| |
| |||||||
Überwachung, Datenschutz und Spam: Mail Account gehackt? Was ist tokenserver?Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
01.06.2012, 19:08
| #31 |
 |  Mail Account gehackt? Was ist tokenserver? SE kann ich nicht mehr ausschalten, auch als Admin nicht. TDSS Killer: Er scannt nicht, stattdessen steht da NO THREADS FOUND und im Log steht gar nix. Hab ich was falsch gemacht? PS er initialisiert sich, und ein Fenster sagt CANT FIND DRIVER, wenn ich ok mklicke, initialisiert er vollends, und das Fenster erscheint. Genauer : Fenster 1: CANT INTITIALIZE LOG, Fenster 2: CANT LOAD DRIVER, Lösung war Benutzer Wechsel zu admin Konto. Code:
ATTFilter 12:45:17.0592 7472 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:45:17.0927 7472 ============================================================
12:45:17.0927 7472 Current date / time: 2012/06/02 12:45:17.0927
12:45:17.0927 7472 SystemInfo:
12:45:17.0927 7472
12:45:17.0927 7472 OS Version: 6.1.7601 ServicePack: 1.0
12:45:17.0927 7472 Product type: Workstation
12:45:17.0927 7472 ComputerName: TOBI-PC
12:45:17.0928 7472 UserName: Surfer
12:45:17.0928 7472 Windows directory: C:\Windows
12:45:17.0928 7472 System windows directory: C:\Windows
12:45:17.0928 7472 Processor architecture: Intel x86
12:45:17.0928 7472 Number of processors: 2
12:45:17.0928 7472 Page size: 0x1000
12:45:17.0928 7472 Boot type: Normal boot
12:45:17.0928 7472 ============================================================
12:45:19.0804 7472 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:45:19.0807 7472 ============================================================
12:45:19.0807 7472 \Device\Harddisk0\DR0:
12:45:19.0807 7472 MBR partitions:
12:45:19.0807 7472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1600806, BlocksNum 0xDDDFCA8
12:45:19.0807 7472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF3E2800, BlocksNum 0xDDE2800
12:45:19.0807 7472 ============================================================
12:45:19.0877 7472 C: <-> \Device\Harddisk0\DR0\Partition0
12:45:19.0961 7472 D: <-> \Device\Harddisk0\DR0\Partition1
12:45:19.0962 7472 ============================================================
12:45:19.0962 7472 Initialize success
12:45:19.0962 7472 ============================================================
12:45:41.0480 4004 ============================================================
12:45:41.0480 4004 Scan started
12:45:41.0480 4004 Mode: Manual; SigCheck; TDLFS;
12:45:41.0480 4004 ============================================================
12:45:42.0472 4004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:45:42.0684 4004 1394ohci - ok
12:45:42.0741 4004 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:45:42.0762 4004 ACPI - ok
12:45:42.0795 4004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:45:42.0857 4004 AcpiPmi - ok
12:45:43.0396 4004 AcrSch2Svc (2c41ae09bb51ea074069135f183daa9c) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:45:43.0462 4004 AcrSch2Svc - ok
12:45:43.0593 4004 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:43.0619 4004 AdobeFlashPlayerUpdateSvc - ok
12:45:43.0697 4004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:43.0722 4004 adp94xx - ok
12:45:43.0763 4004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:43.0783 4004 adpahci - ok
12:45:43.0802 4004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:43.0820 4004 adpu320 - ok
12:45:43.0934 4004 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:45:44.0101 4004 AeLookupSvc - ok
12:45:44.0192 4004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:45:44.0259 4004 AFD - ok
12:45:44.0290 4004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:45:44.0309 4004 agp440 - ok
12:45:44.0342 4004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:45:44.0358 4004 aic78xx - ok
12:45:44.0435 4004 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:45:44.0497 4004 ALG - ok
12:45:44.0536 4004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:45:44.0559 4004 aliide - ok
12:45:44.0662 4004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:45:44.0706 4004 amdagp - ok
12:45:44.0748 4004 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:45:44.0762 4004 amdide - ok
12:45:44.0815 4004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:44.0861 4004 AmdK8 - ok
12:45:44.0868 4004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:44.0895 4004 AmdPPM - ok
12:45:44.0936 4004 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
12:45:44.0951 4004 amdsata - ok
12:45:44.0978 4004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:44.0996 4004 amdsbs - ok
12:45:45.0016 4004 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
12:45:45.0031 4004 amdxata - ok
12:45:45.0088 4004 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:45:45.0135 4004 AppID - ok
12:45:45.0183 4004 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:45:45.0240 4004 AppIDSvc - ok
12:45:45.0276 4004 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:45:45.0327 4004 Appinfo - ok
12:45:45.0383 4004 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:45:45.0425 4004 arc - ok
12:45:45.0444 4004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:45.0460 4004 arcsas - ok
12:45:45.0519 4004 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\Windows\system32\drivers\aspi32.sys
12:45:45.0542 4004 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
12:45:45.0542 4004 Aspi32 - detected UnsignedFile.Multi.Generic (1)
12:45:45.0896 4004 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:45:45.0938 4004 aspnet_state - ok
12:45:45.0972 4004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:46.0095 4004 AsyncMac - ok
12:45:46.0125 4004 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:45:46.0142 4004 atapi - ok
12:45:46.0974 4004 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
12:45:47.0097 4004 athr - ok
12:45:48.0246 4004 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:48.0347 4004 AudioEndpointBuilder - ok
12:45:48.0356 4004 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:45:48.0389 4004 Audiosrv - ok
12:45:48.0457 4004 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:45:48.0550 4004 AxInstSV - ok
12:45:48.0847 4004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:45:48.0947 4004 b06bdrv - ok
12:45:49.0020 4004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:45:49.0070 4004 b57nd60x - ok
12:45:49.0146 4004 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:45:49.0219 4004 BDESVC - ok
12:45:49.0269 4004 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:45:49.0318 4004 Beep - ok
12:45:49.0404 4004 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:45:49.0467 4004 BFE - ok
12:45:49.0531 4004 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:45:49.0591 4004 BITS - ok
12:45:49.0611 4004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:49.0647 4004 blbdrive - ok
12:45:49.0954 4004 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
12:45:50.0008 4004 Bonjour Service - ok
12:45:50.0056 4004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:45:50.0108 4004 bowser - ok
12:45:50.0177 4004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:50.0202 4004 BrFiltLo - ok
12:45:50.0212 4004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:50.0250 4004 BrFiltUp - ok
12:45:50.0317 4004 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:45:50.0389 4004 Browser - ok
12:45:50.0690 4004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:45:50.0821 4004 Brserid - ok
12:45:50.0851 4004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:50.0874 4004 BrSerWdm - ok
12:45:50.0915 4004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:50.0949 4004 BrUsbMdm - ok
12:45:50.0967 4004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:51.0029 4004 BrUsbSer - ok
12:45:51.0091 4004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
12:45:51.0161 4004 BthEnum - ok
12:45:51.0214 4004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:51.0251 4004 BTHMODEM - ok
12:45:51.0304 4004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:45:51.0333 4004 BthPan - ok
12:45:51.0379 4004 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
12:45:51.0414 4004 BTHPORT - ok
12:45:51.0461 4004 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:45:51.0492 4004 bthserv - ok
12:45:51.0515 4004 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
12:45:51.0547 4004 BTHUSB - ok
12:45:51.0584 4004 btmhsf (d517ba16793d76210c963dab2a88b74f) C:\Windows\system32\DRIVERS\btmhsf.sys
12:45:51.0646 4004 btmhsf - ok
12:45:51.0680 4004 catchme - ok
12:45:51.0768 4004 cbfs3 (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys
12:45:51.0943 4004 cbfs3 - ok
12:45:51.0983 4004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:52.0634 4004 cdfs - ok
12:45:52.0692 4004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:52.0764 4004 cdrom - ok
12:45:52.0829 4004 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:45:52.0868 4004 CertPropSvc - ok
12:45:52.0937 4004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:45:52.0965 4004 circlass - ok
12:45:53.0230 4004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:45:53.0261 4004 CLFS - ok
12:45:53.0357 4004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:53.0371 4004 clr_optimization_v2.0.50727_32 - ok
12:45:53.0451 4004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:53.0501 4004 clr_optimization_v4.0.30319_32 - ok
12:45:53.0525 4004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:53.0552 4004 CmBatt - ok
12:45:53.0587 4004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:45:53.0602 4004 cmdide - ok
12:45:53.0894 4004 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:45:53.0987 4004 CNG - ok
12:45:54.0063 4004 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:54.0087 4004 Compbatt - ok
12:45:54.0130 4004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:45:54.0219 4004 CompositeBus - ok
12:45:54.0241 4004 COMSysApp - ok
12:45:54.0264 4004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:54.0288 4004 crcdisk - ok
12:45:54.0341 4004 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:45:54.0387 4004 CryptSvc - ok
12:45:54.0449 4004 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:45:54.0499 4004 DcomLaunch - ok
12:45:54.0752 4004 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:45:54.0819 4004 defragsvc - ok
12:45:54.0876 4004 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:45:54.0915 4004 DfsC - ok
12:45:54.0946 4004 DgiVecp - ok
12:45:55.0018 4004 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:45:55.0081 4004 Dhcp - ok
12:45:55.0124 4004 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:45:55.0171 4004 discache - ok
12:45:55.0228 4004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:45:55.0244 4004 Disk - ok
12:45:55.0295 4004 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
12:45:55.0309 4004 DKbFltr - ok
12:45:55.0451 4004 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:45:55.0521 4004 Dnscache - ok
12:45:55.0884 4004 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:45:55.0942 4004 dot3svc - ok
12:45:56.0074 4004 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:45:56.0137 4004 DPS - ok
12:45:56.0204 4004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:45:56.0282 4004 drmkaud - ok
12:45:56.0617 4004 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:45:56.0636 4004 dtsoftbus01 - ok
12:45:56.0952 4004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:57.0014 4004 DXGKrnl - ok
12:45:57.0145 4004 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:45:57.0198 4004 EapHost - ok
12:46:01.0387 4004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:46:01.0596 4004 ebdrv - ok
12:46:02.0612 4004 EchoIndigo (aa9d3951465cff3137c6b531e19fb21b) C:\Windows\system32\DRIVERS\echondgo.sys
12:46:02.0735 4004 EchoIndigo - ok
12:46:02.0771 4004 echondgo (aa9d3951465cff3137c6b531e19fb21b) C:\Windows\system32\drivers\echondgo.sys
12:46:02.0792 4004 echondgo - ok
12:46:02.0838 4004 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:46:02.0902 4004 EFS - ok
12:46:03.0478 4004 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:46:03.0552 4004 ehRecvr - ok
12:46:03.0678 4004 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:46:03.0707 4004 ehSched - ok
12:46:03.0786 4004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:46:03.0813 4004 elxstor - ok
12:46:03.0906 4004 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
12:46:03.0976 4004 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:46:03.0976 4004 epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:46:04.0006 4004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:46:04.0031 4004 ErrDev - ok
12:46:04.0117 4004 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
12:46:04.0202 4004 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:46:04.0202 4004 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:46:04.0247 4004 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:46:04.0301 4004 EventSystem - ok
12:46:04.0458 4004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:46:04.0512 4004 exfat - ok
12:46:04.0548 4004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:46:04.0593 4004 fastfat - ok
12:46:04.0701 4004 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:46:04.0782 4004 Fax - ok
12:46:04.0796 4004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:46:04.0815 4004 fdc - ok
12:46:04.0859 4004 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:46:04.0914 4004 fdPHost - ok
12:46:04.0964 4004 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:46:05.0042 4004 FDResPub - ok
12:46:05.0102 4004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:46:05.0126 4004 FileInfo - ok
12:46:05.0150 4004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:46:05.0198 4004 Filetrace - ok
12:46:05.0602 4004 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:46:05.0661 4004 FLEXnet Licensing Service - ok
12:46:05.0698 4004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:05.0733 4004 flpydisk - ok
12:46:05.0777 4004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:46:05.0796 4004 FltMgr - ok
12:46:06.0208 4004 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:46:06.0300 4004 FontCache - ok
12:46:06.0443 4004 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:46:06.0473 4004 FontCache3.0.0.0 - ok
12:46:06.0496 4004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:46:06.0512 4004 FsDepends - ok
12:46:06.0548 4004 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:06.0565 4004 Fs_Rec - ok
12:46:06.0613 4004 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:46:06.0634 4004 fvevol - ok
12:46:06.0679 4004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:06.0703 4004 gagp30kx - ok
12:46:06.0736 4004 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
12:46:06.0748 4004 ggflt - ok
12:46:06.0782 4004 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
12:46:06.0794 4004 ggsemc - ok
12:46:07.0288 4004 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:46:07.0397 4004 gpsvc - ok
12:46:07.0736 4004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:07.0776 4004 gupdate - ok
12:46:07.0800 4004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:07.0812 4004 gupdatem - ok
12:46:07.0861 4004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:46:07.0948 4004 hcw85cir - ok
12:46:08.0217 4004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:46:08.0281 4004 HdAudAddService - ok
12:46:08.0337 4004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:46:08.0383 4004 HDAudBus - ok
12:46:08.0435 4004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:08.0495 4004 HidBatt - ok
12:46:08.0532 4004 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:46:08.0577 4004 HidBth - ok
12:46:08.0596 4004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:46:08.0642 4004 HidIr - ok
12:46:08.0759 4004 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:46:08.0846 4004 hidserv - ok
12:46:08.0907 4004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:08.0939 4004 HidUsb - ok
12:46:09.0067 4004 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:46:09.0141 4004 hkmsvc - ok
12:46:09.0226 4004 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:46:09.0281 4004 HomeGroupListener - ok
12:46:09.0343 4004 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:46:09.0402 4004 HomeGroupProvider - ok
12:46:09.0461 4004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:46:09.0486 4004 HpSAMD - ok
12:46:09.0669 4004 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:46:09.0717 4004 HTTP - ok
12:46:09.0757 4004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:46:09.0771 4004 hwpolicy - ok
12:46:09.0828 4004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:46:09.0864 4004 i8042prt - ok
12:46:09.0938 4004 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
12:46:09.0966 4004 iaStor - ok
12:46:10.0019 4004 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
12:46:10.0041 4004 iaStorV - ok
12:46:10.0121 4004 iBtFltCoex (61401ba4183bc171ba114fce4981bb33) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:46:10.0170 4004 iBtFltCoex - ok
12:46:10.0360 4004 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:46:10.0395 4004 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:46:10.0395 4004 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:46:11.0289 4004 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:46:11.0381 4004 idsvc - ok
12:46:14.0316 4004 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:46:14.0572 4004 igfx - ok
12:46:14.0744 4004 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:46:14.0789 4004 iirsp - ok
12:46:14.0870 4004 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:46:14.0952 4004 IKEEXT - ok
12:46:15.0595 4004 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
12:46:15.0710 4004 IntcAzAudAddService - ok
12:46:16.0539 4004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:46:16.0562 4004 intelide - ok
12:46:16.0596 4004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:16.0632 4004 intelppm - ok
12:46:16.0677 4004 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:46:16.0735 4004 IPBusEnum - ok
12:46:16.0809 4004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:16.0882 4004 IpFilterDriver - ok
12:46:16.0965 4004 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:46:17.0021 4004 iphlpsvc - ok
12:46:17.0061 4004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:46:17.0101 4004 IPMIDRV - ok
12:46:17.0151 4004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:46:17.0183 4004 IPNAT - ok
12:46:17.0211 4004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:46:17.0230 4004 IRENUM - ok
12:46:17.0248 4004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:46:17.0263 4004 isapnp - ok
12:46:17.0307 4004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:46:17.0326 4004 iScsiPrt - ok
12:46:17.0362 4004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:17.0378 4004 kbdclass - ok
12:46:17.0400 4004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:17.0437 4004 kbdhid - ok
12:46:17.0487 4004 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:17.0510 4004 KeyIso - ok
12:46:17.0580 4004 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:46:17.0601 4004 KSecDD - ok
12:46:17.0813 4004 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:46:17.0843 4004 KSecPkg - ok
12:46:17.0902 4004 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:46:17.0972 4004 KtmRm - ok
12:46:18.0037 4004 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:46:18.0078 4004 LanmanServer - ok
12:46:18.0110 4004 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:46:18.0141 4004 LanmanWorkstation - ok
12:46:18.0694 4004 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:46:18.0734 4004 LBTServ - ok
12:46:18.0842 4004 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:46:18.0867 4004 LHidFilt - ok
12:46:18.0910 4004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:18.0974 4004 lltdio - ok
12:46:19.0294 4004 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:46:19.0344 4004 lltdsvc - ok
12:46:19.0378 4004 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:46:19.0421 4004 lmhosts - ok
12:46:19.0458 4004 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:46:19.0473 4004 LMouFilt - ok
12:46:19.0510 4004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:19.0526 4004 LSI_FC - ok
12:46:19.0567 4004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:19.0583 4004 LSI_SAS - ok
12:46:19.0613 4004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:19.0628 4004 LSI_SAS2 - ok
12:46:19.0647 4004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:19.0677 4004 LSI_SCSI - ok
12:46:19.0727 4004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:46:19.0758 4004 luafv - ok
12:46:19.0883 4004 MCSWASVR (fa4a4270b22b8e16fbae59dc03c38d6f) C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
12:46:19.0940 4004 MCSWASVR - ok
12:46:19.0997 4004 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:46:20.0025 4004 Mcx2Svc - ok
12:46:20.0173 4004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:46:20.0206 4004 megasas - ok
12:46:20.0247 4004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:20.0266 4004 MegaSR - ok
12:46:20.0294 4004 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:46:20.0338 4004 MMCSS - ok
12:46:20.0366 4004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:46:20.0410 4004 Modem - ok
12:46:20.0434 4004 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:46:20.0464 4004 monitor - ok
12:46:20.0494 4004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:20.0509 4004 mouclass - ok
12:46:20.0536 4004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:20.0566 4004 mouhid - ok
12:46:20.0631 4004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:46:20.0646 4004 mountmgr - ok
12:46:20.0733 4004 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:46:20.0770 4004 MozillaMaintenance - ok
12:46:20.0844 4004 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:46:20.0873 4004 MpFilter - ok
12:46:21.0130 4004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:46:21.0169 4004 mpio - ok
12:46:21.0368 4004 MpKsla7fba890 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys
12:46:21.0394 4004 MpKsla7fba890 - ok
12:46:21.0420 4004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:46:21.0469 4004 mpsdrv - ok
12:46:22.0124 4004 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:46:22.0232 4004 MpsSvc - ok
12:46:22.0266 4004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:46:22.0286 4004 MRxDAV - ok
12:46:22.0335 4004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:22.0402 4004 mrxsmb - ok
12:46:22.0437 4004 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:22.0470 4004 mrxsmb10 - ok
12:46:22.0492 4004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:22.0521 4004 mrxsmb20 - ok
12:46:22.0585 4004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:46:22.0604 4004 msahci - ok
12:46:22.0632 4004 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:46:22.0649 4004 msdsm - ok
12:46:22.0683 4004 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:46:22.0711 4004 MSDTC - ok
12:46:22.0774 4004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:46:22.0803 4004 Msfs - ok
12:46:22.0813 4004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:46:22.0852 4004 mshidkmdf - ok
12:46:22.0929 4004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:46:22.0964 4004 msisadrv - ok
12:46:23.0008 4004 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:46:23.0064 4004 MSiSCSI - ok
12:46:23.0072 4004 msiserver - ok
12:46:23.0121 4004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:23.0178 4004 MSKSSRV - ok
12:46:23.0283 4004 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:46:23.0298 4004 MsMpSvc - ok
12:46:23.0331 4004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:23.0362 4004 MSPCLOCK - ok
12:46:23.0368 4004 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:46:23.0418 4004 MSPQM - ok
12:46:23.0445 4004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:46:23.0463 4004 MsRPC - ok
12:46:23.0536 4004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:46:23.0562 4004 mssmbios - ok
12:46:23.0600 4004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:46:23.0653 4004 MSTEE - ok
12:46:23.0676 4004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:23.0712 4004 MTConfig - ok
12:46:23.0737 4004 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:46:23.0752 4004 Mup - ok
12:46:24.0076 4004 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:46:24.0167 4004 napagent - ok
12:46:24.0282 4004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:24.0325 4004 NativeWifiP - ok
12:46:24.0415 4004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:46:24.0451 4004 NDIS - ok
12:46:24.0491 4004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:24.0548 4004 NdisCap - ok
12:46:24.0582 4004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:24.0625 4004 NdisTapi - ok
12:46:24.0669 4004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:24.0735 4004 Ndisuio - ok
12:46:24.0984 4004 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:25.0036 4004 NdisWan - ok
12:46:25.0067 4004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:46:25.0096 4004 NDProxy - ok
12:46:25.0148 4004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:46:25.0196 4004 NetBIOS - ok
12:46:25.0331 4004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:46:25.0421 4004 NetBT - ok
12:46:25.0460 4004 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:25.0475 4004 Netlogon - ok
12:46:25.0546 4004 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:46:25.0600 4004 Netman - ok
12:46:25.0822 4004 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0836 4004 NetMsmqActivator - ok
12:46:25.0849 4004 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0862 4004 NetPipeActivator - ok
12:46:25.0910 4004 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:46:25.0948 4004 netprofm - ok
12:46:25.0953 4004 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0967 4004 NetTcpActivator - ok
12:46:25.0972 4004 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:25.0986 4004 NetTcpPortSharing - ok
12:46:27.0558 4004 Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:46:27.0666 4004 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:46:27.0666 4004 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:46:29.0081 4004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:46:29.0117 4004 nfrd960 - ok
12:46:29.0230 4004 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:46:29.0263 4004 NisDrv - ok
12:46:29.0487 4004 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
12:46:29.0516 4004 NisSrv - ok
12:46:29.0599 4004 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:46:29.0655 4004 NlaSvc - ok
12:46:29.0745 4004 nlsX86cc (b5efddcd8a686c4999afd1d7ec29fa12) C:\Windows\system32\NlsSrv32.exe
12:46:29.0819 4004 nlsX86cc ( UnsignedFile.Multi.Generic ) - warning
12:46:29.0819 4004 nlsX86cc - detected UnsignedFile.Multi.Generic (1)
12:46:29.0882 4004 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:46:29.0937 4004 NMSAccessU - ok
12:46:30.0026 4004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:46:30.0081 4004 Npfs - ok
12:46:30.0139 4004 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:46:30.0188 4004 nsi - ok
12:46:30.0203 4004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:46:30.0258 4004 nsiproxy - ok
12:46:30.0612 4004 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
12:46:30.0687 4004 Ntfs - ok
12:46:31.0393 4004 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:46:31.0434 4004 Null - ok
12:46:31.0483 4004 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
12:46:31.0500 4004 nvraid - ok
12:46:31.0526 4004 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
12:46:31.0544 4004 nvstor - ok
12:46:31.0563 4004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:46:31.0580 4004 nv_agp - ok
12:46:31.0608 4004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:46:31.0639 4004 ohci1394 - ok
12:46:31.0739 4004 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
12:46:31.0760 4004 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:46:31.0760 4004 OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:46:31.0854 4004 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:31.0870 4004 ose - ok
12:46:31.0922 4004 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:31.0989 4004 p2pimsvc - ok
12:46:32.0021 4004 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:46:32.0079 4004 p2psvc - ok
12:46:32.0134 4004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:46:32.0191 4004 Parport - ok
12:46:32.0238 4004 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:46:32.0253 4004 partmgr - ok
12:46:32.0273 4004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:46:32.0311 4004 Parvdm - ok
12:46:32.0357 4004 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:46:32.0387 4004 PcaSvc - ok
12:46:32.0507 4004 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:46:32.0560 4004 pci - ok
12:46:32.0593 4004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:46:32.0607 4004 pciide - ok
12:46:32.0758 4004 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:46:32.0794 4004 pcmcia - ok
12:46:32.0809 4004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:46:32.0824 4004 pcw - ok
12:46:33.0238 4004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:46:33.0329 4004 PEAUTH - ok
12:46:33.0374 4004 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\Windows\system32\Drivers\PenClass.sys
12:46:33.0398 4004 PenClass ( UnsignedFile.Multi.Generic ) - warning
12:46:33.0398 4004 PenClass - detected UnsignedFile.Multi.Generic (1)
12:46:34.0801 4004 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:46:34.0917 4004 pla - ok
12:46:35.0368 4004 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:46:35.0428 4004 PlugPlay - ok
12:46:35.0464 4004 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:46:35.0504 4004 PNRPAutoReg - ok
12:46:35.0776 4004 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:46:35.0810 4004 PNRPsvc - ok
12:46:36.0199 4004 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:46:36.0287 4004 PolicyAgent - ok
12:46:36.0328 4004 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:46:36.0376 4004 Power - ok
12:46:36.0456 4004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:36.0501 4004 PptpMiniport - ok
12:46:36.0520 4004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:46:36.0549 4004 Processor - ok
12:46:36.0657 4004 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:46:36.0717 4004 ProfSvc - ok
12:46:36.0778 4004 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:36.0806 4004 ProtectedStorage - ok
12:46:36.0881 4004 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Windows\system32\PSIService.exe
12:46:36.0899 4004 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
12:46:36.0900 4004 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
12:46:36.0953 4004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:46:36.0999 4004 Psched - ok
12:46:37.0046 4004 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
12:46:37.0082 4004 PSI - ok
12:46:38.0258 4004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:46:38.0364 4004 ql2300 - ok
12:46:39.0340 4004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:46:39.0362 4004 ql40xx - ok
12:46:39.0398 4004 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:46:39.0435 4004 QWAVE - ok
12:46:39.0460 4004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:46:39.0492 4004 QWAVEdrv - ok
12:46:39.0529 4004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:39.0592 4004 RasAcd - ok
12:46:39.0648 4004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:39.0695 4004 RasAgileVpn - ok
12:46:39.0736 4004 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:46:39.0769 4004 RasAuto - ok
12:46:39.0797 4004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:39.0848 4004 Rasl2tp - ok
12:46:39.0920 4004 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:46:39.0992 4004 RasMan - ok
12:46:40.0052 4004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:40.0128 4004 RasPppoe - ok
12:46:40.0147 4004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:40.0195 4004 RasSstp - ok
12:46:40.0345 4004 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:40.0412 4004 rdbss - ok
12:46:40.0484 4004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:46:40.0532 4004 rdpbus - ok
12:46:40.0557 4004 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:40.0600 4004 RDPCDD - ok
12:46:40.0637 4004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:46:40.0683 4004 RDPENCDD - ok
12:46:40.0727 4004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:46:40.0793 4004 RDPREFMP - ok
12:46:40.0876 4004 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
12:46:40.0944 4004 RDPWD - ok
12:46:41.0228 4004 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:46:41.0274 4004 rdyboost - ok
12:46:41.0457 4004 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:46:41.0512 4004 RemoteAccess - ok
12:46:41.0572 4004 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:46:41.0643 4004 RemoteRegistry - ok
12:46:41.0694 4004 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:46:41.0713 4004 RFCOMM - ok
12:46:41.0743 4004 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:46:41.0792 4004 RpcEptMapper - ok
12:46:41.0835 4004 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:46:41.0881 4004 RpcLocator - ok
12:46:41.0950 4004 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:46:41.0990 4004 RpcSs - ok
12:46:42.0040 4004 RRamdisk (519d3c83d04bc3e0289e80f61d2febc0) C:\Windows\system32\DRIVERS\rramdisk.sys
12:46:42.0074 4004 RRamdisk ( UnsignedFile.Multi.Generic ) - warning
12:46:42.0074 4004 RRamdisk - detected UnsignedFile.Multi.Generic (1)
12:46:42.0171 4004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:42.0231 4004 rspndr - ok
12:46:42.0271 4004 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
12:46:42.0284 4004 s0017bus - ok
12:46:42.0309 4004 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:46:42.0320 4004 s0017mdfl - ok
12:46:42.0345 4004 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
12:46:42.0358 4004 s0017mdm - ok
12:46:42.0387 4004 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:46:42.0401 4004 s0017mgmt - ok
12:46:42.0426 4004 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
12:46:42.0438 4004 s0017nd5 - ok
12:46:42.0492 4004 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
12:46:42.0505 4004 s0017obex - ok
12:46:42.0530 4004 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
12:46:42.0544 4004 s0017unic - ok
12:46:42.0568 4004 s217bus (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
12:46:42.0581 4004 s217bus - ok
12:46:42.0616 4004 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
12:46:42.0627 4004 s217mdfl - ok
12:46:42.0647 4004 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
12:46:42.0660 4004 s217mdm - ok
12:46:42.0769 4004 s217mgmt (de9562ad0c91e1857d11f65a91ee1a47) C:\Windows\system32\DRIVERS\s217mgmt.sys
12:46:42.0786 4004 s217mgmt - ok
12:46:42.0819 4004 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
12:46:42.0833 4004 s217nd5 - ok
12:46:42.0853 4004 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
12:46:42.0870 4004 s217obex - ok
12:46:42.0888 4004 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
12:46:42.0902 4004 s217unic - ok
12:46:42.0940 4004 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:46:42.0954 4004 SamSs - ok
12:46:42.0989 4004 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:46:43.0007 4004 sbp2port - ok
12:46:43.0186 4004 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:46:43.0269 4004 SCardSvr - ok
12:46:43.0299 4004 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:46:43.0347 4004 scfilter - ok
12:46:43.0417 4004 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:46:43.0486 4004 Schedule - ok
12:46:43.0547 4004 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:46:43.0586 4004 SCPolicySvc - ok
12:46:43.0785 4004 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:46:43.0890 4004 SDRSVC - ok
12:46:43.0982 4004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:46:44.0053 4004 secdrv - ok
12:46:44.0097 4004 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:46:44.0149 4004 seclogon - ok
12:46:45.0238 4004 Secunia PSI Agent (fc4842cecaf2a938be13a6c534034088) C:\Program Files\Secunia\PSI\PSIA.exe
12:46:45.0316 4004 Secunia PSI Agent - ok
12:46:45.0365 4004 Secunia Update Agent (401c960e9c95d35cffb17ca57c4406fb) C:\Program Files\Secunia\PSI\sua.exe
12:46:45.0520 4004 Secunia Update Agent - ok
12:46:45.0682 4004 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
12:46:45.0727 4004 seehcri - ok
12:46:45.0775 4004 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:46:45.0833 4004 SENS - ok
12:46:45.0868 4004 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:46:45.0913 4004 SensrSvc - ok
12:46:45.0962 4004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:46:45.0993 4004 Serenum - ok
12:46:46.0036 4004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:46:46.0064 4004 Serial - ok
12:46:46.0099 4004 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:46:46.0139 4004 sermouse - ok
12:46:46.0208 4004 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:46:46.0239 4004 SessionEnv - ok
12:46:46.0347 4004 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
12:46:46.0389 4004 sesvc ( UnsignedFile.Multi.Generic ) - warning
12:46:46.0389 4004 sesvc - detected UnsignedFile.Multi.Generic (1)
12:46:46.0424 4004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:46:46.0465 4004 sffdisk - ok
12:46:46.0483 4004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:46:46.0500 4004 sffp_mmc - ok
12:46:46.0506 4004 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:46:46.0541 4004 sffp_sd - ok
12:46:46.0586 4004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:46.0623 4004 sfloppy - ok
12:46:46.0688 4004 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:46:46.0756 4004 SharedAccess - ok
12:46:47.0079 4004 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:46:47.0154 4004 ShellHWDetection - ok
12:46:47.0191 4004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:46:47.0206 4004 sisagp - ok
12:46:47.0250 4004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:46:47.0265 4004 SiSRaid2 - ok
12:46:47.0281 4004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:46:47.0297 4004 SiSRaid4 - ok
12:46:47.0329 4004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:46:47.0361 4004 Smb - ok
12:46:47.0426 4004 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
12:46:47.0440 4004 snapman - ok
12:46:47.0473 4004 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:46:47.0489 4004 SNMPTRAP - ok
12:46:47.0507 4004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:46:47.0522 4004 spldr - ok
12:46:47.0708 4004 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:46:47.0756 4004 Spooler - ok
12:46:50.0578 4004 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:46:50.0729 4004 sppsvc - ok
12:46:50.0884 4004 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:46:50.0933 4004 sppuinotify - ok
12:46:51.0427 4004 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:46:51.0508 4004 srv - ok
12:46:51.0574 4004 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:46:51.0649 4004 srv2 - ok
12:46:51.0685 4004 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:51.0702 4004 srvnet - ok
12:46:51.0736 4004 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:46:51.0783 4004 SSDPSRV - ok
12:46:51.0840 4004 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
12:46:51.0845 4004 SSPORT ( UnsignedFile.Multi.Generic ) - warning
12:46:51.0845 4004 SSPORT - detected UnsignedFile.Multi.Generic (1)
12:46:51.0876 4004 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:46:51.0906 4004 SstpSvc - ok
12:46:51.0940 4004 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
12:46:51.0960 4004 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:46:51.0960 4004 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:46:51.0987 4004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:46:52.0002 4004 stexstor - ok
12:46:52.0068 4004 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:46:52.0128 4004 StiSvc - ok
12:46:52.0156 4004 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:46:52.0173 4004 swenum - ok
12:46:52.0235 4004 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:46:52.0273 4004 swprv - ok
12:46:52.0323 4004 SynasUSB (e46088b882e6315518630e249ddf958c) C:\Windows\system32\drivers\SynasUSB.sys
12:46:52.0403 4004 SynasUSB - ok
12:46:53.0108 4004 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:46:53.0201 4004 SysMain - ok
12:46:53.0285 4004 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:46:53.0335 4004 TabletInputService - ok
12:46:57.0615 4004 TabletServiceWacom (77e974834b9c246de54de4f430315b09) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
12:46:57.0856 4004 TabletServiceWacom - ok
12:46:58.0089 4004 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:46:58.0158 4004 TapiSrv - ok
12:46:58.0188 4004 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:46:58.0231 4004 TBS - ok
12:46:58.0493 4004 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:46:58.0580 4004 Tcpip - ok
12:46:59.0213 4004 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:59.0253 4004 TCPIP6 - ok
12:47:00.0087 4004 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:47:00.0147 4004 tcpipreg - ok
12:47:00.0207 4004 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:47:00.0234 4004 TDPIPE - ok
12:47:00.0268 4004 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:47:00.0283 4004 TDTCP - ok
12:47:00.0313 4004 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:47:00.0359 4004 tdx - ok
12:47:02.0413 4004 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:47:02.0550 4004 TeamViewer7 - ok
12:47:02.0848 4004 TelekomNM3 (5d528200679c3b4595b4237e02c077d5) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
12:47:02.0877 4004 TelekomNM3 - ok
12:47:04.0087 4004 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:47:04.0119 4004 TermDD - ok
12:47:04.0587 4004 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:47:04.0670 4004 TermService - ok
12:47:04.0774 4004 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:47:04.0836 4004 Themes - ok
12:47:04.0924 4004 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:47:04.0969 4004 THREADORDER - ok
12:47:05.0018 4004 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
12:47:05.0031 4004 tifsfilter - ok
12:47:05.0071 4004 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
12:47:05.0094 4004 timounter - ok
12:47:05.0821 4004 TouchServiceWacom (7496f4c86cac98ca7a24586570e214aa) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
12:47:05.0999 4004 TouchServiceWacom - ok
12:47:06.0118 4004 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:47:06.0193 4004 TrkWks - ok
12:47:06.0534 4004 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:47:06.0620 4004 TrustedInstaller - ok
12:47:07.0445 4004 TryAndDecideService (abee0a9ed1e0eb558c60f0881132ae32) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
12:47:07.0518 4004 TryAndDecideService - ok
12:47:07.0583 4004 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:07.0614 4004 tssecsrv - ok
12:47:07.0766 4004 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:47:07.0838 4004 TsUsbFlt - ok
12:47:07.0886 4004 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:47:07.0951 4004 tunnel - ok
12:47:08.0033 4004 TVicPort (3147063508eae931becc01573c204fac) C:\Windows\system32\DRIVERS\TVICPORT.SYS
12:47:08.0052 4004 TVicPort - ok
12:47:08.0142 4004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:47:08.0179 4004 uagp35 - ok
12:47:08.0437 4004 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:47:08.0524 4004 udfs - ok
12:47:08.0641 4004 UDST7000BDA (d785cdc0d6e27aa27dc30d3b3aad7819) C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys
12:47:08.0731 4004 UDST7000BDA - ok
12:47:08.0762 4004 UDST7000HID (527fea6f1669fca060c8fa17174db19b) C:\Windows\system32\DRIVERS\TerraTecUsbHid.sys
12:47:08.0791 4004 UDST7000HID - ok
12:47:08.0885 4004 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:47:08.0936 4004 UI0Detect - ok
12:47:08.0975 4004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:47:08.0990 4004 uliagpkx - ok
12:47:09.0020 4004 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:47:09.0049 4004 umbus - ok
12:47:09.0100 4004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:47:09.0130 4004 UmPass - ok
12:47:09.0190 4004 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:47:09.0253 4004 upnphost - ok
12:47:09.0517 4004 USB28xxBGA (47d967b6f4c3870da6859824fefc3829) C:\Windows\system32\DRIVERS\emBDA.sys
12:47:09.0613 4004 USB28xxBGA - ok
12:47:09.0679 4004 USB28xxOEM (8b5addd61fb0f415337f04cae2a5f532) C:\Windows\system32\DRIVERS\emOEM.sys
12:47:09.0739 4004 USB28xxOEM - ok
12:47:09.0780 4004 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
12:47:09.0819 4004 usbaudio - ok
12:47:09.0845 4004 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:09.0861 4004 usbccgp - ok
12:47:09.0879 4004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:47:09.0938 4004 usbcir - ok
12:47:09.0977 4004 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
12:47:10.0007 4004 usbehci - ok
12:47:10.0113 4004 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
12:47:10.0168 4004 usbhub - ok
12:47:10.0193 4004 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
12:47:10.0227 4004 usbohci - ok
12:47:10.0252 4004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:47:10.0270 4004 usbprint - ok
12:47:10.0313 4004 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
12:47:10.0345 4004 usbscan - ok
12:47:10.0481 4004 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:10.0533 4004 USBSTOR - ok
12:47:10.0604 4004 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
12:47:10.0658 4004 usbuhci - ok
12:47:10.0699 4004 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:47:10.0719 4004 usbvideo - ok
12:47:10.0800 4004 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:47:10.0851 4004 UxSms - ok
12:47:10.0947 4004 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:47:10.0969 4004 VaultSvc - ok
12:47:11.0017 4004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:47:11.0035 4004 vdrvroot - ok
12:47:11.0508 4004 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:47:11.0599 4004 vds - ok
12:47:11.0661 4004 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:11.0699 4004 vga - ok
12:47:11.0736 4004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:47:11.0815 4004 VgaSave - ok
12:47:11.0845 4004 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:47:11.0865 4004 vhdmp - ok
12:47:11.0897 4004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:47:11.0912 4004 viaagp - ok
12:47:11.0947 4004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:47:11.0964 4004 ViaC7 - ok
12:47:11.0975 4004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:47:11.0990 4004 viaide - ok
12:47:12.0004 4004 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:47:12.0019 4004 volmgr - ok
12:47:12.0150 4004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:47:12.0189 4004 volmgrx - ok
12:47:12.0432 4004 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:47:12.0493 4004 volsnap - ok
12:47:12.0550 4004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:12.0570 4004 vsmraid - ok
12:47:13.0355 4004 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:47:13.0462 4004 VSS - ok
12:47:13.0480 4004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:13.0511 4004 vwifibus - ok
12:47:13.0528 4004 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:13.0548 4004 vwififlt - ok
12:47:13.0585 4004 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:13.0604 4004 vwifimp - ok
12:47:13.0807 4004 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:47:13.0897 4004 W32Time - ok
12:47:13.0957 4004 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
12:47:13.0983 4004 wacmoumonitor - ok
12:47:14.0003 4004 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
12:47:14.0014 4004 wacommousefilter - ok
12:47:14.0035 4004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:47:14.0062 4004 WacomPen - ok
12:47:14.0098 4004 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
12:47:14.0108 4004 wacomvhid - ok
12:47:14.0129 4004 WacomVKHid - ok
12:47:14.0174 4004 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0222 4004 WANARP - ok
12:47:14.0226 4004 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:14.0256 4004 Wanarpv6 - ok
12:47:14.0489 4004 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:47:14.0546 4004 WatAdminSvc - ok
12:47:16.0166 4004 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:47:16.0300 4004 wbengine - ok
12:47:16.0456 4004 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:47:16.0523 4004 WbioSrvc - ok
12:47:16.0840 4004 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:47:16.0930 4004 wcncsvc - ok
12:47:16.0960 4004 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:47:17.0021 4004 WcsPlugInService - ok
12:47:17.0088 4004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:47:17.0111 4004 Wd - ok
12:47:17.0185 4004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:47:17.0222 4004 Wdf01000 - ok
12:47:17.0242 4004 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:47:17.0312 4004 WdiServiceHost - ok
12:47:17.0318 4004 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:47:17.0339 4004 WdiSystemHost - ok
12:47:17.0706 4004 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:47:17.0746 4004 WebClient - ok
12:47:17.0942 4004 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:47:18.0018 4004 Wecsvc - ok
12:47:18.0090 4004 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:47:18.0141 4004 wercplsupport - ok
12:47:18.0186 4004 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:47:18.0220 4004 WerSvc - ok
12:47:18.0251 4004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:18.0299 4004 WfpLwf - ok
12:47:18.0359 4004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:47:18.0393 4004 WIMMount - ok
12:47:19.0162 4004 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:47:19.0248 4004 WinDefend - ok
12:47:19.0519 4004 Windows7FirewallService (ec9ffcd405c576f27b2385e3c580d3ff) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
12:47:19.0584 4004 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
12:47:19.0584 4004 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
12:47:19.0591 4004 WinHttpAutoProxySvc - ok
12:47:19.0818 4004 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:47:19.0909 4004 Winmgmt - ok
12:47:20.0614 4004 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:47:20.0725 4004 WinRM - ok
12:47:20.0861 4004 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:47:20.0924 4004 WinUsb - ok
12:47:21.0232 4004 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:47:21.0329 4004 Wlansvc - ok
12:47:21.0517 4004 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:47:21.0537 4004 wlcrasvc - ok
12:47:22.0600 4004 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:22.0684 4004 wlidsvc - ok
12:47:23.0856 4004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:47:23.0895 4004 WmiAcpi - ok
12:47:24.0154 4004 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:47:24.0196 4004 wmiApSrv - ok
12:47:25.0305 4004 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:47:25.0429 4004 WMPNetworkSvc - ok
12:47:26.0429 4004 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:47:26.0465 4004 WPCSvc - ok
12:47:26.0512 4004 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:47:26.0547 4004 WPDBusEnum - ok
12:47:26.0610 4004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:26.0657 4004 ws2ifsl - ok
12:47:26.0736 4004 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:47:26.0774 4004 wscsvc - ok
12:47:26.0779 4004 WSearch - ok
12:47:28.0221 4004 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:47:28.0333 4004 wuauserv - ok
12:47:29.0747 4004 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:47:29.0806 4004 WudfPf - ok
12:47:29.0882 4004 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:29.0927 4004 WUDFRd - ok
12:47:30.0067 4004 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:47:30.0123 4004 wudfsvc - ok
12:47:30.0402 4004 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:47:30.0477 4004 WwanSvc - ok
12:47:30.0560 4004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:47:34.0394 4004 \Device\Harddisk0\DR0 - ok
12:47:34.0435 4004 Boot (0x1200) (8cf92dc1f396f1ca9c01c47517e8cf42) \Device\Harddisk0\DR0\Partition0
12:47:34.0459 4004 \Device\Harddisk0\DR0\Partition0 - ok
12:47:34.0479 4004 Boot (0x1200) (3b39d2ae28780f363ba7a59b3969f9c6) \Device\Harddisk0\DR0\Partition1
12:47:34.0494 4004 \Device\Harddisk0\DR0\Partition1 - ok
12:47:34.0494 4004 ============================================================
12:47:34.0494 4004 Scan finished
12:47:34.0495 4004 ============================================================
12:47:34.0515 7908 Detected object count: 14
12:47:34.0515 7908 Actual detected object count: 14
12:49:39.0353 7908 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0354 7908 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0359 7908 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0359 7908 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0364 7908 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0364 7908 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0370 7908 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0370 7908 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0371 7908 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0372 7908 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0376 7908 nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0376 7908 nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0382 7908 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0382 7908 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0388 7908 PenClass ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0388 7908 PenClass ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0392 7908 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0392 7908 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0395 7908 RRamdisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0395 7908 RRamdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0399 7908 sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0400 7908 sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0402 7908 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0402 7908 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0405 7908 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0406 7908 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:39.0408 7908 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:39.0408 7908 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hatte aber vergessen, den MSE auszuschalten. |
|
02.06.2012, 17:39
| #32 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mail Account gehackt? Was ist tokenserver? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
02.06.2012, 20:41
| #33 |
| | Mail Account gehackt? Was ist tokenserver? Wieder mit Admin Konto gescannt, wegen MSE.
__________________[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-02.03 - Surfer 02.06.2012 21:20:10.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2973.1527 [GMT 2:00]
ausgeführt von:: c:\users\tobi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\isRS-000.tmp
c:\windows\system32\msvcsv60.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-02 bis 2012-06-02 ))))))))))))))))))))))))))))))
.
.
2012-06-02 19:29 . 2012-06-02 19:29 -------- d-----w- c:\users\tobi\AppData\Local\temp
2012-06-02 19:29 . 2012-06-02 19:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-02 19:29 . 2012-06-02 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 22:01 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-06-01 22:01 . 2012-04-18 11:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-01 21:59 . 2012-06-01 22:02 -------- d-----w- c:\users\Surfer\AppData\Roaming\DVDVideoSoft
2012-06-01 19:15 . 2012-06-01 19:15 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\offreg.dll
2012-06-01 17:59 . 2012-06-01 17:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys
2012-06-01 13:03 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\mpengine.dll
2012-06-01 13:01 . 2012-05-14 23:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A57855F9-9ACF-4937-9C44-BDE4C30F513A}\mpengine.dll
2012-06-01 10:05 . 2012-06-01 10:05 -------- d-----w- C:\_OTL
2012-05-31 22:54 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 14:51 . 2012-05-31 14:51 -------- d-----w- c:\program files\ESET
2012-05-31 12:37 . 2012-05-31 12:37 -------- d-----w- c:\program files\Common Files\Java
2012-05-31 12:37 . 2012-05-31 12:36 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-31 12:33 . 2012-05-31 12:33 3584 ----a-r- c:\users\tobi\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-05-31 12:33 . 2012-05-31 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-05-29 18:14 . 2012-05-29 18:14 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e314842b1cd3dc602\MeshBetaRemover.exe
2012-05-29 18:14 . 2012-05-29 18:14 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\DXSETUP.exe
2012-05-29 18:14 . 2012-05-29 18:14 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\DSETUP.dll
2012-05-29 18:14 . 2012-05-29 18:14 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e27b4f2d1cd3dc601\dsetup32.dll
2012-05-21 08:50 . 2012-05-21 08:50 -------- d-----w- c:\program files\Gitarrero Software
2012-05-11 01:46 . 2012-05-11 01:46 -------- d-----w- c:\users\Surfer\AppData\Roaming\Logitech
2012-05-10 11:30 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 11:30 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 11:30 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:30 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 11:30 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 11:30 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 11:30 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 11:30 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 11:30 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 11:30 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 21:07 . 2012-05-31 21:26 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 12:36 . 2010-05-11 08:44 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 17:53 . 2012-04-10 00:41 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 17:53 . 2011-10-19 23:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 10:19 . 2009-11-21 11:42 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-04-10 10:19 . 2009-11-21 11:42 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-10 10:19 . 2012-04-10 10:19 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-10 10:19 . 2009-11-21 11:42 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-04-06 02:00 . 2012-04-06 02:00 53248 ----a-r- c:\users\tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-06 02:00 . 2012-04-06 02:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 13:56 . 2011-03-30 21:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 18:44 . 2010-10-24 20:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2010-03-25 19:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-04-25 00:30 . 2011-10-19 14:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13 284304 ----a-w- c:\windows\System32\WebDAV.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Buyertools Reminder"="c:\program files\Buyertools Reminder\Reminder.exe" [2012-05-09 6592000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"ACFanControl"="c:\program files\ACFanControl\ACFanControl.exe" [2010-10-04 249856]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-11-01 802816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 365632]
"OMEA"="c:\program files\GO! Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" [2009-05-20 180224]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Surfer\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2010-10-12 4142448]
.
c:\users\Surfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2011-11-10 14000128]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2010-10-12 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI3"=timiditydrv.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-08-19 14:15 487424 ----a-w- c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-02-12 05:40 365632 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-12-03 10:09 911184 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Check Mail]
2007-04-18 21:37 2158080 ----a-w- c:\program files\CheckMail V2\CK_Mail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Koma-Mail]
2010-03-12 14:14 2836992 ----a-w- c:\program files\KomaMail\Koma_Mail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-09-15 13:24 883208 ----a-w- c:\program files\Launch Manager\LManager.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseExtender]
2010-09-23 01:26 455168 ----a-w- c:\users\tobi\Desktop\MouseExtender.1.9.7.2\MouseExtender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2010-07-11 09:42 2199040 ----a-w- c:\program files\Rainlendar2\Rainlendar2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-10-10 06:51 614400 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher]
2007-10-28 10:35 425984 ----a-w- c:\program files\Switcher\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-12-03 10:06 2622104 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"emsisoftantimalwaresetup"="t:\temp\EmsisoftAntiMalwareSetup.exe"
"Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 EchoIndigo;echondgo;c:\windows\system32\DRIVERS\echondgo.sys [2009-12-08 132544]
R3 echondgo;Indigo Service;c:\windows\system32\drivers\echondgo.sys [2009-12-08 132544]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-05 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 47104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-07-29 994360]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UDST7000BDA;TerraTec H7 service;c:\windows\system32\DRIVERS\TerraTecUsbBda.sys [2010-08-17 782840]
R3 UDST7000HID;TerraTec H7/S7 HID service;c:\windows\system32\DRIVERS\TerraTecUsbHid.sys [2010-08-04 22136]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 10752]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2009-04-30 12288]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-05-15 265800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-27 232512]
S1 MpKsla7fba890;MpKsla7fba890;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15DF7CD8-ED94-4567-971E-A961FB3B33C5}\MpKsla7fba890.sys [2012-06-01 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\WebDAV.AdminService.exe [2010-07-09 16016]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [2009-06-07 61440]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-11-30 5120]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 6321016]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 470904]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-11-01 401408]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [2010-09-16 35040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 86367465
*NewlyCreated* - MPKSLA7FBA890
*Deregistered* - 86367465
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 17:53]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 19:30]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 19:30]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to MP3 Converter - c:\users\Surfer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\Buyertools Reminder\ReminderIE.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Surfer\AppData\Roaming\Mozilla\Firefox\Profiles\jye9hvyp.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Surfer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-Netzmanager - c:\programdata\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}\Netzmanager1.070.0305_111110b.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}\Netzmanager1.070.0305_111110b.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\relog_ap.DLL
.
Zeit der Fertigstellung: 2012-06-02 21:31:57
ComboFix-quarantined-files.txt 2012-06-02 19:31
ComboFix2.txt 2011-04-01 13:00
.
Vor Suchlauf: 21 Verzeichnis(se), 67.806.941.184 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 67.601.440.768 Bytes frei
.
- - End Of File - - E5E24508663BAA75B1F641A62C3377EC
PS: Schon wieder neue Mails als gelesen markiert, Fehlermeldungen in beiden Konten: "Papierkorb beschädigt, leeren?" Geändert von ronze44 (02.06.2012 um 21:05 Uhr) Grund: Fehlermeldungen |
|
03.06.2012, 12:54
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.06.2012, 14:03
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver? Nein ohne Adminrechte geht das nicht
__________________ --> Mail Account gehackt? Was ist tokenserver? |
|
03.06.2012, 15:48
| #37 |
| | Mail Account gehackt? Was ist tokenserver? Arne, ich weiß nicht, ob alles richtig war. habe während der scans im Admin Konto versehentlich vergessen, FF im Standard Konto zu schließen. GMER scannte, auf T (die RAM Disk) scannte er einen Windows Ordner, der dort aber nicht vorhanden ist (?). Nachdem auf T erneut dasselbe gescannt wurde, habe ich STOP probiert. Danach Absturz beim sichern...also kein Ergebnis Ständig "blockierte Ereignisse" , ist wohl die Windows FW OSAM sendete files ins Netz, etwa Tablet driver, danach Fenster offen(?) Hat er so schnell gescannt? Ich hab wohl was falsch gemacht. Papierkorb beschädigt... Nun muss ich etvtl . alles nochmal machen, doch hier die Logs, die ich momentan habe: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 16:07:32
-----------------------------
16:07:32.262 OS Version: Windows 6.1.7601 Service Pack 1
16:07:32.262 Number of processors: 2 586 0x170A
16:07:32.264 ComputerName: TOBI-PC UserName: Surfer
16:07:32.724 Initialize success
16:09:15.931 AVAST engine defs: 12060300
16:09:32.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:09:32.484 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
16:09:32.887 Disk 0 MBR read successfully
16:09:32.891 Disk 0 MBR scan
16:09:32.897 Disk 0 Windows 7 default MBR code
16:09:33.115 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11264 MB offset 2048
16:09:33.197 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 113599 MB offset 23070726
16:09:33.230 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 113605 MB offset 255731712
16:09:33.246 Disk 0 scanning sectors +488394752
16:09:33.648 Disk 0 scanning C:\Windows\system32\drivers
16:10:29.825 Service scanning
16:10:43.788 Service MpKsl7421232e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6F3380A-5697-496F-B20A-5504998E0611}\MpKsl7421232e.sys **LOCKED** 32
16:11:04.990 Modules scanning
16:11:33.680 Disk 0 trace - called modules:
16:11:33.721 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
16:11:33.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ae7030]
16:11:33.735 3 CLASSPNP.SYS[8baa159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d33908]
16:11:34.358 AVAST engine scan C:\Windows
16:11:41.387 AVAST engine scan C:\Windows\system32
16:31:30.186 AVAST engine scan C:\Windows\system32\drivers
16:32:06.103 AVAST engine scan C:\Users\Surfer
16:32:41.656 AVAST engine scan C:\ProgramData
16:34:42.515 Scan finished successfully
16:35:25.787 Disk 0 MBR has been saved successfully to "C:\Users\tobi\Desktop\MBR.dat"
16:35:25.797 The log file has been saved successfully to "C:\Users\tobi\Desktop\aswMBR.txt"
|
|
03.06.2012, 16:49
| #38 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver?Zitat:
 Zumindest wenn die RAMdisk nur dafür nutzen will, um die TEMP-Pfade dahin zu legen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2012, 19:34
| #39 |
| | Mail Account gehackt? Was ist tokenserver? Habe den Temp ja umgestellt, nur noch nicht auf der RAM Disk gelöscht. Löschen kann ich ja nicht, wegen Papierkorb. Sind die Logs brauchbar? |
|
03.06.2012, 20:59
| #40 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver?Zitat:
 Warum genau hast du dir eine RAMdisk erstellst?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2012, 23:04
| #41 | |
| | Mail Account gehackt? Was ist tokenserver?Zitat:
Kann man eine Aussage treffen über den momentanen Sicherheits- Zustand, oder soll ich nochmal scannen? |
|
04.06.2012, 12:40
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver? Nimm die RAMDisk wieder weg und leg die TEMP-Pfade falls verschoben wieder auf die richtigen (ursprünglichen) Bereiche Probier dann GMER bitte nochmal Ich weiß nicht ob die RAM-Disk wirklich so von Vorteil ist, hab da so meine Zweifel. Naja aber ausprobieren kann man mal. Ich hab deswegen meine Zweifel, weil ich doch manchen Programme nicht traue, und die doch nicht irgendeine Datei abgreifen will die in TMP legt. Da der RAM aber ein flüchtiger Speicher ist,ist diese RAMDisk logischerweise spätestens beim nächsten Neustart wieder leer. http://www.piksa.info/blog/2008/08/0...-wem-es-nutzt/
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2012, 12:45
| #43 |
| | Mail Account gehackt? Was ist tokenserver? die hatte ich doch längst umgestellt!!! Bitte, aber das war doch vor Tagen schon erledigt, versteh ich nicht. Ach so, ich soll sie komplett vom System nehmen... da muss ich erst sehen, wie man das macht, das weiß ich nämlich nicht. |
|
04.06.2012, 16:13
| #44 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mail Account gehackt? Was ist tokenserver? Dann lass die RAMdisk da und mach die PFade zu TEMP wieder richtig oder ist das jetzt erledigt?  Warum frag ich nach?! Wegen dieser Meldung! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2012, 23:17
| #45 |
| | Mail Account gehackt? Was ist tokenserver? wie ich meinte , ich hab die Temp Pfade längst umgestellt. Diese Papierkorb-Beschädigung hängt wohl mit dem Umstellen zusammen. Keine Lösung in Sicht. Im GMER hatte ich bloß bei /:T halt noch den Haken gesetzt. Seit heut morgen läuft GMER nun durch, (nur /:C) er ist grad bei files-Buchstabe C - das dauert wohl noch Tage. Hätte den Haken bei files weg machen sollen. Gehe mit dem auch nicht ins Netz während er scannt. Hoffentlich stürtzt er nicht ab. Muss ich dann SAFE klicken und als Text speichern, richtig? |
|
| Themen zu Mail Account gehackt? Was ist tokenserver? |
| account, anderes, angriffe, anzahl, bereits, bild, eintrag, entdeck, entdeckt, firefox, gehackt, gmx, grund, https, ide, kontakt, mail, mails, markiert, nichts, private, server, speicher, stelle, würde |
Mail Account gehackt? Was ist tokenserver?
Linear-Darstellung
