 5472 AxInstSV - ok
12:45:11.0010 5472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:45:11.0081 5472 b06bdrv - ok
12:45:11.0158 5472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:45:11.0214 5472 b57nd60a - ok
12:45:11.0390 5472 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:45:11.0421 5472 BBSvc - ok
12:45:11.0512 5472 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:45:11.0542 5472 BBUpdate - ok
12:45:11.0616 5472 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:45:11.0691 5472 BDESVC - ok
12:45:11.0753 5472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:45:11.0857 5472 Beep - ok
12:45:11.0978 5472 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:45:12.0056 5472 BFE - ok
12:45:12.0337 5472 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
12:45:12.0408 5472 BHDrvx64 - ok
12:45:12.0635 5472 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:45:12.0741 5472 BITS - ok
12:45:12.0872 5472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:12.0934 5472 blbdrive - ok
12:45:13.0123 5472 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:45:13.0147 5472 Bonjour Service - ok
12:45:13.0187 5472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:45:13.0244 5472 bowser - ok
12:45:13.0298 5472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:13.0363 5472 BrFiltLo - ok
12:45:13.0383 5472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:13.0413 5472 BrFiltUp - ok
12:45:13.0477 5472 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:45:13.0560 5472 Browser - ok
12:45:13.0603 5472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:45:13.0697 5472 Brserid - ok
12:45:13.0738 5472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:13.0797 5472 BrSerWdm - ok
12:45:13.0830 5472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:13.0885 5472 BrUsbMdm - ok
12:45:13.0905 5472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:13.0956 5472 BrUsbSer - ok
12:45:14.0015 5472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:45:14.0147 5472 BthEnum - ok
12:45:14.0169 5472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:14.0221 5472 BTHMODEM - ok
12:45:14.0456 5472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:45:14.0513 5472 BthPan - ok
12:45:14.0613 5472 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:45:14.0668 5472 BTHPORT - ok
12:45:14.0718 5472 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:45:14.0801 5472 bthserv - ok
12:45:14.0827 5472 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:45:14.0887 5472 BTHUSB - ok
12:45:14.0943 5472 btwaudio (e2677b9234e4c31055b940b70536d377) C:\Windows\system32\drivers\btwaudio.sys
12:45:14.0964 5472 btwaudio - ok
12:45:15.0003 5472 btwavdt (e59a0c091ae64063b53b9ac1294a3679) C:\Windows\system32\drivers\btwavdt.sys
12:45:15.0026 5472 btwavdt - ok
12:45:15.0227 5472 btwdins (51342b4a550b8d6d2fcafa5bc198e8c1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:45:15.0277 5472 btwdins - ok
12:45:15.0349 5472 btwl2cap (d33875ca5940f2e0ed06fb74d556e2db) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:45:15.0368 5472 btwl2cap - ok
12:45:15.0391 5472 btwrchid (a465b855cef659655de80d012c2de761) C:\Windows\system32\DRIVERS\btwrchid.sys
12:45:15.0409 5472 btwrchid - ok
12:45:15.0472 5472 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
12:45:15.0498 5472 BVRPMPR5a64 - ok
12:45:15.0606 5472 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys
12:45:15.0630 5472 ccSet_NAV - ok
12:45:15.0714 5472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:15.0804 5472 cdfs - ok
12:45:15.0872 5472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:45:15.0917 5472 cdrom - ok
12:45:15.0971 5472 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:16.0101 5472 CertPropSvc - ok
12:45:16.0180 5472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:45:16.0280 5472 circlass - ok
12:45:16.0359 5472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:45:16.0393 5472 CLFS - ok
12:45:16.0503 5472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:16.0525 5472 clr_optimization_v2.0.50727_32 - ok
12:45:16.0644 5472 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:45:16.0666 5472 clr_optimization_v2.0.50727_64 - ok
12:45:16.0758 5472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:16.0783 5472 clr_optimization_v4.0.30319_32 - ok
12:45:16.0845 5472 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:45:16.0868 5472 clr_optimization_v4.0.30319_64 - ok
12:45:16.0922 5472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:16.0967 5472 CmBatt - ok
12:45:17.0012 5472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:45:17.0035 5472 cmdide - ok
12:45:17.0094 5472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:45:17.0143 5472 CNG - ok
12:45:17.0222 5472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:17.0245 5472 Compbatt - ok
12:45:17.0290 5472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:45:17.0329 5472 CompositeBus - ok
12:45:17.0341 5472 COMSysApp - ok
12:45:17.0365 5472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:17.0388 5472 crcdisk - ok
12:45:17.0457 5472 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:45:17.0544 5472 CryptSvc - ok
12:45:17.0600 5472 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:45:17.0651 5472 CtClsFlt - ok
12:45:17.0756 5472 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:17.0851 5472 DcomLaunch - ok
12:45:17.0945 5472 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:45:18.0033 5472 defragsvc - ok
12:45:18.0084 5472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:45:18.0192 5472 DfsC - ok
12:45:18.0266 5472 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
12:45:18.0290 5472 dg_ssudbus - ok
12:45:18.0387 5472 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:45:18.0475 5472 Dhcp - ok
12:45:18.0516 5472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:45:18.0615 5472 discache - ok
12:45:18.0670 5472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:45:18.0695 5472 Disk - ok
12:45:18.0732 5472 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:45:18.0816 5472 Dnscache - ok
12:45:18.0936 5472 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:45:19.0013 5472 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
12:45:19.0013 5472 DockLoginService - detected UnsignedFile.Multi.Generic (1)
12:45:19.0075 5472 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:45:19.0163 5472 dot3svc - ok
12:45:19.0207 5472 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:45:19.0295 5472 DPS - ok
12:45:19.0356 5472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:45:19.0386 5472 drmkaud - ok
12:45:19.0443 5472 DSI_SiUSBXp_3_1 (50aad2a07bd8b90a8cfb4f6d7a4d165a) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
12:45:19.0472 5472 DSI_SiUSBXp_3_1 - ok
12:45:19.0613 5472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:19.0665 5472 DXGKrnl - ok
12:45:19.0721 5472 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:45:19.0808 5472 EapHost - ok
12:45:20.0093 5472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:45:20.0219 5472 ebdrv - ok
12:45:20.0367 5472 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:45:20.0410 5472 eeCtrl - ok
12:45:20.0573 5472 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:45:20.0681 5472 EFS - ok
12:45:20.0820 5472 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:45:20.0926 5472 ehRecvr - ok
12:45:20.0981 5472 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:45:21.0054 5472 ehSched - ok
12:45:21.0211 5472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:21.0251 5472 elxstor - ok
12:45:21.0390 5472 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:45:21.0412 5472 EraserUtilRebootDrv - ok
12:45:21.0438 5472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:45:21.0489 5472 ErrDev - ok
12:45:21.0592 5472 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:45:21.0701 5472 EventSystem - ok
12:45:21.0763 5472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:45:21.0850 5472 exfat - ok
12:45:21.0890 5472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:45:21.0983 5472 fastfat - ok
12:45:22.0110 5472 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:45:22.0167 5472 Fax - ok
12:45:22.0222 5472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:45:22.0249 5472 fdc - ok
12:45:22.0293 5472 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:45:22.0391 5472 fdPHost - ok
12:45:22.0415 5472 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:45:22.0504 5472 FDResPub - ok
12:45:22.0532 5472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:45:22.0557 5472 FileInfo - ok
12:45:22.0575 5472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:45:22.0673 5472 Filetrace - ok
12:45:22.0717 5472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:22.0741 5472 flpydisk - ok
12:45:22.0824 5472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:45:22.0856 5472 FltMgr - ok
12:45:22.0975 5472 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:45:23.0102 5472 FontCache - ok
12:45:23.0272 5472 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:45:23.0291 5472 FontCache3.0.0.0 - ok
12:45:23.0393 5472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:45:23.0418 5472 FsDepends - ok
12:45:23.0447 5472 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:23.0471 5472 Fs_Rec - ok
12:45:23.0542 5472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:23.0578 5472 fvevol - ok
12:45:23.0603 5472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:23.0628 5472 gagp30kx - ok
12:45:23.0658 5472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:45:23.0676 5472 GEARAspiWDM - ok
12:45:23.0773 5472 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:23.0887 5472 gpsvc - ok
12:45:23.0915 5472 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
12:45:23.0935 5472 grmnusb - ok
12:45:24.0066 5472 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:24.0088 5472 gupdate - ok
12:45:24.0105 5472 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:24.0124 5472 gupdatem - ok
12:45:24.0168 5472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:24.0220 5472 hcw85cir - ok
12:45:24.0290 5472 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:45:24.0353 5472 HdAudAddService - ok
12:45:24.0407 5472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:24.0460 5472 HDAudBus - ok
12:45:24.0511 5472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:24.0548 5472 HidBatt - ok
12:45:24.0587 5472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:24.0657 5472 HidBth - ok
12:45:24.0696 5472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:24.0726 5472 HidIr - ok
12:45:24.0770 5472 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:45:24.0845 5472 hidserv - ok
12:45:24.0890 5472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:24.0915 5472 HidUsb - ok
12:45:24.0966 5472 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:25.0075 5472 hkmsvc - ok
12:45:25.0139 5472 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:25.0193 5472 HomeGroupListener - ok
12:45:25.0260 5472 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:25.0314 5472 HomeGroupProvider - ok
12:45:25.0364 5472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:25.0392 5472 HpSAMD - ok
12:45:25.0499 5472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:25.0600 5472 HTTP - ok
12:45:25.0646 5472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:25.0669 5472 hwpolicy - ok
12:45:25.0731 5472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:25.0757 5472 i8042prt - ok
12:45:25.0823 5472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:25.0858 5472 iaStorV - ok
12:45:26.0014 5472 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:45:26.0039 5472 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:45:26.0039 5472 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:45:26.0269 5472 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:26.0313 5472 idsvc - ok
12:45:26.0561 5472 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120518.001\IDSvia64.sys
12:45:26.0591 5472 IDSVia64 - ok
12:45:26.0767 5472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:26.0792 5472 iirsp - ok
12:45:26.0935 5472 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:27.0042 5472 IKEEXT - ok
12:45:27.0078 5472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:27.0102 5472 intelide - ok
12:45:27.0174 5472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:27.0218 5472 intelppm - ok
12:45:27.0303 5472 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:27.0415 5472 IPBusEnum - ok
12:45:27.0511 5472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:27.0621 5472 IpFilterDriver - ok
12:45:27.0712 5472 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:27.0825 5472 iphlpsvc - ok
12:45:27.0862 5472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:27.0927 5472 IPMIDRV - ok
12:45:27.0985 5472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:28.0075 5472 IPNAT - ok
12:45:28.0149 5472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:28.0210 5472 IRENUM - ok
12:45:28.0286 5472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:28.0311 5472 isapnp - ok
12:45:28.0383 5472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:28.0414 5472 iScsiPrt - ok
12:45:28.0503 5472 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:45:28.0579 5472 k57nd60a - ok
12:45:28.0641 5472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:45:28.0687 5472 kbdclass - ok
12:45:28.0737 5472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:45:28.0797 5472 kbdhid - ok
12:45:28.0848 5472 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:28.0873 5472 KeyIso - ok
12:45:28.0925 5472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:28.0950 5472 KSecDD - ok
12:45:29.0001 5472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:29.0028 5472 KSecPkg - ok
12:45:29.0086 5472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:29.0189 5472 ksthunk - ok
12:45:29.0252 5472 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:29.0373 5472 KtmRm - ok
12:45:29.0771 5472 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:45:29.0886 5472 LanmanServer - ok
12:45:29.0938 5472 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:30.0033 5472 LanmanWorkstation - ok
12:45:30.0173 5472 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
12:45:30.0217 5472 LBTServ - ok
12:45:30.0281 5472 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:45:30.0321 5472 LHidFilt - ok
12:45:30.0379 5472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:30.0467 5472 lltdio - ok
12:45:30.0551 5472 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:30.0672 5472 lltdsvc - ok
12:45:30.0716 5472 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:30.0809 5472 lmhosts - ok
12:45:30.0885 5472 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:45:30.0904 5472 LMouFilt - ok
12:45:30.0949 5472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:30.0997 5472 LSI_FC - ok
12:45:31.0079 5472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:31.0104 5472 LSI_SAS - ok
12:45:31.0125 5472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:31.0151 5472 LSI_SAS2 - ok
12:45:31.0208 5472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:31.0235 5472 LSI_SCSI - ok
12:45:31.0265 5472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:31.0353 5472 luafv - ok
12:45:31.0424 5472 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
12:45:31.0444 5472 LUsbFilt - ok
12:45:31.0551 5472 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:45:31.0575 5472 MBAMProtector - ok
12:45:31.0685 5472 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:45:31.0722 5472 MBAMService - ok
12:45:31.0779 5472 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:31.0831 5472 Mcx2Svc - ok
12:45:31.0894 5472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:31.0918 5472 megasas - ok
12:45:31.0949 5472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:31.0980 5472 MegaSR - ok
12:45:32.0050 5472 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:32.0135 5472 MMCSS - ok
12:45:32.0187 5472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:32.0285 5472 Modem - ok
12:45:32.0324 5472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:32.0375 5472 monitor - ok
12:45:32.0430 5472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:32.0455 5472 mouclass - ok
12:45:32.0483 5472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:32.0540 5472 mouhid - ok
12:45:32.0591 5472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:32.0618 5472 mountmgr - ok
12:45:32.0730 5472 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:32.0754 5472 MozillaMaintenance - ok
12:45:32.0798 5472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:32.0827 5472 mpio - ok
12:45:32.0876 5472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:32.0943 5472 mpsdrv - ok
12:45:33.0049 5472 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:33.0130 5472 MpsSvc - ok
12:45:33.0191 5472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:33.0250 5472 MRxDAV - ok
12:45:33.0295 5472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:33.0345 5472 mrxsmb - ok
12:45:33.0380 5472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:33.0425 5472 mrxsmb10 - ok
12:45:33.0449 5472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:33.0476 5472 mrxsmb20 - ok
12:45:33.0508 5472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:33.0531 5472 msahci - ok
12:45:33.0576 5472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:33.0604 5472 msdsm - ok
12:45:33.0659 5472 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:33.0716 5472 MSDTC - ok
12:45:33.0798 5472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:33.0863 5472 Msfs - ok
12:45:33.0879 5472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:33.0971 5472 mshidkmdf - ok
12:45:34.0010 5472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:34.0034 5472 msisadrv - ok
12:45:34.0111 5472 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:34.0212 5472 MSiSCSI - ok
12:45:34.0218 5472 msiserver - ok
12:45:34.0264 5472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:34.0363 5472 MSKSSRV - ok
12:45:34.0402 5472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:34.0494 5472 MSPCLOCK - ok
12:45:34.0517 5472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:34.0606 5472 MSPQM - ok
12:45:34.0679 5472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:34.0723 5472 MsRPC - ok
12:45:34.0756 5472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:34.0780 5472 mssmbios - ok
12:45:34.0806 5472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:34.0898 5472 MSTEE - ok
12:45:34.0958 5472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:34.0983 5472 MTConfig - ok
12:45:35.0001 5472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:35.0026 5472 Mup - ok
12:45:35.0110 5472 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:35.0211 5472 napagent - ok
12:45:35.0329 5472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:35.0397 5472 NativeWifiP - ok
12:45:35.0536 5472 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
12:45:35.0559 5472 NAV - ok
12:45:35.0785 5472 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120520.009\ENG64.SYS
12:45:35.0804 5472 NAVENG - ok
12:45:35.0985 5472 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120520.009\EX64.SYS
12:45:36.0054 5472 NAVEX15 - ok
12:45:37.0191 5472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:37.0242 5472 NDIS - ok
12:45:37.0298 5472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:37.0390 5472 NdisCap - ok
12:45:37.0426 5472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:37.0517 5472 NdisTapi - ok
12:45:37.0566 5472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:37.0655 5472 Ndisuio - ok
12:45:37.0711 5472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:37.0805 5472 NdisWan - ok
12:45:37.0885 5472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:37.0963 5472 NDProxy - ok
12:45:38.0037 5472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:38.0141 5472 NetBIOS - ok
12:45:38.0465 5472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:38.0545 5472 NetBT - ok
12:45:38.0618 5472 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:38.0642 5472 Netlogon - ok
12:45:38.0849 5472 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:38.0960 5472 Netman - ok
12:45:39.0089 5472 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:39.0212 5472 netprofm - ok
12:45:39.0358 5472 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:39.0380 5472 NetTcpPortSharing - ok
12:45:39.0801 5472 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:45:39.0949 5472 netw5v64 - ok
12:45:40.0183 5472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:40.0207 5472 nfrd960 - ok
12:45:40.0292 5472 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:40.0383 5472 NlaSvc - ok
12:45:40.0405 5472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:40.0471 5472 Npfs - ok
12:45:40.0529 5472 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:40.0626 5472 nsi - ok
12:45:40.0685 5472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:40.0776 5472 nsiproxy - ok
12:45:40.0956 5472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:41.0030 5472 Ntfs - ok
12:45:41.0264 5472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:41.0354 5472 Null - ok
12:45:41.0391 5472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:41.0418 5472 nvraid - ok
12:45:41.0444 5472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:41.0472 5472 nvstor - ok
12:45:41.0507 5472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:41.0533 5472 nv_agp - ok
12:45:41.0596 5472 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
12:45:41.0619 5472 OA008Ufd - ok
12:45:41.0664 5472 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
12:45:41.0720 5472 OA008Vid - ok
12:45:41.0796 5472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:41.0842 5472 ohci1394 - ok
12:45:41.0939 5472 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:41.0965 5472 ose - ok
12:45:42.0407 5472 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:42.0609 5472 osppsvc - ok
12:45:42.0845 5472 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:42.0955 5472 p2pimsvc - ok
12:45:43.0054 5472 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:43.0119 5472 p2psvc - ok
12:45:43.0237 5472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:43.0264 5472 Parport - ok
12:45:43.0333 5472 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:43.0359 5472 partmgr - ok
12:45:43.0458 5472 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:43.0545 5472 PcaSvc - ok
12:45:43.0854 5472 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
12:45:43.0874 5472 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
12:45:43.0939 5472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:43.0968 5472 pci - ok
12:45:44.0040 5472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:44.0063 5472 pciide - ok
12:45:44.0128 5472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:44.0158 5472 pcmcia - ok
12:45:44.0190 5472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:44.0215 5472 pcw - ok
12:45:44.0282 5472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:44.0387 5472 PEAUTH - ok
12:45:44.0524 5472 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:44.0569 5472 PerfHost - ok
12:45:44.0722 5472 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:44.0897 5472 pla - ok
12:45:44.0957 5472 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:45.0003 5472 PlugPlay - ok
12:45:45.0049 5472 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:45.0086 5472 PNRPAutoReg - ok
12:45:45.0130 5472 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:45.0165 5472 PNRPsvc - ok
12:45:45.0255 5472 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:45.0349 5472 PolicyAgent - ok
12:45:45.0421 5472 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:45.0516 5472 Power - ok
12:45:45.0631 5472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:45.0727 5472 PptpMiniport - ok
12:45:45.0809 5472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:45.0857 5472 Processor - ok
12:45:45.0943 5472 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:45:46.0036 5472 ProfSvc - ok
12:45:46.0080 5472 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:46.0104 5472 ProtectedStorage - ok
12:45:46.0175 5472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:46.0240 5472 Psched - ok
12:45:46.0350 5472 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:45:46.0371 5472 PSI_SVC_2 - ok
12:45:46.0406 5472 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:45:46.0428 5472 PxHlpa64 - ok
12:45:46.0568 5472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:46.0650 5472 ql2300 - ok
12:45:46.0913 5472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:46.0941 5472 ql40xx - ok
12:45:47.0044 5472 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:47.0082 5472 QWAVE - ok
12:45:47.0145 5472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:47.0194 5472 QWAVEdrv - ok
12:45:47.0217 5472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:47.0283 5472 RasAcd - ok
12:45:47.0340 5472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:47.0408 5472 RasAgileVpn - ok
12:45:47.0473 5472 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:47.0560 5472 RasAuto - ok
12:45:47.0606 5472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:47.0699 5472 Rasl2tp - ok
12:45:47.0776 5472 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:47.0848 5472 RasMan - ok
12:45:47.0919 5472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:48.0004 5472 RasPppoe - ok
12:45:48.0035 5472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:48.0122 5472 RasSstp - ok
12:45:48.0191 5472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:48.0285 5472 rdbss - ok
12:45:48.0319 5472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:48.0367 5472 rdpbus - ok
12:45:48.0399 5472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:48.0487 5472 RDPCDD - ok
12:45:48.0524 5472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:48.0619 5472 RDPENCDD - ok
12:45:48.0658 5472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:48.0724 5472 RDPREFMP - ok
12:45:48.0824 5472 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:45:48.0919 5472 RDPWD - ok
12:45:48.0993 5472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:49.0022 5472 rdyboost - ok
12:45:49.0081 5472 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:49.0185 5472 RemoteAccess - ok
12:45:49.0251 5472 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:49.0345 5472 RemoteRegistry - ok
12:45:49.0412 5472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:49.0468 5472 RFCOMM - ok
12:45:49.0554 5472 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:45:49.0593 5472 rimmptsk - ok
12:45:49.0623 5472 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
12:45:49.0643 5472 rimsptsk - ok
12:45:49.0666 5472 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:45:49.0707 5472 rismxdp - ok
12:45:49.0781 5472 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:49.0865 5472 RpcEptMapper - ok
12:45:49.0924 5472 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:49.0973 5472 RpcLocator - ok
12:45:50.0064 5472 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:50.0137 5472 RpcSs - ok
12:45:50.0181 5472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:50.0249 5472 rspndr - ok
12:45:50.0279 5472 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:50.0304 5472 SamSs - ok
12:45:50.0426 5472 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:45:50.0444 5472 SASDIFSV - ok
12:45:50.0469 5472 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:45:50.0488 5472 SASKUTIL - ok
12:45:50.0528 5472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:50.0554 5472 sbp2port - ok
12:45:50.0779 5472 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:45:50.0826 5472 SBSDWSCService - ok
12:45:50.0899 5472 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:50.0998 5472 SCardSvr - ok
12:45:51.0089 5472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:51.0183 5472 scfilter - ok
12:45:51.0348 5472 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:51.0462 5472 Schedule - ok
12:45:51.0522 5472 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:51.0585 5472 SCPolicySvc - ok
12:45:51.0637 5472 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:45:51.0677 5472 sdbus - ok
12:45:51.0707 5472 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:51.0753 5472 SDRSVC - ok
12:45:51.0849 5472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:51.0938 5472 secdrv - ok
12:45:52.0001 5472 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:52.0079 5472 seclogon - ok
12:45:52.0137 5472 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:45:52.0234 5472 SENS - ok
12:45:52.0264 5472 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:52.0352 5472 SensrSvc - ok
12:45:52.0379 5472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:52.0431 5472 Serenum - ok
12:45:52.0498 5472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:52.0525 5472 Serial - ok
12:45:52.0563 5472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:52.0612 5472 sermouse - ok
12:45:52.0671 5472 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:52.0738 5472 SessionEnv - ok
12:45:52.0851 5472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:45:52.0920 5472 sffdisk - ok
12:45:52.0940 5472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:52.0988 5472 sffp_mmc - ok
12:45:52.0996 5472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:45:53.0034 5472 sffp_sd - ok
12:45:53.0086 5472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:53.0110 5472 sfloppy - ok
12:45:53.0192 5472 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:53.0288 5472 SharedAccess - ok
12:45:53.0359 5472 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:53.0430 5472 ShellHWDetection - ok
12:45:53.0485 5472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:53.0509 5472 SiSRaid2 - ok
12:45:53.0532 5472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:53.0558 5472 SiSRaid4 - ok
12:45:53.0599 5472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:53.0688 5472 Smb - ok
12:45:53.0759 5472 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:53.0816 5472 SNMPTRAP - ok
12:45:53.0844 5472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:53.0868 5472 spldr - ok
12:45:53.0963 5472 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:54.0044 5472 Spooler - ok
12:45:54.0342 5472 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:54.0508 5472 sppsvc - ok
12:45:54.0690 5472 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:54.0783 5472 sppuinotify - ok
12:45:54.0971 5472 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS
12:45:55.0011 5472 SRTSP - ok
12:45:55.0034 5472 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS
12:45:55.0053 5472 SRTSPX - ok
12:45:55.0117 5472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:55.0196 5472 srv - ok
12:45:55.0248 5472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:55.0311 5472 srv2 - ok
12:45:55.0380 5472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:55.0442 5472 srvnet - ok
12:45:55.0531 5472 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:55.0630 5472 SSDPSRV - ok
12:45:55.0672 5472 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:55.0742 5472 SstpSvc - ok
12:45:55.0800 5472 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
12:45:55.0825 5472 ssudmdm - ok
12:45:55.0994 5472 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:45:56.0032 5472 STacSV - ok
12:45:56.0085 5472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:56.0109 5472 stexstor - ok
12:45:56.0185 5472 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
12:45:56.0217 5472 STHDA - ok
12:45:56.0317 5472 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:56.0365 5472 stisvc - ok
12:45:56.0500 5472 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:45:56.0520 5472 stllssvr - ok
12:45:56.0558 5472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:56.0581 5472 swenum - ok
12:45:56.0665 5472 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:56.0764 5472 swprv - ok
12:45:56.0870 5472 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS
12:45:56.0901 5472 SymDS - ok
12:45:57.0007 5472 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS
12:45:57.0058 5472 SymEFA - ok
12:45:57.0104 5472 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:45:57.0128 5472 SymEvent - ok
12:45:57.0167 5472 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS
12:45:57.0190 5472 SymIRON - ok
12:45:57.0274 5472 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS
12:45:57.0305 5472 SymNetS - ok
12:45:57.0376 5472 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
12:45:57.0404 5472 SynTP - ok
12:45:57.0585 5472 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:57.0693 5472 SysMain - ok
12:45:57.0875 5472 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:57.0933 5472 TabletInputService - ok
12:45:57.0994 5472 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:58.0091 5472 TapiSrv - ok
12:45:58.0135 5472 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:58.0203 5472 TBS - ok
12:45:58.0426 5472 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:58.0506 5472 Tcpip - ok
12:45:58.0855 5472 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:58.0941 5472 TCPIP6 - ok
12:45:59.0163 5472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:59.0237 5472 tcpipreg - ok
12:45:59.0304 5472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:59.0345 5472 TDPIPE - ok
12:45:59.0384 5472 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:59.0431 5472 TDTCP - ok
12:45:59.0505 5472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:59.0575 5472 tdx - ok
12:45:59.0839 5472 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:45:59.0935 5472 TeamViewer6 - ok
12:46:00.0148 5472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:46:00.0172 5472 TermDD - ok
12:46:00.0281 5472 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:46:00.0377 5472 TermService - ok
12:46:00.0427 5472 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:46:00.0485 5472 Themes - ok
12:46:00.0536 5472 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:46:00.0605 5472 THREADORDER - ok
12:46:00.0627 5472 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:46:00.0729 5472 TrkWks - ok
12:46:00.0841 5472 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:46:00.0928 5472 TrustedInstaller - ok
12:46:00.0988 5472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:01.0052 5472 tssecsrv - ok
12:46:01.0140 5472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:46:01.0207 5472 TsUsbFlt - ok
12:46:01.0289 5472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:46:01.0378 5472 tunnel - ok
12:46:01.0422 5472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:46:01.0450 5472 uagp35 - ok
12:46:01.0524 5472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:46:01.0594 5472 udfs - ok
12:46:01.0656 5472 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:46:01.0713 5472 UI0Detect - ok
12:46:01.0776 5472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:46:01.0800 5472 uliagpkx - ok
12:46:01.0839 5472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:46:01.0892 5472 umbus - ok
12:46:01.0931 5472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:46:01.0956 5472 UmPass - ok
12:46:02.0042 5472 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:46:02.0117 5472 upnphost - ok
12:46:02.0157 5472 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
12:46:02.0232 5472 USBAAPL64 - ok
12:46:02.0270 5472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:02.0318 5472 usbccgp - ok
12:46:02.0383 5472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:46:02.0438 5472 usbcir - ok
12:46:02.0502 5472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:46:02.0547 5472 usbehci - ok
12:46:02.0615 5472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:46:02.0677 5472 usbhub - ok
12:46:02.0723 5472 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:46:02.0784 5472 usbohci - ok
12:46:02.0832 5472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:46:02.0863 5472 usbprint - ok
12:46:02.0893 5472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:02.0930 5472 USBSTOR - ok
12:46:02.0975 5472 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:46:03.0025 5472 usbuhci - ok
12:46:03.0068 5472 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:46:03.0136 5472 UxSms - ok
12:46:03.0166 5472 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:03.0191 5472 VaultSvc - ok
12:46:03.0221 5472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:46:03.0244 5472 vdrvroot - ok
12:46:03.0328 5472 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:46:03.0408 5472 vds - ok
12:46:03.0473 5472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:03.0502 5472 vga - ok
12:46:03.0526 5472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:46:03.0619 5472 VgaSave - ok
12:46:03.0680 5472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:46:03.0709 5472 vhdmp - ok
12:46:03.0745 5472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:46:03.0769 5472 viaide - ok
12:46:03.0790 5472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:46:03.0815 5472 volmgr - ok
12:46:03.0889 5472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:46:03.0923 5472 volmgrx - ok
12:46:03.0971 5472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:46:04.0003 5472 volsnap - ok
12:46:04.0051 5472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:46:04.0079 5472 vsmraid - ok
12:46:04.0249 5472 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:46:04.0377 5472 VSS - ok
12:46:04.0589 5472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:46:04.0647 5472 vwifibus - ok
12:46:04.0718 5472 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:46:04.0793 5472 W32Time - ok
12:46:04.0844 5472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:46:04.0901 5472 WacomPen - ok
12:46:04.0990 5472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:05.0066 5472 WANARP - ok
12:46:05.0072 5472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:05.0135 5472 Wanarpv6 - ok
12:46:05.0302 5472 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:46:05.0402 5472 wbengine - ok
12:46:05.0619 5472 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:46:05.0659 5472 WbioSrvc - ok
12:46:05.0747 5472 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:46:05.0791 5472 wcncsvc - ok
12:46:05.0851 5472 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:46:05.0891 5472 WcsPlugInService - ok
12:46:05.0990 5472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:46:06.0014 5472 Wd - ok
12:46:06.0091 5472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:46:06.0134 5472 Wdf01000 - ok
12:46:06.0160 5472 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:46:06.0261 5472 WdiServiceHost - ok
12:46:06.0267 5472 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:46:06.0302 5472 WdiSystemHost - ok
12:46:06.0358 5472 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:46:06.0423 5472 WebClient - ok
12:46:06.0495 5472 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:46:06.0576 5472 Wecsvc - ok
12:46:06.0606 5472 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:46:06.0680 5472 wercplsupport - ok
12:46:06.0713 5472 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:46:06.0803 5472 WerSvc - ok
12:46:06.0894 5472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:06.0959 5472 WfpLwf - ok
12:46:06.0974 5472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:46:06.0999 5472 WIMMount - ok
12:46:07.0073 5472 WinDefend - ok
12:46:07.0084 5472 WinHttpAutoProxySvc - ok
12:46:07.0188 5472 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:46:07.0279 5472 Winmgmt - ok
12:46:07.0474 5472 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:46:07.0584 5472 WinRM - ok
12:46:07.0820 5472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:46:07.0877 5472 WinUsb - ok
12:46:07.0982 5472 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:46:08.0041 5472 Wlansvc - ok
12:46:08.0081 5472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:46:08.0132 5472 WmiAcpi - ok
12:46:08.0252 5472 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:46:08.0300 5472 wmiApSrv - ok
12:46:08.0395 5472 WMPNetworkSvc - ok
12:46:08.0442 5472 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:46:08.0474 5472 WPCSvc - ok
12:46:08.0526 5472 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:46:08.0580 5472 WPDBusEnum - ok
12:46:08.0751 5472 WPFFontCache_v0400 - ok
12:46:08.0808 5472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:46:08.0874 5472 ws2ifsl - ok
12:46:08.0929 5472 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:46:08.0992 5472 wscsvc - ok
12:46:08.0998 5472 WSearch - ok
12:46:09.0211 5472 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:46:09.0341 5472 wuauserv - ok
12:46:09.0584 5472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:46:09.0649 5472 WudfPf - ok
12:46:09.0698 5472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:46:09.0795 5472 WUDFRd - ok
12:46:09.0849 5472 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:46:09.0914 5472 wudfsvc - ok
12:46:09.0994 5472 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:46:10.0033 5472 WwanSvc - ok
12:46:10.0151 5472 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
12:46:10.0175 5472 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
12:46:10.0197 5472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:46:10.0665 5472 \Device\Harddisk0\DR0 - ok
12:46:10.0672 5472 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:46:11.0162 5472 \Device\Harddisk1\DR1 - ok
12:46:11.0198 5472 Boot (0x1200) (699f28e2b509ca731fb222c61422522b) \Device\Harddisk0\DR0\Partition0
12:46:11.0200 5472 \Device\Harddisk0\DR0\Partition0 - ok
12:46:11.0252 5472 Boot (0x1200) (dcb6f73aad02d042208e1217c330639d) \Device\Harddisk0\DR0\Partition1
12:46:11.0254 5472 \Device\Harddisk0\DR0\Partition1 - ok
12:46:11.0266 5472 Boot (0x1200) (bec0b541cff9114c5f3fff374edbfb77) \Device\Harddisk1\DR1\Partition0
12:46:11.0269 5472 \Device\Harddisk1\DR1\Partition0 - ok
12:46:11.0270 5472 ============================================================
12:46:11.0270 5472 Scan finished
12:46:11.0270 5472 ============================================================
12:46:11.0288 3408 Detected object count: 2
12:46:11.0288 3408 Actual detected object count: 2
12:46:31.0648 3408 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:31.0648 3408 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:46:31.0649 3408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:46:31.0649 3408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.05.2012, 12:01
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2012, 15:43
| #20 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne, nachfolgend das CF-Logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-20.10 - xxx 21.05.2012 16:18:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.2700 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-21 bis 2012-05-21 ))))))))))))))))))))))))))))))
.
.
2012-05-21 14:30 . 2012-05-21 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 14:30 . 2012-05-21 14:30 -------- d-----w- c:\users\xxx_std\AppData\Local\temp
2012-05-20 19:49 . 2012-05-21 10:12 -------- d-----w- C:\_OTL
2012-05-20 19:04 . 2012-05-20 19:04 -------- d-----w- c:\users\xxx\AppData\Local\Diagnostics
2012-05-18 06:26 . 2012-05-18 06:26 -------- d-----w- c:\program files (x86)\ESET
2012-05-18 06:22 . 2012-05-18 06:22 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307010.005
2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 20:31 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-17 12:37 . 2012-05-17 12:37 -------- d-----w- c:\users\xxx\AppData\Local\NPE
2012-05-17 09:36 . 2012-05-17 09:36 -------- d-----w- c:\users\xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-05-17 09:35 . 2012-05-17 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-17 09:35 . 2012-05-17 09:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-14 20:13 . 2012-05-14 20:13 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 20:13 . 2012-05-14 20:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:56 . 2012-05-14 18:57 -------- d-----w- c:\users\xxx\AppData\Roaming\TCXConverter
2012-05-14 18:56 . 2012-05-14 18:56 -------- d-----w- c:\program files (x86)\TCX Converter
2012-05-14 18:33 . 2012-05-14 18:33 -------- d-----w- c:\users\xxx\AppData\Local\ZoneFiveSoftware
2012-05-14 18:28 . 2012-05-14 18:28 -------- d-----w- c:\program files (x86)\Zone Five Software
2012-05-14 18:28 . 2012-05-14 18:28 -------- d-----w- c:\programdata\ZoneFiveSoftware
2012-05-10 14:05 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 14:05 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 14:05 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 14:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 14:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 14:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 14:04 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 14:04 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 14:04 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 14:04 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:04 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 14:04 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:04 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 18:46 . 2012-05-08 18:46 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-08 18:45 . 2012-05-08 18:45 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 18:45 . 2012-05-08 18:45 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 16:07 . 2012-04-25 16:07 -------- d-----w- c:\users\xxx\AppData\Roaming\Reallusion
2012-04-24 15:18 . 2012-05-09 17:06 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 20:27 . 2012-04-18 16:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-17 20:27 . 2011-12-12 18:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-27 15:03 . 2009-09-13 13:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-01 06:46 . 2012-04-11 18:20 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 18:20 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 18:20 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 18:20 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 18:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 18:20 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 18:20 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 18:28 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 18:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 18:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 18:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 18:28 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 18:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 18:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 18:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-26 21416]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-20 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-07-15 371712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\xxx_std\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-18 1066536]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-14 1207312]
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120518.001\IDSvia64.sys [2012-04-28 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/12/25 16:00];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 19:19 146928]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 13888393
*Deregistered* - 13888393
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 20:27]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 11:41]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 11:41]
.
2012-05-20 c:\windows\Tasks\Norton Security Scan for xxx.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-16 07:48]
.
2012-05-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-05-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\194ydjbi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_3204"="{35374657-E11B-4AC6-A0BC-3E92348FB54B}"
"ccSvcHst_UserSession_3516"="{B18740F0-C773-4280-BB3B-70FBD9418B2F}"
"ccSvcHst_UserSession_1908"="{E69B2C01-8AFF-4377-84C2-6823E89D3788}"
"ccSettingsService"="{7C1C56A6-9B37-43C5-A91F-9A773E028040}"
"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccSvcHst_UserSession_2088"="{3101D372-6131-44AA-A7C0-769BD028072A}"
"ccSvcHst_UserSession_3060"="{E2F0955D-2D12-4EA3-BC53-132F91064023}"
"ccSvcHst_UserSession2_2800"="{80E39866-2E9B-46BE-901B-F2AD2AB7B1D1}"
"ccSvcHst_NAV"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccSvcHst_UserSession_1116"="{122E218E-76E1-40B4-B396-33B1907F9657}"
"ccSvcHst_UserSession_1208"="{4D177A91-D1A2-4A0E-A9B6-21ACA6FB8299}"
"ncw_reputation_scan_server_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccSvcHst_UserSession_1160"="{1E7FEEA0-CDB6-42B2-A76B-8F6DCED8A552}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccSvcHst_UserSession2_3040"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"ccGenericEvent_Global_EM"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccGenericEvent_Global_LM"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccGenericLog_Manager"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"SNDServiceRequestChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"SNDLocationChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"SymRedirSvcRequestChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"NortonNetServiceIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"NetMapServiceIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_isDataPrComm_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"ncw_performance_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_ProcessDetection_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_AvProdSvcComm_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"isError_Service_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"BashIPCChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_ISPOCClient_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_IDataStoreMgr_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_NortonOnlineCommFeatureRequest_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"_HSPlayerCommand_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"FWAlert"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"IPS_COMMAND_CHANNEL"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
"AvProdSession_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"AvProdSession_Options_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"AvProdSession_MessageCenter_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"AvProdSession_Scanless_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"AvProdSession_IPUA_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"AvProdSession_CanIRun_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"clt::AlertChannel2_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"TRUSTCHANNEL"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"SDKCHANNEL1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"ToasterNotify\\SessionID_1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"_IPCChannel_PerformAutoLogin_1_"="{085B2E16-D5F2-4589-A54E-D62B827391EC}"
"_ReputationSvcComm_ReputationPublisher"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{35374657-E11B-4AC6-A0BC-3E92348FB54B}"=""
"{5B5F3B84-6741-49AC-B42B-B9BBB601DF46}"=""
"{68F07B18-72A6-4978-91BB-40BE5246F2EA}"=""
"{5EF2DC3F-EC5B-468C-9118-FF3B38E2CE6A}"=""
"{91BF2672-DB94-49AD-8E8A-80EB84901AD7}"=""
"{F32561C5-758E-430B-9B20-0D117D8BDBFA}"=""
"{1B0A93F1-C9F6-476D-AF44-C10E021A5F98}"=""
"{8CDEA324-5620-48F0-8CF0-51AB71D32CD8}"=""
"{F744D882-281A-46D1-8963-E80FC7E074B5}"=""
"{CA61550B-E365-4745-BE3E-5FFBD3A63ADB}"=""
"{F668C66D-8041-493E-9E9E-CB0D47147948}"=""
"{23AB479F-26DB-4D49-80FD-CD907875C8C7}"=""
"{087D6561-5797-4223-9671-0901FB046BA2}"=""
"{7BBEF819-A4C8-4CB7-A6CE-E2624096FA55}"=""
"{CACB1135-5603-464C-ADDF-4ACFAE5B3232}"=""
"{38007E84-48EE-4287-AC0D-9CEA517867AA}"=""
"{A170FA72-6F25-4B06-902F-E43AB08E1689}"=""
"{B18740F0-C773-4280-BB3B-70FBD9418B2F}"=""
"{32032CB3-CA39-4D33-BA01-99218F9D7A77}"=""
"{1466B0C0-58A6-43CD-94CF-3FCCC5A87964}"=""
"{4C84671D-CD0D-446D-9CBC-B945B323DE26}"=""
"{0F25E736-DF9F-4997-A0F2-FC5FADEEE447}"=""
"{08308DB6-D4AB-4131-949A-39FB2F6F85AC}"=""
"{D1199BA5-4497-45AD-834C-C88FE379FDF6}"=""
"{F20F8813-51A5-43F8-9E9D-C7D110668C80}"=""
"{88972957-CB13-458A-A65D-B84ECD0F030E}"=""
"{3590C1D3-520A-4308-8A34-72CC842E0200}"=""
"{37925E2D-A90B-4FA7-924F-FA7F54B884D1}"=""
"{250C0E34-AB0B-40D5-913F-77E3191D70A2}"=""
"{176ECA38-574D-4698-A306-D93BC425DE69}"=""
"{F18F94D7-DE2F-4A80-8D49-BCD2FA5D496A}"=""
"{674BE74D-C496-48C4-A6DB-07AA05920B78}"=""
"{E69B2C01-8AFF-4377-84C2-6823E89D3788}"=""
"{D9375991-A484-40CE-AB10-5D6338E9FDFC}"=""
"{5872F5B2-E9FB-4907-8DC5-FCD01570E467}"=""
"{AE712614-67F1-41F8-A49B-F8699637FFCB}"=""
"{212DCA8E-7B73-4778-A2F8-61C6B45D63EE}"=""
"{94E9EEB6-F395-42E1-A876-4E090A086A20}"=""
"{09D21B13-DCF7-4222-B6F8-5B652E84E797}"=""
"{B073C7C4-8634-429E-B38C-494813F8D01A}"=""
"{B0E3FCA9-EF7D-4838-9721-ED24DD681AB5}"=""
"{15755ED1-ADCE-4708-AEF4-E5B24F44A715}"=""
"{87E2F4AE-1FB3-4AF4-A6C8-5560C17CA033}"=""
"{3456A020-1397-4279-BC52-CCEBC7B7AE17}"=""
"{7C1C56A6-9B37-43C5-A91F-9A773E028040}"=""
"{4B9C4208-23CC-4D0B-BF35-636592CF73C6}"=""
"{64B84BD4-C69E-4334-A091-EE401899ADBB}"=""
"{8F9EF6D3-FDA4-4362-8F21-AF3E5BFCFE7E}"=""
"{37B67E04-1F8A-4691-B243-E1BB390E7FC2}"=""
"{3101D372-6131-44AA-A7C0-769BD028072A}"=""
"{6DA7CB91-7F16-402B-B1A9-F588D59C1B11}"=""
"{153E7208-8F74-41BD-8F6B-849B6C231FF7}"=""
"{2894C6DA-F386-4631-BFAB-A059DB5B653A}"=""
"{E2F0955D-2D12-4EA3-BC53-132F91064023}"=""
"{9BCE49FF-F8E3-4DE4-9DA6-2065AFD22F91}"=""
"{2D86D01B-4BA1-41A1-8230-224DE6067351}"=""
"{F0CE4347-A8B0-4948-970D-FC4FB407A6D9}"=""
"{56D0DD33-FBE0-47B4-B988-B07C6616D846}"=""
"{F47E6536-9B5A-41DE-B277-8E170821D327}"=""
"{80E39866-2E9B-46BE-901B-F2AD2AB7B1D1}"=""
"{6B2E6FA0-8539-4F67-A81B-15AF695D15E2}"=""
"{CCB1B607-288A-4487-890D-F35FA386A198}"=""
"{9255A47A-CDB9-4397-99FF-9A733CBB210B}"=""
"{1FE5121D-0B75-427B-946F-410EAF496416}"=""
"{B4A9F953-4C25-4A4A-B47B-EBEDBAB6DDAF}"=""
"{97199924-5A19-44D8-BFB8-B8D76013440D}"=""
"{A2932602-F3A1-4452-B09E-E199C45607ED}"=""
"{389F6518-5FB7-428A-A5D0-3BA77EE17F0E}"=""
"{122E218E-76E1-40B4-B396-33B1907F9657}"=""
"{622DC36E-486D-4FE8-8341-0C94897818E4}"=""
"{4D177A91-D1A2-4A0E-A9B6-21ACA6FB8299}"=""
"{968202EC-EDBB-460A-AB50-2D3CB2C331E0}"=""
"{92AA8DFD-6DAC-4490-AC27-5532BB39610E}"=""
"{52B71C37-1869-4ED0-8D58-F6D6EB961033}"=""
"{1E7FEEA0-CDB6-42B2-A76B-8F6DCED8A552}"=""
"{8B98234C-C938-4C45-BB66-D39B6BDBB067}"=""
"{5399C205-B3FD-4DD5-A704-6007F128AE48}"=""
"{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"=""
"{085B2E16-D5F2-4589-A54E-D62B827391EC}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-21 16:35:15
ComboFix-quarantined-files.txt 2012-05-21 14:35
.
Vor Suchlauf: 14 Verzeichnis(se), 210.135.871.488 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 210.167.934.976 Bytes frei
.
- - End Of File - - 5FDFBAEEA482AE16FEAFEDE3F8C650C9
Grüße Bebbo |
|
21.05.2012, 16:06
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> GMX wurde gehackt, Angst vor Trojaner |
|
21.05.2012, 17:38
| #22 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne, ich schon wieder ;-). aswMBR ist gelaufen: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-21 18:33:33
-----------------------------
18:33:33.456 OS Version: Windows x64 6.1.7601 Service Pack 1
18:33:33.456 Number of processors: 2 586 0x170A
18:33:33.456 ComputerName: xxx-PC UserName: xxx
18:33:35.266 Initialize success
18:33:42.286 AVAST engine defs: 12052100
18:33:47.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:47.918 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
18:33:47.980 Disk 0 MBR read successfully
18:33:47.980 Disk 0 MBR scan
18:33:47.980 Disk 0 Windows 7 default MBR code
18:33:47.996 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:33:48.011 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
18:33:48.058 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30800325
18:33:48.089 Disk 0 scanning C:\Windows\system32\drivers
18:34:07.605 Service scanning
18:34:40.958 Modules scanning
18:34:40.973 Disk 0 trace - called modules:
18:34:41.004 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:34:41.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c422e0]
18:34:41.020 3 CLASSPNP.SYS[fffff88001b7a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046e4060]
18:34:41.036 Scan finished successfully
18:34:59.303 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\malware\MBR.dat"
18:34:59.319 The log file has been saved successfully to "C:\Users\xxx\Desktop\malware\aswMBR.txt"
|
|
21.05.2012, 18:52
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2012, 15:48
| #24 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne, hier die Scans: SuperAntispyware: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 05/22/2012 bei 05:08 AM
Version der Applikation : 5.0.1148
Version der Kern-Datenbank : 8626
Version der Spur-Datenbank : 6438
Scan Art : kompletter Scann
Totale Scann-Zeit : 09:10:52
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Gescannte Speicherelemente : 730
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 68971
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 277867
Erfasste Datei-Elemente : 0
Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxx :: xxx-PC [Administrator] Schutz: Aktiviert 22.05.2012 06:18:11 mbam-log-2012-05-22 (06-18-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 520260 Laufzeit: 2 Stunde(n), 17 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Grüße Bebbo |
|
22.05.2012, 18:33
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Sieht ok aus, das Tool SUPERAntiSpyware hast du ja schon am Anfang ausgeführt und da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2012, 18:39
| #26 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne, das System läuft wie gewohnt. Es hat auch vor dem "Hack" keine Probleme gemacht. War was auf Grund der LOGs festzustellen? Die Unsicherheit, wie das Passwort gehackt wurde, bleibt. Wenn dieses System nun sauber ist, kann ich von diesem Rechner aus wenigstens meine Passwörter ändern. Grüße Bebbo |
|
22.05.2012, 19:27
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2012, 20:46
| #28 |
| | GMX wurde gehackt, Angst vor Trojaner Hallo Arne, vielen Dank für die Hilfe. Ich hoffe das wars mit dem Hacker. Grüße Bebbo |
|
| Themen zu GMX wurde gehackt, Angst vor Trojaner |
| check, ebay, einträge, folge, forum, gehackt, gelöst, gmx, hijack, hijack this, neu, neues, norton, passwort, problem, scan, scannen, sekunden, sicherheit, spybot, system, this, tracking, trojane, trojaner, unsicherheit |
Linear-Darstellung
