|
Log-Analyse und Auswertung: GMX wurde gehackt, Angst vor TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.05.2012, 11:16 | #16 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, habe eben den Upload durchgeführt. Grüße Bebbo |
21.05.2012, 11:24 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
21.05.2012, 11:50 | #18 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne,
__________________hier das TDSS Logfile: Code:
ATTFilter 12:44:25.0150 3128 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57 12:44:25.0169 3128 ============================================================ 12:44:25.0169 3128 Current date / time: 2012/05/21 12:44:25.0169 12:44:25.0169 3128 SystemInfo: 12:44:25.0169 3128 12:44:25.0169 3128 OS Version: 6.1.7601 ServicePack: 1.0 12:44:25.0169 3128 Product type: Workstation 12:44:25.0169 3128 ComputerName: ***-PC 12:44:25.0169 3128 UserName: *** 12:44:25.0170 3128 Windows directory: C:\Windows 12:44:25.0170 3128 System windows directory: C:\Windows 12:44:25.0170 3128 Running under WOW64 12:44:25.0170 3128 Processor architecture: Intel x64 12:44:25.0170 3128 Number of processors: 2 12:44:25.0170 3128 Page size: 0x1000 12:44:25.0170 3128 Boot type: Normal boot 12:44:25.0170 3128 ============================================================ 12:44:26.0868 3128 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:44:26.0879 3128 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:44:29.0929 3128 ============================================================ 12:44:29.0929 3128 \Device\Harddisk0\DR0: 12:44:29.0992 3128 MBR partitions: 12:44:29.0992 3128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 12:44:29.0992 3128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B 12:44:29.0992 3128 \Device\Harddisk1\DR1: 12:44:29.0993 3128 MBR partitions: 12:44:29.0993 3128 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x4A856E81 12:44:29.0993 3128 ============================================================ 12:44:30.0017 3128 C: <-> \Device\Harddisk0\DR0\Partition1 12:44:30.0049 3128 D: <-> \Device\Harddisk0\DR0\Partition0 12:44:30.0089 3128 G: <-> \Device\Harddisk1\DR1\Partition0 12:44:30.0089 3128 ============================================================ 12:44:30.0089 3128 Initialize success 12:44:30.0089 3128 ============================================================ 12:45:04.0109 5472 ============================================================ 12:45:04.0109 5472 Scan started 12:45:04.0109 5472 Mode: Manual; SigCheck; TDLFS; 12:45:04.0109 5472 ============================================================ 12:45:04.0914 5472 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 12:45:04.0999 5472 !SASCORE - ok 12:45:05.0559 5472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:45:05.0657 5472 1394ohci - ok 12:45:05.0800 5472 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 12:45:05.0822 5472 AAV UpdateService - ok 12:45:05.0899 5472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:45:05.0931 5472 ACPI - ok 12:45:05.0976 5472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:45:06.0075 5472 AcpiPmi - ok 12:45:06.0197 5472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:45:06.0214 5472 AdobeARMservice - ok 12:45:06.0388 5472 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:45:06.0420 5472 AdobeFlashPlayerUpdateSvc - ok 12:45:06.0501 5472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 12:45:06.0540 5472 adp94xx - ok 12:45:06.0600 5472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 12:45:06.0634 5472 adpahci - ok 12:45:06.0711 5472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 12:45:06.0740 5472 adpu320 - ok 12:45:06.0795 5472 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:45:06.0893 5472 AeLookupSvc - ok 12:45:07.0049 5472 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe 12:45:07.0140 5472 AESTFilters - ok 12:45:07.0243 5472 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:45:07.0318 5472 AFD - ok 12:45:07.0359 5472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:45:07.0391 5472 agp440 - ok 12:45:07.0454 5472 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:45:07.0539 5472 ALG - ok 12:45:07.0569 5472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:45:07.0593 5472 aliide - ok 12:45:07.0660 5472 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe 12:45:07.0769 5472 AMD External Events Utility - ok 12:45:07.0796 5472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:45:07.0820 5472 amdide - ok 12:45:07.0875 5472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 12:45:07.0926 5472 AmdK8 - ok 12:45:07.0963 5472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 12:45:08.0028 5472 AmdPPM - ok 12:45:08.0076 5472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:45:08.0102 5472 amdsata - ok 12:45:08.0129 5472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 12:45:08.0160 5472 amdsbs - ok 12:45:08.0191 5472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:45:08.0214 5472 amdxata - ok 12:45:08.0274 5472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:45:08.0367 5472 AppID - ok 12:45:08.0417 5472 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:45:08.0511 5472 AppIDSvc - ok 12:45:08.0600 5472 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:45:08.0702 5472 Appinfo - ok 12:45:08.0852 5472 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:45:08.0870 5472 Apple Mobile Device - ok 12:45:08.0942 5472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 12:45:08.0967 5472 arc - ok 12:45:09.0147 5472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 12:45:09.0252 5472 arcsas - ok 12:45:09.0295 5472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:45:09.0385 5472 AsyncMac - ok 12:45:09.0439 5472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:45:09.0462 5472 atapi - ok 12:45:09.0524 5472 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys 12:45:09.0568 5472 AtiHdmiService - ok 12:45:09.0987 5472 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys 12:45:10.0177 5472 atikmdag - ok 12:45:10.0457 5472 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:45:10.0564 5472 AudioEndpointBuilder - ok 12:45:10.0576 5472 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:45:10.0667 5472 AudioSrv - ok 12:45:10.0746 5472 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:45:10.0857 5472 AxInstSV - ok 12:45:11.0010 5472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 12:45:11.0081 5472 b06bdrv - ok 12:45:11.0158 5472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:45:11.0214 5472 b57nd60a - ok 12:45:11.0390 5472 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 12:45:11.0421 5472 BBSvc - ok 12:45:11.0512 5472 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 12:45:11.0542 5472 BBUpdate - ok 12:45:11.0616 5472 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:45:11.0691 5472 BDESVC - ok 12:45:11.0753 5472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:45:11.0857 5472 Beep - ok 12:45:11.0978 5472 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:45:12.0056 5472 BFE - ok 12:45:12.0337 5472 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys 12:45:12.0408 5472 BHDrvx64 - ok 12:45:12.0635 5472 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 12:45:12.0741 5472 BITS - ok 12:45:12.0872 5472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 12:45:12.0934 5472 blbdrive - ok 12:45:13.0123 5472 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 12:45:13.0147 5472 Bonjour Service - ok 12:45:13.0187 5472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:45:13.0244 5472 bowser - ok 12:45:13.0298 5472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:45:13.0363 5472 BrFiltLo - ok 12:45:13.0383 5472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:45:13.0413 5472 BrFiltUp - ok 12:45:13.0477 5472 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:45:13.0560 5472 Browser - ok 12:45:13.0603 5472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:45:13.0697 5472 Brserid - ok 12:45:13.0738 5472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:45:13.0797 5472 BrSerWdm - ok 12:45:13.0830 5472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:45:13.0885 5472 BrUsbMdm - ok 12:45:13.0905 5472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:45:13.0956 5472 BrUsbSer - ok 12:45:14.0015 5472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 12:45:14.0147 5472 BthEnum - ok 12:45:14.0169 5472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 12:45:14.0221 5472 BTHMODEM - ok 12:45:14.0456 5472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 12:45:14.0513 5472 BthPan - ok 12:45:14.0613 5472 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 12:45:14.0668 5472 BTHPORT - ok 12:45:14.0718 5472 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:45:14.0801 5472 bthserv - ok 12:45:14.0827 5472 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 12:45:14.0887 5472 BTHUSB - ok 12:45:14.0943 5472 btwaudio (e2677b9234e4c31055b940b70536d377) C:\Windows\system32\drivers\btwaudio.sys 12:45:14.0964 5472 btwaudio - ok 12:45:15.0003 5472 btwavdt (e59a0c091ae64063b53b9ac1294a3679) C:\Windows\system32\drivers\btwavdt.sys 12:45:15.0026 5472 btwavdt - ok 12:45:15.0227 5472 btwdins (51342b4a550b8d6d2fcafa5bc198e8c1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 12:45:15.0277 5472 btwdins - ok 12:45:15.0349 5472 btwl2cap (d33875ca5940f2e0ed06fb74d556e2db) C:\Windows\system32\DRIVERS\btwl2cap.sys 12:45:15.0368 5472 btwl2cap - ok 12:45:15.0391 5472 btwrchid (a465b855cef659655de80d012c2de761) C:\Windows\system32\DRIVERS\btwrchid.sys 12:45:15.0409 5472 btwrchid - ok 12:45:15.0472 5472 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS 12:45:15.0498 5472 BVRPMPR5a64 - ok 12:45:15.0606 5472 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys 12:45:15.0630 5472 ccSet_NAV - ok 12:45:15.0714 5472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:45:15.0804 5472 cdfs - ok 12:45:15.0872 5472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 12:45:15.0917 5472 cdrom - ok 12:45:15.0971 5472 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:45:16.0101 5472 CertPropSvc - ok 12:45:16.0180 5472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 12:45:16.0280 5472 circlass - ok 12:45:16.0359 5472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:45:16.0393 5472 CLFS - ok 12:45:16.0503 5472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:45:16.0525 5472 clr_optimization_v2.0.50727_32 - ok 12:45:16.0644 5472 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:45:16.0666 5472 clr_optimization_v2.0.50727_64 - ok 12:45:16.0758 5472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:45:16.0783 5472 clr_optimization_v4.0.30319_32 - ok 12:45:16.0845 5472 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:45:16.0868 5472 clr_optimization_v4.0.30319_64 - ok 12:45:16.0922 5472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 12:45:16.0967 5472 CmBatt - ok 12:45:17.0012 5472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:45:17.0035 5472 cmdide - ok 12:45:17.0094 5472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 12:45:17.0143 5472 CNG - ok 12:45:17.0222 5472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 12:45:17.0245 5472 Compbatt - ok 12:45:17.0290 5472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:45:17.0329 5472 CompositeBus - ok 12:45:17.0341 5472 COMSysApp - ok 12:45:17.0365 5472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 12:45:17.0388 5472 crcdisk - ok 12:45:17.0457 5472 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 12:45:17.0544 5472 CryptSvc - ok 12:45:17.0600 5472 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 12:45:17.0651 5472 CtClsFlt - ok 12:45:17.0756 5472 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:45:17.0851 5472 DcomLaunch - ok 12:45:17.0945 5472 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:45:18.0033 5472 defragsvc - ok 12:45:18.0084 5472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:45:18.0192 5472 DfsC - ok 12:45:18.0266 5472 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys 12:45:18.0290 5472 dg_ssudbus - ok 12:45:18.0387 5472 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:45:18.0475 5472 Dhcp - ok 12:45:18.0516 5472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:45:18.0615 5472 discache - ok 12:45:18.0670 5472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 12:45:18.0695 5472 Disk - ok 12:45:18.0732 5472 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:45:18.0816 5472 Dnscache - ok 12:45:18.0936 5472 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 12:45:19.0013 5472 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 12:45:19.0013 5472 DockLoginService - detected UnsignedFile.Multi.Generic (1) 12:45:19.0075 5472 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:45:19.0163 5472 dot3svc - ok 12:45:19.0207 5472 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:45:19.0295 5472 DPS - ok 12:45:19.0356 5472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:45:19.0386 5472 drmkaud - ok 12:45:19.0443 5472 DSI_SiUSBXp_3_1 (50aad2a07bd8b90a8cfb4f6d7a4d165a) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys 12:45:19.0472 5472 DSI_SiUSBXp_3_1 - ok 12:45:19.0613 5472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:45:19.0665 5472 DXGKrnl - ok 12:45:19.0721 5472 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:45:19.0808 5472 EapHost - ok 12:45:20.0093 5472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 12:45:20.0219 5472 ebdrv - ok 12:45:20.0367 5472 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 12:45:20.0410 5472 eeCtrl - ok 12:45:20.0573 5472 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:45:20.0681 5472 EFS - ok 12:45:20.0820 5472 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:45:20.0926 5472 ehRecvr - ok 12:45:20.0981 5472 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:45:21.0054 5472 ehSched - ok 12:45:21.0211 5472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 12:45:21.0251 5472 elxstor - ok 12:45:21.0390 5472 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:45:21.0412 5472 EraserUtilRebootDrv - ok 12:45:21.0438 5472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:45:21.0489 5472 ErrDev - ok 12:45:21.0592 5472 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:45:21.0701 5472 EventSystem - ok 12:45:21.0763 5472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:45:21.0850 5472 exfat - ok 12:45:21.0890 5472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:45:21.0983 5472 fastfat - ok 12:45:22.0110 5472 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:45:22.0167 5472 Fax - ok 12:45:22.0222 5472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 12:45:22.0249 5472 fdc - ok 12:45:22.0293 5472 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:45:22.0391 5472 fdPHost - ok 12:45:22.0415 5472 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:45:22.0504 5472 FDResPub - ok 12:45:22.0532 5472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:45:22.0557 5472 FileInfo - ok 12:45:22.0575 5472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:45:22.0673 5472 Filetrace - ok 12:45:22.0717 5472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 12:45:22.0741 5472 flpydisk - ok 12:45:22.0824 5472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:45:22.0856 5472 FltMgr - ok 12:45:22.0975 5472 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:45:23.0102 5472 FontCache - ok 12:45:23.0272 5472 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:45:23.0291 5472 FontCache3.0.0.0 - ok 12:45:23.0393 5472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:45:23.0418 5472 FsDepends - ok 12:45:23.0447 5472 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:45:23.0471 5472 Fs_Rec - ok 12:45:23.0542 5472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:45:23.0578 5472 fvevol - ok 12:45:23.0603 5472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:45:23.0628 5472 gagp30kx - ok 12:45:23.0658 5472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:45:23.0676 5472 GEARAspiWDM - ok 12:45:23.0773 5472 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:45:23.0887 5472 gpsvc - ok 12:45:23.0915 5472 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys 12:45:23.0935 5472 grmnusb - ok 12:45:24.0066 5472 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:45:24.0088 5472 gupdate - ok 12:45:24.0105 5472 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:45:24.0124 5472 gupdatem - ok 12:45:24.0168 5472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:45:24.0220 5472 hcw85cir - ok 12:45:24.0290 5472 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 12:45:24.0353 5472 HdAudAddService - ok 12:45:24.0407 5472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:45:24.0460 5472 HDAudBus - ok 12:45:24.0511 5472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 12:45:24.0548 5472 HidBatt - ok 12:45:24.0587 5472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 12:45:24.0657 5472 HidBth - ok 12:45:24.0696 5472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 12:45:24.0726 5472 HidIr - ok 12:45:24.0770 5472 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 12:45:24.0845 5472 hidserv - ok 12:45:24.0890 5472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 12:45:24.0915 5472 HidUsb - ok 12:45:24.0966 5472 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:45:25.0075 5472 hkmsvc - ok 12:45:25.0139 5472 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:45:25.0193 5472 HomeGroupListener - ok 12:45:25.0260 5472 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:45:25.0314 5472 HomeGroupProvider - ok 12:45:25.0364 5472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:45:25.0392 5472 HpSAMD - ok 12:45:25.0499 5472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:45:25.0600 5472 HTTP - ok 12:45:25.0646 5472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:45:25.0669 5472 hwpolicy - ok 12:45:25.0731 5472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 12:45:25.0757 5472 i8042prt - ok 12:45:25.0823 5472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:45:25.0858 5472 iaStorV - ok 12:45:26.0014 5472 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 12:45:26.0039 5472 IDriverT ( UnsignedFile.Multi.Generic ) - warning 12:45:26.0039 5472 IDriverT - detected UnsignedFile.Multi.Generic (1) 12:45:26.0269 5472 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:45:26.0313 5472 idsvc - ok 12:45:26.0561 5472 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120518.001\IDSvia64.sys 12:45:26.0591 5472 IDSVia64 - ok 12:45:26.0767 5472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 12:45:26.0792 5472 iirsp - ok 12:45:26.0935 5472 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:45:27.0042 5472 IKEEXT - ok 12:45:27.0078 5472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:45:27.0102 5472 intelide - ok 12:45:27.0174 5472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:45:27.0218 5472 intelppm - ok 12:45:27.0303 5472 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:45:27.0415 5472 IPBusEnum - ok 12:45:27.0511 5472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:45:27.0621 5472 IpFilterDriver - ok 12:45:27.0712 5472 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:45:27.0825 5472 iphlpsvc - ok 12:45:27.0862 5472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:45:27.0927 5472 IPMIDRV - ok 12:45:27.0985 5472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:45:28.0075 5472 IPNAT - ok 12:45:28.0149 5472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:45:28.0210 5472 IRENUM - ok 12:45:28.0286 5472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:45:28.0311 5472 isapnp - ok 12:45:28.0383 5472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 12:45:28.0414 5472 iScsiPrt - ok 12:45:28.0503 5472 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys 12:45:28.0579 5472 k57nd60a - ok 12:45:28.0641 5472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 12:45:28.0687 5472 kbdclass - ok 12:45:28.0737 5472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:45:28.0797 5472 kbdhid - ok 12:45:28.0848 5472 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:45:28.0873 5472 KeyIso - ok 12:45:28.0925 5472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 12:45:28.0950 5472 KSecDD - ok 12:45:29.0001 5472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 12:45:29.0028 5472 KSecPkg - ok 12:45:29.0086 5472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:45:29.0189 5472 ksthunk - ok 12:45:29.0252 5472 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:45:29.0373 5472 KtmRm - ok 12:45:29.0771 5472 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 12:45:29.0886 5472 LanmanServer - ok 12:45:29.0938 5472 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:45:30.0033 5472 LanmanWorkstation - ok 12:45:30.0173 5472 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 12:45:30.0217 5472 LBTServ - ok 12:45:30.0281 5472 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys 12:45:30.0321 5472 LHidFilt - ok 12:45:30.0379 5472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:45:30.0467 5472 lltdio - ok 12:45:30.0551 5472 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:45:30.0672 5472 lltdsvc - ok 12:45:30.0716 5472 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:45:30.0809 5472 lmhosts - ok 12:45:30.0885 5472 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys 12:45:30.0904 5472 LMouFilt - ok 12:45:30.0949 5472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:45:30.0997 5472 LSI_FC - ok 12:45:31.0079 5472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:45:31.0104 5472 LSI_SAS - ok 12:45:31.0125 5472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:45:31.0151 5472 LSI_SAS2 - ok 12:45:31.0208 5472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:45:31.0235 5472 LSI_SCSI - ok 12:45:31.0265 5472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:45:31.0353 5472 luafv - ok 12:45:31.0424 5472 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys 12:45:31.0444 5472 LUsbFilt - ok 12:45:31.0551 5472 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 12:45:31.0575 5472 MBAMProtector - ok 12:45:31.0685 5472 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:45:31.0722 5472 MBAMService - ok 12:45:31.0779 5472 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:45:31.0831 5472 Mcx2Svc - ok 12:45:31.0894 5472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 12:45:31.0918 5472 megasas - ok 12:45:31.0949 5472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 12:45:31.0980 5472 MegaSR - ok 12:45:32.0050 5472 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:45:32.0135 5472 MMCSS - ok 12:45:32.0187 5472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:45:32.0285 5472 Modem - ok 12:45:32.0324 5472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:45:32.0375 5472 monitor - ok 12:45:32.0430 5472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 12:45:32.0455 5472 mouclass - ok 12:45:32.0483 5472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:45:32.0540 5472 mouhid - ok 12:45:32.0591 5472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:45:32.0618 5472 mountmgr - ok 12:45:32.0730 5472 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:45:32.0754 5472 MozillaMaintenance - ok 12:45:32.0798 5472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:45:32.0827 5472 mpio - ok 12:45:32.0876 5472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:45:32.0943 5472 mpsdrv - ok 12:45:33.0049 5472 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:45:33.0130 5472 MpsSvc - ok 12:45:33.0191 5472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:45:33.0250 5472 MRxDAV - ok 12:45:33.0295 5472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:45:33.0345 5472 mrxsmb - ok 12:45:33.0380 5472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:45:33.0425 5472 mrxsmb10 - ok 12:45:33.0449 5472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:45:33.0476 5472 mrxsmb20 - ok 12:45:33.0508 5472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:45:33.0531 5472 msahci - ok 12:45:33.0576 5472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:45:33.0604 5472 msdsm - ok 12:45:33.0659 5472 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:45:33.0716 5472 MSDTC - ok 12:45:33.0798 5472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:45:33.0863 5472 Msfs - ok 12:45:33.0879 5472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:45:33.0971 5472 mshidkmdf - ok 12:45:34.0010 5472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:45:34.0034 5472 msisadrv - ok 12:45:34.0111 5472 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:45:34.0212 5472 MSiSCSI - ok 12:45:34.0218 5472 msiserver - ok 12:45:34.0264 5472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:45:34.0363 5472 MSKSSRV - ok 12:45:34.0402 5472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:45:34.0494 5472 MSPCLOCK - ok 12:45:34.0517 5472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:45:34.0606 5472 MSPQM - ok 12:45:34.0679 5472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:45:34.0723 5472 MsRPC - ok 12:45:34.0756 5472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:45:34.0780 5472 mssmbios - ok 12:45:34.0806 5472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:45:34.0898 5472 MSTEE - ok 12:45:34.0958 5472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 12:45:34.0983 5472 MTConfig - ok 12:45:35.0001 5472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:45:35.0026 5472 Mup - ok 12:45:35.0110 5472 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:45:35.0211 5472 napagent - ok 12:45:35.0329 5472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:45:35.0397 5472 NativeWifiP - ok 12:45:35.0536 5472 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe 12:45:35.0559 5472 NAV - ok 12:45:35.0785 5472 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120520.009\ENG64.SYS 12:45:35.0804 5472 NAVENG - ok 12:45:35.0985 5472 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120520.009\EX64.SYS 12:45:36.0054 5472 NAVEX15 - ok 12:45:37.0191 5472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:45:37.0242 5472 NDIS - ok 12:45:37.0298 5472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:45:37.0390 5472 NdisCap - ok 12:45:37.0426 5472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:45:37.0517 5472 NdisTapi - ok 12:45:37.0566 5472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:45:37.0655 5472 Ndisuio - ok 12:45:37.0711 5472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:45:37.0805 5472 NdisWan - ok 12:45:37.0885 5472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:45:37.0963 5472 NDProxy - ok 12:45:38.0037 5472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:45:38.0141 5472 NetBIOS - ok 12:45:38.0465 5472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:45:38.0545 5472 NetBT - ok 12:45:38.0618 5472 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:45:38.0642 5472 Netlogon - ok 12:45:38.0849 5472 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:45:38.0960 5472 Netman - ok 12:45:39.0089 5472 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:45:39.0212 5472 netprofm - ok 12:45:39.0358 5472 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:45:39.0380 5472 NetTcpPortSharing - ok 12:45:39.0801 5472 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 12:45:39.0949 5472 netw5v64 - ok 12:45:40.0183 5472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 12:45:40.0207 5472 nfrd960 - ok 12:45:40.0292 5472 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:45:40.0383 5472 NlaSvc - ok 12:45:40.0405 5472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:45:40.0471 5472 Npfs - ok 12:45:40.0529 5472 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:45:40.0626 5472 nsi - ok 12:45:40.0685 5472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:45:40.0776 5472 nsiproxy - ok 12:45:40.0956 5472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:45:41.0030 5472 Ntfs - ok 12:45:41.0264 5472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:45:41.0354 5472 Null - ok 12:45:41.0391 5472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:45:41.0418 5472 nvraid - ok 12:45:41.0444 5472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:45:41.0472 5472 nvstor - ok 12:45:41.0507 5472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:45:41.0533 5472 nv_agp - ok 12:45:41.0596 5472 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys 12:45:41.0619 5472 OA008Ufd - ok 12:45:41.0664 5472 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys 12:45:41.0720 5472 OA008Vid - ok 12:45:41.0796 5472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:45:41.0842 5472 ohci1394 - ok 12:45:41.0939 5472 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:45:41.0965 5472 ose - ok 12:45:42.0407 5472 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:45:42.0609 5472 osppsvc - ok 12:45:42.0845 5472 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:45:42.0955 5472 p2pimsvc - ok 12:45:43.0054 5472 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:45:43.0119 5472 p2psvc - ok 12:45:43.0237 5472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 12:45:43.0264 5472 Parport - ok 12:45:43.0333 5472 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 12:45:43.0359 5472 partmgr - ok 12:45:43.0458 5472 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:45:43.0545 5472 PcaSvc - ok 12:45:43.0854 5472 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms 12:45:43.0874 5472 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok 12:45:43.0939 5472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:45:43.0968 5472 pci - ok 12:45:44.0040 5472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:45:44.0063 5472 pciide - ok 12:45:44.0128 5472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 12:45:44.0158 5472 pcmcia - ok 12:45:44.0190 5472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:45:44.0215 5472 pcw - ok 12:45:44.0282 5472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:45:44.0387 5472 PEAUTH - ok 12:45:44.0524 5472 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:45:44.0569 5472 PerfHost - ok 12:45:44.0722 5472 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:45:44.0897 5472 pla - ok 12:45:44.0957 5472 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:45:45.0003 5472 PlugPlay - ok 12:45:45.0049 5472 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:45:45.0086 5472 PNRPAutoReg - ok 12:45:45.0130 5472 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:45:45.0165 5472 PNRPsvc - ok 12:45:45.0255 5472 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:45:45.0349 5472 PolicyAgent - ok 12:45:45.0421 5472 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:45:45.0516 5472 Power - ok 12:45:45.0631 5472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:45:45.0727 5472 PptpMiniport - ok 12:45:45.0809 5472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 12:45:45.0857 5472 Processor - ok 12:45:45.0943 5472 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 12:45:46.0036 5472 ProfSvc - ok 12:45:46.0080 5472 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:45:46.0104 5472 ProtectedStorage - ok 12:45:46.0175 5472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:45:46.0240 5472 Psched - ok 12:45:46.0350 5472 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 12:45:46.0371 5472 PSI_SVC_2 - ok 12:45:46.0406 5472 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 12:45:46.0428 5472 PxHlpa64 - ok 12:45:46.0568 5472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 12:45:46.0650 5472 ql2300 - ok 12:45:46.0913 5472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 12:45:46.0941 5472 ql40xx - ok 12:45:47.0044 5472 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:45:47.0082 5472 QWAVE - ok 12:45:47.0145 5472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:45:47.0194 5472 QWAVEdrv - ok 12:45:47.0217 5472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:45:47.0283 5472 RasAcd - ok 12:45:47.0340 5472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:45:47.0408 5472 RasAgileVpn - ok 12:45:47.0473 5472 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:45:47.0560 5472 RasAuto - ok 12:45:47.0606 5472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:45:47.0699 5472 Rasl2tp - ok 12:45:47.0776 5472 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:45:47.0848 5472 RasMan - ok 12:45:47.0919 5472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:45:48.0004 5472 RasPppoe - ok 12:45:48.0035 5472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:45:48.0122 5472 RasSstp - ok 12:45:48.0191 5472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:45:48.0285 5472 rdbss - ok 12:45:48.0319 5472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 12:45:48.0367 5472 rdpbus - ok 12:45:48.0399 5472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:45:48.0487 5472 RDPCDD - ok 12:45:48.0524 5472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:45:48.0619 5472 RDPENCDD - ok 12:45:48.0658 5472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:45:48.0724 5472 RDPREFMP - ok 12:45:48.0824 5472 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 12:45:48.0919 5472 RDPWD - ok 12:45:48.0993 5472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:45:49.0022 5472 rdyboost - ok 12:45:49.0081 5472 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:45:49.0185 5472 RemoteAccess - ok 12:45:49.0251 5472 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:45:49.0345 5472 RemoteRegistry - ok 12:45:49.0412 5472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 12:45:49.0468 5472 RFCOMM - ok 12:45:49.0554 5472 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys 12:45:49.0593 5472 rimmptsk - ok 12:45:49.0623 5472 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys 12:45:49.0643 5472 rimsptsk - ok 12:45:49.0666 5472 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys 12:45:49.0707 5472 rismxdp - ok 12:45:49.0781 5472 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:45:49.0865 5472 RpcEptMapper - ok 12:45:49.0924 5472 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:45:49.0973 5472 RpcLocator - ok 12:45:50.0064 5472 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:45:50.0137 5472 RpcSs - ok 12:45:50.0181 5472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:45:50.0249 5472 rspndr - ok 12:45:50.0279 5472 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:45:50.0304 5472 SamSs - ok 12:45:50.0426 5472 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 12:45:50.0444 5472 SASDIFSV - ok 12:45:50.0469 5472 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 12:45:50.0488 5472 SASKUTIL - ok 12:45:50.0528 5472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:45:50.0554 5472 sbp2port - ok 12:45:50.0779 5472 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 12:45:50.0826 5472 SBSDWSCService - ok 12:45:50.0899 5472 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:45:50.0998 5472 SCardSvr - ok 12:45:51.0089 5472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:45:51.0183 5472 scfilter - ok 12:45:51.0348 5472 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:45:51.0462 5472 Schedule - ok 12:45:51.0522 5472 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:45:51.0585 5472 SCPolicySvc - ok 12:45:51.0637 5472 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 12:45:51.0677 5472 sdbus - ok 12:45:51.0707 5472 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:45:51.0753 5472 SDRSVC - ok 12:45:51.0849 5472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:45:51.0938 5472 secdrv - ok 12:45:52.0001 5472 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:45:52.0079 5472 seclogon - ok 12:45:52.0137 5472 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 12:45:52.0234 5472 SENS - ok 12:45:52.0264 5472 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:45:52.0352 5472 SensrSvc - ok 12:45:52.0379 5472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 12:45:52.0431 5472 Serenum - ok 12:45:52.0498 5472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 12:45:52.0525 5472 Serial - ok 12:45:52.0563 5472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 12:45:52.0612 5472 sermouse - ok 12:45:52.0671 5472 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:45:52.0738 5472 SessionEnv - ok 12:45:52.0851 5472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 12:45:52.0920 5472 sffdisk - ok 12:45:52.0940 5472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:45:52.0988 5472 sffp_mmc - ok 12:45:52.0996 5472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys 12:45:53.0034 5472 sffp_sd - ok 12:45:53.0086 5472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 12:45:53.0110 5472 sfloppy - ok 12:45:53.0192 5472 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:45:53.0288 5472 SharedAccess - ok 12:45:53.0359 5472 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:45:53.0430 5472 ShellHWDetection - ok 12:45:53.0485 5472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:45:53.0509 5472 SiSRaid2 - ok 12:45:53.0532 5472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 12:45:53.0558 5472 SiSRaid4 - ok 12:45:53.0599 5472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:45:53.0688 5472 Smb - ok 12:45:53.0759 5472 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:45:53.0816 5472 SNMPTRAP - ok 12:45:53.0844 5472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:45:53.0868 5472 spldr - ok 12:45:53.0963 5472 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:45:54.0044 5472 Spooler - ok 12:45:54.0342 5472 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:45:54.0508 5472 sppsvc - ok 12:45:54.0690 5472 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:45:54.0783 5472 sppuinotify - ok 12:45:54.0971 5472 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS 12:45:55.0011 5472 SRTSP - ok 12:45:55.0034 5472 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS 12:45:55.0053 5472 SRTSPX - ok 12:45:55.0117 5472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:45:55.0196 5472 srv - ok 12:45:55.0248 5472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:45:55.0311 5472 srv2 - ok 12:45:55.0380 5472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:45:55.0442 5472 srvnet - ok 12:45:55.0531 5472 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:45:55.0630 5472 SSDPSRV - ok 12:45:55.0672 5472 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:45:55.0742 5472 SstpSvc - ok 12:45:55.0800 5472 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys 12:45:55.0825 5472 ssudmdm - ok 12:45:55.0994 5472 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 12:45:56.0032 5472 STacSV - ok 12:45:56.0085 5472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 12:45:56.0109 5472 stexstor - ok 12:45:56.0185 5472 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys 12:45:56.0217 5472 STHDA - ok 12:45:56.0317 5472 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:45:56.0365 5472 stisvc - ok 12:45:56.0500 5472 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 12:45:56.0520 5472 stllssvr - ok 12:45:56.0558 5472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:45:56.0581 5472 swenum - ok 12:45:56.0665 5472 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:45:56.0764 5472 swprv - ok 12:45:56.0870 5472 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS 12:45:56.0901 5472 SymDS - ok 12:45:57.0007 5472 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS 12:45:57.0058 5472 SymEFA - ok 12:45:57.0104 5472 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 12:45:57.0128 5472 SymEvent - ok 12:45:57.0167 5472 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS 12:45:57.0190 5472 SymIRON - ok 12:45:57.0274 5472 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS 12:45:57.0305 5472 SymNetS - ok 12:45:57.0376 5472 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys 12:45:57.0404 5472 SynTP - ok 12:45:57.0585 5472 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:45:57.0693 5472 SysMain - ok 12:45:57.0875 5472 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:45:57.0933 5472 TabletInputService - ok 12:45:57.0994 5472 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:45:58.0091 5472 TapiSrv - ok 12:45:58.0135 5472 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:45:58.0203 5472 TBS - ok 12:45:58.0426 5472 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 12:45:58.0506 5472 Tcpip - ok 12:45:58.0855 5472 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 12:45:58.0941 5472 TCPIP6 - ok 12:45:59.0163 5472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:45:59.0237 5472 tcpipreg - ok 12:45:59.0304 5472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:45:59.0345 5472 TDPIPE - ok 12:45:59.0384 5472 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:45:59.0431 5472 TDTCP - ok 12:45:59.0505 5472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:45:59.0575 5472 tdx - ok 12:45:59.0839 5472 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 12:45:59.0935 5472 TeamViewer6 - ok 12:46:00.0148 5472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:46:00.0172 5472 TermDD - ok 12:46:00.0281 5472 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:46:00.0377 5472 TermService - ok 12:46:00.0427 5472 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:46:00.0485 5472 Themes - ok 12:46:00.0536 5472 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:46:00.0605 5472 THREADORDER - ok 12:46:00.0627 5472 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:46:00.0729 5472 TrkWks - ok 12:46:00.0841 5472 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:46:00.0928 5472 TrustedInstaller - ok 12:46:00.0988 5472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:46:01.0052 5472 tssecsrv - ok 12:46:01.0140 5472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:46:01.0207 5472 TsUsbFlt - ok 12:46:01.0289 5472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:46:01.0378 5472 tunnel - ok 12:46:01.0422 5472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 12:46:01.0450 5472 uagp35 - ok 12:46:01.0524 5472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:46:01.0594 5472 udfs - ok 12:46:01.0656 5472 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:46:01.0713 5472 UI0Detect - ok 12:46:01.0776 5472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:46:01.0800 5472 uliagpkx - ok 12:46:01.0839 5472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 12:46:01.0892 5472 umbus - ok 12:46:01.0931 5472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 12:46:01.0956 5472 UmPass - ok 12:46:02.0042 5472 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:46:02.0117 5472 upnphost - ok 12:46:02.0157 5472 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 12:46:02.0232 5472 USBAAPL64 - ok 12:46:02.0270 5472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:46:02.0318 5472 usbccgp - ok 12:46:02.0383 5472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:46:02.0438 5472 usbcir - ok 12:46:02.0502 5472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 12:46:02.0547 5472 usbehci - ok 12:46:02.0615 5472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:46:02.0677 5472 usbhub - ok 12:46:02.0723 5472 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 12:46:02.0784 5472 usbohci - ok 12:46:02.0832 5472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:46:02.0863 5472 usbprint - ok 12:46:02.0893 5472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:46:02.0930 5472 USBSTOR - ok 12:46:02.0975 5472 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:46:03.0025 5472 usbuhci - ok 12:46:03.0068 5472 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:46:03.0136 5472 UxSms - ok 12:46:03.0166 5472 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:46:03.0191 5472 VaultSvc - ok 12:46:03.0221 5472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:46:03.0244 5472 vdrvroot - ok 12:46:03.0328 5472 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:46:03.0408 5472 vds - ok 12:46:03.0473 5472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:46:03.0502 5472 vga - ok 12:46:03.0526 5472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:46:03.0619 5472 VgaSave - ok 12:46:03.0680 5472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:46:03.0709 5472 vhdmp - ok 12:46:03.0745 5472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:46:03.0769 5472 viaide - ok 12:46:03.0790 5472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:46:03.0815 5472 volmgr - ok 12:46:03.0889 5472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:46:03.0923 5472 volmgrx - ok 12:46:03.0971 5472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:46:04.0003 5472 volsnap - ok 12:46:04.0051 5472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 12:46:04.0079 5472 vsmraid - ok 12:46:04.0249 5472 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:46:04.0377 5472 VSS - ok 12:46:04.0589 5472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 12:46:04.0647 5472 vwifibus - ok 12:46:04.0718 5472 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:46:04.0793 5472 W32Time - ok 12:46:04.0844 5472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 12:46:04.0901 5472 WacomPen - ok 12:46:04.0990 5472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:46:05.0066 5472 WANARP - ok 12:46:05.0072 5472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:46:05.0135 5472 Wanarpv6 - ok 12:46:05.0302 5472 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:46:05.0402 5472 wbengine - ok 12:46:05.0619 5472 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:46:05.0659 5472 WbioSrvc - ok 12:46:05.0747 5472 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:46:05.0791 5472 wcncsvc - ok 12:46:05.0851 5472 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:46:05.0891 5472 WcsPlugInService - ok 12:46:05.0990 5472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 12:46:06.0014 5472 Wd - ok 12:46:06.0091 5472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:46:06.0134 5472 Wdf01000 - ok 12:46:06.0160 5472 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:46:06.0261 5472 WdiServiceHost - ok 12:46:06.0267 5472 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:46:06.0302 5472 WdiSystemHost - ok 12:46:06.0358 5472 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:46:06.0423 5472 WebClient - ok 12:46:06.0495 5472 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:46:06.0576 5472 Wecsvc - ok 12:46:06.0606 5472 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:46:06.0680 5472 wercplsupport - ok 12:46:06.0713 5472 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:46:06.0803 5472 WerSvc - ok 12:46:06.0894 5472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:46:06.0959 5472 WfpLwf - ok 12:46:06.0974 5472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:46:06.0999 5472 WIMMount - ok 12:46:07.0073 5472 WinDefend - ok 12:46:07.0084 5472 WinHttpAutoProxySvc - ok 12:46:07.0188 5472 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:46:07.0279 5472 Winmgmt - ok 12:46:07.0474 5472 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:46:07.0584 5472 WinRM - ok 12:46:07.0820 5472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 12:46:07.0877 5472 WinUsb - ok 12:46:07.0982 5472 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:46:08.0041 5472 Wlansvc - ok 12:46:08.0081 5472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:46:08.0132 5472 WmiAcpi - ok 12:46:08.0252 5472 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:46:08.0300 5472 wmiApSrv - ok 12:46:08.0395 5472 WMPNetworkSvc - ok 12:46:08.0442 5472 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:46:08.0474 5472 WPCSvc - ok 12:46:08.0526 5472 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:46:08.0580 5472 WPDBusEnum - ok 12:46:08.0751 5472 WPFFontCache_v0400 - ok 12:46:08.0808 5472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:46:08.0874 5472 ws2ifsl - ok 12:46:08.0929 5472 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 12:46:08.0992 5472 wscsvc - ok 12:46:08.0998 5472 WSearch - ok 12:46:09.0211 5472 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 12:46:09.0341 5472 wuauserv - ok 12:46:09.0584 5472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:46:09.0649 5472 WudfPf - ok 12:46:09.0698 5472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:46:09.0795 5472 WUDFRd - ok 12:46:09.0849 5472 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:46:09.0914 5472 wudfsvc - ok 12:46:09.0994 5472 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:46:10.0033 5472 WwanSvc - ok 12:46:10.0151 5472 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl 12:46:10.0175 5472 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok 12:46:10.0197 5472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:46:10.0665 5472 \Device\Harddisk0\DR0 - ok 12:46:10.0672 5472 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 12:46:11.0162 5472 \Device\Harddisk1\DR1 - ok 12:46:11.0198 5472 Boot (0x1200) (699f28e2b509ca731fb222c61422522b) \Device\Harddisk0\DR0\Partition0 12:46:11.0200 5472 \Device\Harddisk0\DR0\Partition0 - ok 12:46:11.0252 5472 Boot (0x1200) (dcb6f73aad02d042208e1217c330639d) \Device\Harddisk0\DR0\Partition1 12:46:11.0254 5472 \Device\Harddisk0\DR0\Partition1 - ok 12:46:11.0266 5472 Boot (0x1200) (bec0b541cff9114c5f3fff374edbfb77) \Device\Harddisk1\DR1\Partition0 12:46:11.0269 5472 \Device\Harddisk1\DR1\Partition0 - ok 12:46:11.0270 5472 ============================================================ 12:46:11.0270 5472 Scan finished 12:46:11.0270 5472 ============================================================ 12:46:11.0288 3408 Detected object count: 2 12:46:11.0288 3408 Actual detected object count: 2 12:46:31.0648 3408 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 12:46:31.0648 3408 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:46:31.0649 3408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 12:46:31.0649 3408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
21.05.2012, 12:01 | #19 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.05.2012, 15:43 | #20 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, nachfolgend das CF-Logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-05-20.10 - xxx 21.05.2012 16:18:21.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.2700 [GMT 2:00] ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk c:\windows\SysWow64\system32 c:\windows\SysWow64\system32\3DAudio.ax c:\windows\SysWow64\system32\avrt.dll c:\windows\SysWow64\system32\cis-2.4.dll c:\windows\SysWow64\system32\issacapi_bs-2.3.dll c:\windows\SysWow64\system32\issacapi_pe-2.3.dll c:\windows\SysWow64\system32\issacapi_se-2.3.dll c:\windows\SysWow64\system32\MACXMLProto.dll c:\windows\SysWow64\system32\MaDRM.dll c:\windows\SysWow64\system32\MaJGUILib.dll c:\windows\SysWow64\system32\MAMACExtract.dll c:\windows\SysWow64\system32\MASetupCleaner.exe c:\windows\SysWow64\system32\MaXMLProto.dll c:\windows\SysWow64\system32\mfplat.dll c:\windows\SysWow64\system32\MK_Lyric.dll c:\windows\SysWow64\system32\MSCLib.dll c:\windows\SysWow64\system32\MSFLib.dll c:\windows\SysWow64\system32\MSLUR71.dll c:\windows\SysWow64\system32\msvcp60.dll c:\windows\SysWow64\system32\MTTELECHIP.dll c:\windows\SysWow64\system32\MTXSYNCICON.dll c:\windows\SysWow64\system32\muzaf1.dll c:\windows\SysWow64\system32\muzapp.dll c:\windows\SysWow64\system32\muzapp.exe c:\windows\SysWow64\system32\muzdecode.ax c:\windows\SysWow64\system32\muzeffect.ax c:\windows\SysWow64\system32\muzmp4sp.ax c:\windows\SysWow64\system32\muzmpgsp.ax c:\windows\SysWow64\system32\muzoggsp.ax c:\windows\SysWow64\system32\muzwmts.dll c:\windows\SysWow64\system32\psapi.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-21 bis 2012-05-21 )))))))))))))))))))))))))))))) . . 2012-05-21 14:30 . 2012-05-21 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-21 14:30 . 2012-05-21 14:30 -------- d-----w- c:\users\xxx_std\AppData\Local\temp 2012-05-20 19:49 . 2012-05-21 10:12 -------- d-----w- C:\_OTL 2012-05-20 19:04 . 2012-05-20 19:04 -------- d-----w- c:\users\xxx\AppData\Local\Diagnostics 2012-05-18 06:26 . 2012-05-18 06:26 -------- d-----w- c:\program files (x86)\ESET 2012-05-18 06:22 . 2012-05-18 06:22 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307010.005 2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes 2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\programdata\Malwarebytes 2012-05-17 20:31 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-17 20:31 . 2012-05-17 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-17 12:37 . 2012-05-17 12:37 -------- d-----w- c:\users\xxx\AppData\Local\NPE 2012-05-17 09:36 . 2012-05-17 09:36 -------- d-----w- c:\users\xxx\AppData\Roaming\SUPERAntiSpyware.com 2012-05-17 09:35 . 2012-05-17 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-05-17 09:35 . 2012-05-17 09:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-05-14 20:13 . 2012-05-14 20:13 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-14 20:13 . 2012-05-14 20:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-14 18:56 . 2012-05-14 18:57 -------- d-----w- c:\users\xxx\AppData\Roaming\TCXConverter 2012-05-14 18:56 . 2012-05-14 18:56 -------- d-----w- c:\program files (x86)\TCX Converter 2012-05-14 18:33 . 2012-05-14 18:33 -------- d-----w- c:\users\xxx\AppData\Local\ZoneFiveSoftware 2012-05-14 18:28 . 2012-05-14 18:28 -------- d-----w- c:\program files (x86)\Zone Five Software 2012-05-14 18:28 . 2012-05-14 18:28 -------- d-----w- c:\programdata\ZoneFiveSoftware 2012-05-10 14:05 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 14:05 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 14:05 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-10 14:04 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-10 14:04 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-10 14:04 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-10 14:04 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 14:04 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-10 14:04 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-10 14:04 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 14:04 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-10 14:04 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 14:04 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 18:46 . 2012-05-08 18:46 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-08 18:45 . 2012-05-08 18:45 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-08 18:45 . 2012-05-08 18:45 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-25 16:07 . 2012-04-25 16:07 -------- d-----w- c:\users\xxx\AppData\Roaming\Reallusion 2012-04-24 15:18 . 2012-05-09 17:06 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-17 20:27 . 2012-04-18 16:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-17 20:27 . 2011-12-12 18:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-27 15:03 . 2009-09-13 13:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-01 06:46 . 2012-04-11 18:20 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 18:20 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 18:20 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 18:20 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 18:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 18:20 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 18:20 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 18:28 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 18:28 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 18:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 18:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 18:28 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 18:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 18:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 18:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-26 21416] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416] "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-20 4786048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-07-15 371712] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624] "LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\xxx_std\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096] . c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-18 1066536] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-14 1207312] Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120518.001\IDSvia64.sys [2012-04-28 488568] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/12/25 16:00];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 19:19 146928] S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360] S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x] S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 13888393 *Deregistered* - 13888393 . Inhalt des "geplante Tasks" Ordners . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 20:27] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 11:41] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 11:41] . 2012-05-20 c:\windows\Tasks\Norton Security Scan for xxx.job - c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-16 07:48] . 2012-05-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . 2012-05-21 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\194ydjbi.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels] @Denied: (C D) (Everyone) "ccSvcHst_UserSession_3204"="{35374657-E11B-4AC6-A0BC-3E92348FB54B}" "ccSvcHst_UserSession_3516"="{B18740F0-C773-4280-BB3B-70FBD9418B2F}" "ccSvcHst_UserSession_1908"="{E69B2C01-8AFF-4377-84C2-6823E89D3788}" "ccSettingsService"="{7C1C56A6-9B37-43C5-A91F-9A773E028040}" "{A1B48937-0778-4e7c-885B-271F65B485D2}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccSvcHst_UserSession_2088"="{3101D372-6131-44AA-A7C0-769BD028072A}" "ccSvcHst_UserSession_3060"="{E2F0955D-2D12-4EA3-BC53-132F91064023}" "ccSvcHst_UserSession2_2800"="{80E39866-2E9B-46BE-901B-F2AD2AB7B1D1}" "ccSvcHst_NAV"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccSvcHst_UserSession_1116"="{122E218E-76E1-40B4-B396-33B1907F9657}" "ccSvcHst_UserSession_1208"="{4D177A91-D1A2-4A0E-A9B6-21ACA6FB8299}" "ncw_reputation_scan_server_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccSvcHst_UserSession_1160"="{1E7FEEA0-CDB6-42B2-A76B-8F6DCED8A552}" "DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccSvcHst_UserSession2_3040"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "ccGenericEvent_Global_EM"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccGenericEvent_Global_LM"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccGenericLog_Manager"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "SNDServiceRequestChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "SNDLocationChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "SymRedirSvcRequestChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "NortonNetServiceIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "NetMapServiceIPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_isDataPrComm_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "ncw_performance_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_NCWSvcComm_NortonCommunityWatchConfiguration"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_ProcessDetection_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_AvProdSvcComm_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "isError_Service_IPC"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "BashIPCChannel"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_ISPOCClient_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_IDataStoreMgr_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_NortonOnlineCommFeatureRequest_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "_HSPlayerCommand_"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "FWAlert"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "IPS_COMMAND_CHANNEL"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" "AvProdSession_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "AvProdSession_Options_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "AvProdSession_MessageCenter_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "AvProdSession_Scanless_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "AvProdSession_IPUA_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "AvProdSession_CanIRun_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "clt::AlertChannel2_01"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "TRUSTCHANNEL"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "SDKCHANNEL1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "ToasterNotify\\SessionID_1"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "_IPCChannel_PerformAutoLogin_1_"="{085B2E16-D5F2-4589-A54E-D62B827391EC}" "_ReputationSvcComm_ReputationPublisher"="{E2C58487-5BA9-46DE-B668-121C85C1BEFD}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{35374657-E11B-4AC6-A0BC-3E92348FB54B}"="" "{5B5F3B84-6741-49AC-B42B-B9BBB601DF46}"="" "{68F07B18-72A6-4978-91BB-40BE5246F2EA}"="" "{5EF2DC3F-EC5B-468C-9118-FF3B38E2CE6A}"="" "{91BF2672-DB94-49AD-8E8A-80EB84901AD7}"="" "{F32561C5-758E-430B-9B20-0D117D8BDBFA}"="" "{1B0A93F1-C9F6-476D-AF44-C10E021A5F98}"="" "{8CDEA324-5620-48F0-8CF0-51AB71D32CD8}"="" "{F744D882-281A-46D1-8963-E80FC7E074B5}"="" "{CA61550B-E365-4745-BE3E-5FFBD3A63ADB}"="" "{F668C66D-8041-493E-9E9E-CB0D47147948}"="" "{23AB479F-26DB-4D49-80FD-CD907875C8C7}"="" "{087D6561-5797-4223-9671-0901FB046BA2}"="" "{7BBEF819-A4C8-4CB7-A6CE-E2624096FA55}"="" "{CACB1135-5603-464C-ADDF-4ACFAE5B3232}"="" "{38007E84-48EE-4287-AC0D-9CEA517867AA}"="" "{A170FA72-6F25-4B06-902F-E43AB08E1689}"="" "{B18740F0-C773-4280-BB3B-70FBD9418B2F}"="" "{32032CB3-CA39-4D33-BA01-99218F9D7A77}"="" "{1466B0C0-58A6-43CD-94CF-3FCCC5A87964}"="" "{4C84671D-CD0D-446D-9CBC-B945B323DE26}"="" "{0F25E736-DF9F-4997-A0F2-FC5FADEEE447}"="" "{08308DB6-D4AB-4131-949A-39FB2F6F85AC}"="" "{D1199BA5-4497-45AD-834C-C88FE379FDF6}"="" "{F20F8813-51A5-43F8-9E9D-C7D110668C80}"="" "{88972957-CB13-458A-A65D-B84ECD0F030E}"="" "{3590C1D3-520A-4308-8A34-72CC842E0200}"="" "{37925E2D-A90B-4FA7-924F-FA7F54B884D1}"="" "{250C0E34-AB0B-40D5-913F-77E3191D70A2}"="" "{176ECA38-574D-4698-A306-D93BC425DE69}"="" "{F18F94D7-DE2F-4A80-8D49-BCD2FA5D496A}"="" "{674BE74D-C496-48C4-A6DB-07AA05920B78}"="" "{E69B2C01-8AFF-4377-84C2-6823E89D3788}"="" "{D9375991-A484-40CE-AB10-5D6338E9FDFC}"="" "{5872F5B2-E9FB-4907-8DC5-FCD01570E467}"="" "{AE712614-67F1-41F8-A49B-F8699637FFCB}"="" "{212DCA8E-7B73-4778-A2F8-61C6B45D63EE}"="" "{94E9EEB6-F395-42E1-A876-4E090A086A20}"="" "{09D21B13-DCF7-4222-B6F8-5B652E84E797}"="" "{B073C7C4-8634-429E-B38C-494813F8D01A}"="" "{B0E3FCA9-EF7D-4838-9721-ED24DD681AB5}"="" "{15755ED1-ADCE-4708-AEF4-E5B24F44A715}"="" "{87E2F4AE-1FB3-4AF4-A6C8-5560C17CA033}"="" "{3456A020-1397-4279-BC52-CCEBC7B7AE17}"="" "{7C1C56A6-9B37-43C5-A91F-9A773E028040}"="" "{4B9C4208-23CC-4D0B-BF35-636592CF73C6}"="" "{64B84BD4-C69E-4334-A091-EE401899ADBB}"="" "{8F9EF6D3-FDA4-4362-8F21-AF3E5BFCFE7E}"="" "{37B67E04-1F8A-4691-B243-E1BB390E7FC2}"="" "{3101D372-6131-44AA-A7C0-769BD028072A}"="" "{6DA7CB91-7F16-402B-B1A9-F588D59C1B11}"="" "{153E7208-8F74-41BD-8F6B-849B6C231FF7}"="" "{2894C6DA-F386-4631-BFAB-A059DB5B653A}"="" "{E2F0955D-2D12-4EA3-BC53-132F91064023}"="" "{9BCE49FF-F8E3-4DE4-9DA6-2065AFD22F91}"="" "{2D86D01B-4BA1-41A1-8230-224DE6067351}"="" "{F0CE4347-A8B0-4948-970D-FC4FB407A6D9}"="" "{56D0DD33-FBE0-47B4-B988-B07C6616D846}"="" "{F47E6536-9B5A-41DE-B277-8E170821D327}"="" "{80E39866-2E9B-46BE-901B-F2AD2AB7B1D1}"="" "{6B2E6FA0-8539-4F67-A81B-15AF695D15E2}"="" "{CCB1B607-288A-4487-890D-F35FA386A198}"="" "{9255A47A-CDB9-4397-99FF-9A733CBB210B}"="" "{1FE5121D-0B75-427B-946F-410EAF496416}"="" "{B4A9F953-4C25-4A4A-B47B-EBEDBAB6DDAF}"="" "{97199924-5A19-44D8-BFB8-B8D76013440D}"="" "{A2932602-F3A1-4452-B09E-E199C45607ED}"="" "{389F6518-5FB7-428A-A5D0-3BA77EE17F0E}"="" "{122E218E-76E1-40B4-B396-33B1907F9657}"="" "{622DC36E-486D-4FE8-8341-0C94897818E4}"="" "{4D177A91-D1A2-4A0E-A9B6-21ACA6FB8299}"="" "{968202EC-EDBB-460A-AB50-2D3CB2C331E0}"="" "{92AA8DFD-6DAC-4490-AC27-5532BB39610E}"="" "{52B71C37-1869-4ED0-8D58-F6D6EB961033}"="" "{1E7FEEA0-CDB6-42B2-A76B-8F6DCED8A552}"="" "{8B98234C-C938-4C45-BB66-D39B6BDBB067}"="" "{5399C205-B3FD-4DD5-A704-6007F128AE48}"="" "{E2C58487-5BA9-46DE-B668-121C85C1BEFD}"="" "{085B2E16-D5F2-4589-A54E-D62B827391EC}"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-05-21 16:35:15 ComboFix-quarantined-files.txt 2012-05-21 14:35 . Vor Suchlauf: 14 Verzeichnis(se), 210.135.871.488 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 210.167.934.976 Bytes frei . - - End Of File - - 5FDFBAEEA482AE16FEAFEDE3F8C650C9 Grüße Bebbo |
21.05.2012, 16:06 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> GMX wurde gehackt, Angst vor Trojaner |
21.05.2012, 17:38 | #22 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, ich schon wieder ;-). aswMBR ist gelaufen: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-21 18:33:33 ----------------------------- 18:33:33.456 OS Version: Windows x64 6.1.7601 Service Pack 1 18:33:33.456 Number of processors: 2 586 0x170A 18:33:33.456 ComputerName: xxx-PC UserName: xxx 18:33:35.266 Initialize success 18:33:42.286 AVAST engine defs: 12052100 18:33:47.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:33:47.918 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11 18:33:47.980 Disk 0 MBR read successfully 18:33:47.980 Disk 0 MBR scan 18:33:47.980 Disk 0 Windows 7 default MBR code 18:33:47.996 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 18:33:48.011 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325 18:33:48.058 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30800325 18:33:48.089 Disk 0 scanning C:\Windows\system32\drivers 18:34:07.605 Service scanning 18:34:40.958 Modules scanning 18:34:40.973 Disk 0 trace - called modules: 18:34:41.004 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 18:34:41.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c422e0] 18:34:41.020 3 CLASSPNP.SYS[fffff88001b7a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046e4060] 18:34:41.036 Scan finished successfully 18:34:59.303 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\malware\MBR.dat" 18:34:59.319 The log file has been saved successfully to "C:\Users\xxx\Desktop\malware\aswMBR.txt" |
21.05.2012, 18:52 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2012, 15:48 | #24 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, hier die Scans: SuperAntispyware: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 05/22/2012 bei 05:08 AM Version der Applikation : 5.0.1148 Version der Kern-Datenbank : 8626 Version der Spur-Datenbank : 6438 Scan Art : kompletter Scann Totale Scann-Zeit : 09:10:52 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Gescannte Speicherelemente : 730 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 68971 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 277867 Erfasste Datei-Elemente : 0 Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxx :: xxx-PC [Administrator] Schutz: Aktiviert 22.05.2012 06:18:11 mbam-log-2012-05-22 (06-18-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 520260 Laufzeit: 2 Stunde(n), 17 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Grüße Bebbo |
22.05.2012, 18:33 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Sieht ok aus, das Tool SUPERAntiSpyware hast du ja schon am Anfang ausgeführt und da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2012, 18:39 | #26 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, das System läuft wie gewohnt. Es hat auch vor dem "Hack" keine Probleme gemacht. War was auf Grund der LOGs festzustellen? Die Unsicherheit, wie das Passwort gehackt wurde, bleibt. Wenn dieses System nun sauber ist, kann ich von diesem Rechner aus wenigstens meine Passwörter ändern. Grüße Bebbo |
22.05.2012, 19:27 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GMX wurde gehackt, Angst vor Trojaner Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2012, 20:46 | #28 |
| GMX wurde gehackt, Angst vor Trojaner Hallo Arne, vielen Dank für die Hilfe. Ich hoffe das wars mit dem Hacker. Grüße Bebbo |
Themen zu GMX wurde gehackt, Angst vor Trojaner |
check, ebay, einträge, folge, forum, gehackt, gelöst, gmx, hijack, hijack this, neu, neues, norton, passwort, problem, scan, scannen, sekunden, sicherheit, spybot, system, this, tracking, trojane, trojaner, unsicherheit |