| |
| |||||||
Log-Analyse und Auswertung: Durchsicht Logs nach WiderherstellungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.09.2012, 00:19
| #1 |
| |  Durchsicht Logs nach Widerherstellung Hallo Trojaner-Board, wäre es möglich, dass ihr bitte meine OTL-Files durch seht, ob dort was verdächtiges aufgeführt ist? Hatte vor zwei Tagen das Problem, dass beim Surfen sich plötzlich einige Dialogfenster öffneten und, blöd wie ich war, ich sie schließen wollte. Danach fror Firefox ein und ließ sich nicht mehr schließen. Danach musste ich den PC mehrmals neu starten bis er ohne Fehlermeldung hochfuhr, allerdings war nun kein Win7 Modus mehr verfügbar. Habe dann in meiner Unwissenheit einen älteren Systemwiderherstellungspunkt verwendet, das hat funktioniert. Musste dann noch das Antivierenprogramm (Norton) neu installieren, da es sich nicht mehr einschalten lies. Jetzt schaut alles wider normal aus und funktioniert auch wider. Auch Malwarebytes Anti-Malware findet keine Probleme, allerdings binn ich da sehr skeptisch, ob auch wirklich wider alles in Ordnung ist. Kenne mich in solchen Sachen nur Leihenhaft aus, und wollte nun euch um Rat bitten. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.28.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Kazare :: MEDIACENTER [Administrator] 29.09.2012 00:59:20 mbam-log-2012-09-29 (00-59-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197442 Laufzeit: 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL logfile created on: 28.09.2012 23:26:18 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kazare\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,29% Memory free 8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 576,96 Gb Total Space | 338,97 Gb Free Space | 58,75% Space Free | Partition Type: NTFS Computer Name: MEDIACENTER | User Name: Kazare | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kazare\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe () ========== Modules (No Company Name) ========== MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (PnkBstrA) -- C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120928.003\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120928.003\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120928.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx64.sys (Symantec Corporation) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {765500B8-4A56-44DC-A02D-879C057FE07E} IE:64bit: - HKLM\..\SearchScopes\{765500B8-4A56-44DC-A02D-879C057FE07E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {7E80A078-7967-445E-8018-CE54AB54525F} IE - HKLM\..\SearchScopes\{7E80A078-7967-445E-8018-CE54AB54525F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\..\SearchScopes,DefaultScope = {7E80A078-7967-445E-8018-CE54AB54525F} IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.bing.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.09.28 22:58:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.25 21:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.26 16:52:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.06.10 13:06:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2012.09.26 16:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Extensions [2010.05.05 19:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010.05.05 19:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Sunbird\Profiles\ytnmeb8e.default\extensions [2012.09.26 16:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.25 21:09:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN [2012.08.25 02:01:17 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:23:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:02:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:23:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:23:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:23:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:23:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Kazare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAE7C78-F6A7-48AB-B644-628A5CA4DA01}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DABDFA26-34B3-4D39-84DB-A4D4E08959F5}: DhcpNameServer = 10.72.0.72 10.72.0.73 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b1873307-52fc-11df-9eb6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b1873307-52fc-11df-9eb6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{B1873303-52FC-11DF-9EB6-806E6F6E6963}\bootwiz\asrm.bin) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.28 23:20:19 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kazare\Desktop\OTL.exe [2012.09.26 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.09.26 17:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.09.26 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.09.26 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Kazare\AppData\Local\Macromedia [2012.09.26 17:06:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.09.26 16:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.25 21:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.09.25 21:06:16 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.sys [2012.09.25 21:06:16 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.sys [2012.09.25 21:06:16 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.sys [2012.09.25 21:06:16 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnets.sys [2012.09.25 21:06:16 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Ironx64.sys [2012.09.25 21:06:16 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.sys [2012.09.25 21:06:16 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymELAM.sys [2012.09.25 21:06:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.sys [2012.09.25 21:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1401010.002 [2012.09.25 20:28:00 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.09.25 20:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.09.25 20:27:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012.09.25 20:27:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.09.25 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.09.25 20:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller ========== Files - Modified Within 30 Days ========== [2012.09.28 23:20:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kazare\Desktop\OTL.exe [2012.09.28 23:08:30 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 23:08:30 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 23:05:22 | 000,000,000 | ---- | M] () -- C:\Users\Kazare\defogger_reenable [2012.09.28 22:56:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.28 22:56:53 | 3220,320,256 | -HS- | M] () -- C:\hiberfil.sys [2012.09.28 12:40:12 | 000,050,477 | ---- | M] () -- C:\Users\Kazare\Desktop\Defogger.exe [2012.09.26 16:39:34 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.26 16:39:34 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.26 16:39:34 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.26 16:39:34 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.26 16:39:34 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.25 21:15:38 | 000,008,888 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034 [2012.09.25 21:08:05 | 001,330,507 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Cat.DB [2012.09.25 21:06:36 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.09.25 21:06:36 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.09.25 21:06:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.09.15 01:40:30 | 000,076,524 | ---- | M] () -- C:\Users\Kazare\Desktop\Bolgod und Golotag.jpg [2012.08.31 20:44:51 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\isolate.ini ========== Files Created - No Company Name ========== [2012.09.28 23:05:22 | 000,000,000 | ---- | C] () -- C:\Users\Kazare\defogger_reenable [2012.09.28 12:40:09 | 000,050,477 | ---- | C] () -- C:\Users\Kazare\Desktop\Defogger.exe [2012.09.26 16:52:08 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.25 21:16:00 | 000,008,888 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034 [2012.09.25 21:07:48 | 001,330,507 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Cat.DB [2012.09.25 21:06:04 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymELAM64.cat [2012.09.25 21:06:04 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymVTcer.dat [2012.09.25 21:06:04 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.cat [2012.09.25 21:06:04 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnet64.cat [2012.09.25 21:06:04 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.cat [2012.09.25 21:06:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA.inf [2012.09.25 21:06:04 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS.inf [2012.09.25 21:06:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymNet.inf [2012.09.25 21:06:04 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.inf [2012.09.25 21:06:04 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.inf [2012.09.25 21:06:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symELAM.inf [2012.09.25 21:06:04 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.inf [2012.09.25 21:06:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Iron.inf [2012.09.25 21:06:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccsetx64.cat [2012.09.25 21:06:03 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.cat [2012.09.25 21:06:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.cat [2012.09.25 21:06:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\iron.cat [2012.09.25 21:06:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\isolate.ini [2012.09.25 20:28:00 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.09.25 20:28:00 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.09.15 01:40:24 | 000,076,524 | ---- | C] () -- C:\Users\Kazare\Desktop\Bolgod und Golotag.jpg [2011.03.11 14:28:57 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.07 22:58:40 | 000,001,940 | ---- | C] () -- C:\Users\Kazare\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.07.28 02:21:23 | 000,003,584 | ---- | C] () -- C:\Users\Kazare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.25 22:08:03 | 000,007,686 | ---- | C] () -- C:\Users\Kazare\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010.10.10 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Acronis [2010.07.26 00:33:22 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\IBBoard [2010.05.05 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Leadertech [2012.04.30 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Tific [2012.06.05 12:49:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 28.09.2012 23:26:18 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kazare\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,29% Memory free 8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 576,96 Gb Total Space | 338,97 Gb Free Space | 58,75% Space Free | Partition Type: NTFS Computer Name: MEDIACENTER | User Name: Kazare | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A61ADB7-D952-4667-99F1-DEDAAC1207B2}" = lport=137 | protocol=17 | dir=in | app=system | "{1C546A53-7E42-4FA2-82D9-C101EA1D37B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F7BCDB2-78AB-4490-BBBC-82A03854E74A}" = rport=139 | protocol=6 | dir=out | app=system | "{60BBA9EB-E063-41BC-8559-32917921AE2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B0D0788-0A84-4BFA-92EE-9A92557EB77B}" = lport=139 | protocol=6 | dir=in | app=system | "{8763F352-2438-4E65-8A14-C8B206BC6C7F}" = lport=2869 | protocol=6 | dir=in | app=system | "{87B4F256-6448-4E8E-B852-F6E896528F1C}" = rport=137 | protocol=17 | dir=out | app=system | "{9199EDB5-AC0F-402C-961C-4AB0DF966E8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B3100271-9E41-449E-9C34-32D22FF72501}" = rport=445 | protocol=6 | dir=out | app=system | "{B9043917-52D1-44A5-8DC5-ACDF6144B0FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E71980D5-EE82-4B36-BA8F-00FCCA623478}" = lport=445 | protocol=6 | dir=in | app=system | "{E89C886B-ECCA-4695-8A74-FF9782F1BA9D}" = lport=138 | protocol=17 | dir=in | app=system | "{ED262B5A-D553-4BC1-990D-C538C98D74F4}" = rport=138 | protocol=17 | dir=out | app=system | "{F61EFA15-C8A4-448B-BB8E-9881A6EA563A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05EEDBED-4572-4376-83AE-BB5CA950FC02}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{07D06FB2-D434-4D37-95C5-C44AEBA8F771}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{134C46E4-AA9F-4D13-BEF7-DCEC1EB0D4DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1A418912-EC56-4082-A962-373D98A3D101}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{20E009B4-D47A-4EDD-A9BD-148456041EB6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{29A0CE58-7DD5-4F4C-AF0D-8C10709F9DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe | "{2BE4F6D7-4966-4238-91C0-D5348691764B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2E6E73DD-DE17-41DC-B3C3-30D29410A5A3}" = protocol=17 | dir=in | app=c:\users\kazare\appdata\local\temp\7zsefca.tmp\symnrt.exe | "{3361CB99-2CC5-4036-8B12-486C260E4B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{409090D2-89B9-4FF6-809A-62A36923FC91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{45E37459-F9F8-43E3-9C82-96522D65443C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{4882C555-33EA-4854-A66E-AFD5F448B6B2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4ED38BE0-AD82-435A-BB27-9071CD666027}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{5083F58F-7FF7-4DD0-B9FD-EB1940821166}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{58E7A4FC-466D-4301-B519-94BC84F08207}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{6B6DB50C-CCC8-4495-AC83-E5F0F1B813A8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{76A6C6A5-5F5F-4FA9-BA0D-2E0E3A0D8012}" = protocol=17 | dir=in | app=c:\users\kazare\appdata\local\temp\7zs58b9.tmp\symnrt.exe | "{7B9271FB-40A7-4076-B0C3-0A1B59E766D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{82DD532C-1538-4513-A1FA-7ABDF6DE51A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{88BEA7BF-B3B2-459F-9C13-E7709C1BB7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{96B285D9-FC52-4B7C-90AE-56DC63A73367}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9BA882EB-EAEA-48CA-A88D-5903BB5DF589}" = protocol=6 | dir=in | app=c:\users\kazare\appdata\local\temp\7zsefca.tmp\symnrt.exe | "{BC4BF4E0-D5D5-417C-A0DD-D79A44BF892B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{CBF251B7-AC78-411E-8136-C779B54F1AB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{CD86E0B3-67F7-4C1B-8EC2-9513627DF718}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{E5D8B614-E512-46A8-BBB1-D6F125ED61F3}" = protocol=6 | dir=in | app=c:\users\kazare\appdata\local\temp\7zs58b9.tmp\symnrt.exe | "{EF62D879-0DF2-4BD6-ABB8-E08F5C673A85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe | "{F3F0FB5D-B19B-4646-AEFC-E604B311F4AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A4E6B7B-72F8-F09D-3167-D10BED76C1D1}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Redirection Port Monitor" = RedMon - Redirection Port Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F6151-CDFF-4ACE-6A0B-AB10E5C72CB6}" = CCC Help English "{0334E92E-8D83-DBB5-6AB7-A6CDBFEA9502}" = Catalyst Control Center InstallProxy "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0B2BE3A5-64A9-3CFB-7F9A-B76C774D70DF}" = CCC Help Portuguese "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20E91018-E7FD-1094-FEB6-D7E64A12CAAC}" = CCC Help Japanese "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{30B6778F-B315-2E98-36EB-E06806B1E410}" = CCC Help Chinese Traditional "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{424BF763-4A22-CBD1-2EA4-E9F455A0B7DE}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{567AB08A-6816-E679-EE84-A89F107E75F7}" = Catalyst Control Center Graphics Previews Vista "{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{64710CB5-466A-3DF4-A8AF-C0B1357399E6}" = CCC Help Hungarian "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09 "{6AF15677-78CA-5081-7F8D-55A82680FEE4}" = ccc-core-static "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7508A2B5-23AC-D9B4-5B4F-682771FF29D8}" = CCC Help Italian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A74FFDF-F000-792D-A785-2BE5FD48D260}" = Skins "{8C6C7024-853F-3583-7D85-ABB5CD0EBB97}" = Catalyst Control Center Graphics Full New "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A7AAE9A9-9E9A-FAFB-A12F-65BDB6391A39}" = CCC Help Spanish "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AA4916CE-C893-375B-CAAF-5BAC711629F2}" = CCC Help Korean "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{B0BBD04F-0A95-2AAA-666B-8AFDAF835BAE}" = Catalyst Control Center Core Implementation "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{BBE209D7-0A90-1684-5124-8D470CF46E91}" = CCC Help Chinese Standard "{BD4EA616-6D92-53FC-1CFC-1894CF9E5FBA}" = Catalyst Control Center Graphics Light "{BD6441FE-2D09-5632-4A70-5DEB2B661268}" = Catalyst Control Center Graphics Full Existing "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D837A4C4-8466-D33F-54A5-064002985191}" = CCC Help German "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB6316F0-E008-EA74-8C15-4B178CA09F7B}" = CCC Help Turkish "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}" = Plus Pack für Acronis True Image Home 2011 "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F76F2105-B0DB-B1AA-F254-1B68FCE35D63}" = Catalyst Control Center Graphics Previews Common "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B04736-2F30-2316-7741-DCB067B78988}" = CCC Help French "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.1 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Dell Dock" = Dell Dock "FreePDF_XP" = FreePDF (Remove only) "Heye Unberührte Welten 2011" = Heye Unberührte Welten 2011 Bildschirmschoner "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "Mozilla Firefox 10.0.7 (x86 de)" = Mozilla Firefox 10.0.7 (x86 de) "NIS" = Norton Internet Security "The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0 "VLC media player" = VLC media player 1.1.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 3028 Description = Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 3058 Description = Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 7010 Description = Error - 07.08.2012 12:59:48 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621 Description = Error - 07.08.2012 16:48:04 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621 Description = Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1508 Description = Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. for C:\Users\Kazare\ntuser.dat Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1502 Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1515 Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden. Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1511 Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. Error - 24.08.2012 20:47:29 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621 Description = [ Broadcom Wireless LAN Events ] Error - 15.10.2010 03:50:39 | Computer Name = MEDIACENTER | Source = WLAN-Tray | ID = 0 Description = 09:50:38, Fri, Oct 15, 10 Error - Unable to gain access to user store [ Media Center Events ] Error - 03.05.2010 17:13:16 | Computer Name = MEDIACENTER | Source = MCUpdate | ID = 0 Description = 23:13:16 - Fehler beim Herstellen der Internetverbindung. 23:13:16 - Serververbindung konnte nicht hergestellt werden.. Error - 03.05.2010 17:17:18 | Computer Name = MEDIACENTER | Source = MCUpdate | ID = 0 Description = 23:17:18 - Fehler beim Herstellen der Internetverbindung. 23:17:18 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 26.09.2012 09:54:25 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.09.2012 11:53:59 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 26.09.2012 11:53:59 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 26.09.2012 12:43:40 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.09.2012 13:50:47 | Computer Name = MEDIACENTER | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?09.?2012 um 19:42:32 unerwartet heruntergefahren. Error - 26.09.2012 13:50:56 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 28.09.2012 06:16:44 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 28.09.2012 16:57:06 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 28.09.2012 16:57:18 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 28.09.2012 16:57:18 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > |
|
29.09.2012, 14:04
| #2 |
| /// TB-Ausbilder   | Durchsicht Logs nach Widerherstellung Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Hinweis: Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Ok, dann sehen wir uns deinen Rechner mal an.  Schritt 1 Ich sehe das Du sogenannte Registry Cleaner am System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 3 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 4 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
30.09.2012, 22:27
| #3 |
| | Durchsicht Logs nach Widerherstellung Hallo Matthias,
__________________danke, dass du dich meiner annimmst. Habe den CCleaner deinstalliert. Die Problematik beim CCleaner besteht ja nur wenn man den Registrycleaner verwendet, das normale Bereinigen, wäre ja nicht schlimm, oder? Nun die Logs: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 23:12:06
-----------------------------
23:12:06.094 OS Version: Windows x64 6.1.7600
23:12:06.094 Number of processors: 2 586 0x6B02
23:12:06.094 ComputerName: MEDIACENTER UserName: Kazare
23:12:08.829 Initialize success
23:12:26.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
23:12:26.007 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 11
23:12:26.022 Disk 0 MBR read successfully
23:12:26.027 Disk 0 MBR scan
23:12:26.037 Disk 0 unknown MBR code
23:12:26.042 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
23:12:26.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19582 MB offset 178176
23:12:26.067 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 590810 MB offset 40282112
23:12:26.087 Disk 0 scanning C:\Windows\system32\drivers
23:12:31.627 Service scanning
23:12:44.537 Modules scanning
23:12:44.552 Disk 0 trace - called modules:
23:12:44.577 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:12:44.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048e1060]
23:12:44.602 3 CLASSPNP.SYS[fffff8800198b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8004844060]
23:12:44.612 Scan finished successfully
23:13:02.118 Disk 0 MBR has been saved successfully to "C:\Users\Kazare\Desktop\MBR.dat"
23:13:02.123 The log file has been saved successfully to "C:\Users\Kazare\Desktop\aswMBR.txt"
Code:
ATTFilter 23:15:04.0244 5064 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:15:04.0259 5064 ============================================================
23:15:04.0259 5064 Current date / time: 2012/09/30 23:15:04.0259
23:15:04.0259 5064 SystemInfo:
23:15:04.0259 5064
23:15:04.0259 5064 OS Version: 6.1.7600 ServicePack: 0.0
23:15:04.0259 5064 Product type: Workstation
23:15:04.0259 5064 ComputerName: MEDIACENTER
23:15:04.0259 5064 UserName: Kazare
23:15:04.0259 5064 Windows directory: C:\Windows
23:15:04.0259 5064 System windows directory: C:\Windows
23:15:04.0259 5064 Running under WOW64
23:15:04.0259 5064 Processor architecture: Intel x64
23:15:04.0259 5064 Number of processors: 2
23:15:04.0259 5064 Page size: 0x1000
23:15:04.0259 5064 Boot type: Normal boot
23:15:04.0259 5064 ============================================================
23:15:06.0299 5064 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:15:06.0309 5064 ============================================================
23:15:06.0309 5064 \Device\Harddisk0\DR0:
23:15:06.0309 5064 MBR partitions:
23:15:06.0309 5064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x263F000
23:15:06.0309 5064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x266A800, BlocksNum 0x481ED000
23:15:06.0309 5064 ============================================================
23:15:06.0329 5064 C: <-> \Device\Harddisk0\DR0\Partition2
23:15:06.0329 5064 ============================================================
23:15:06.0329 5064 Initialize success
23:15:06.0329 5064 ============================================================
23:15:10.0739 4056 ============================================================
23:15:10.0739 4056 Scan started
23:15:10.0739 4056 Mode: Manual;
23:15:10.0739 4056 ============================================================
23:15:11.0404 4056 ================ Scan system memory ========================
23:15:11.0404 4056 System memory - ok
23:15:11.0404 4056 ================ Scan services =============================
23:15:11.0599 4056 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:15:11.0609 4056 1394ohci - ok
23:15:11.0654 4056 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:15:11.0659 4056 ACPI - ok
23:15:11.0664 4056 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:15:11.0664 4056 AcpiPmi - ok
23:15:11.0774 4056 [ CAB6B4C7C86648B5C119B5D42E71A27D ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
23:15:11.0789 4056 AcrSch2Svc - ok
23:15:11.0834 4056 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:15:11.0854 4056 adp94xx - ok
23:15:11.0904 4056 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:15:11.0914 4056 adpahci - ok
23:15:11.0934 4056 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:15:11.0939 4056 adpu320 - ok
23:15:11.0979 4056 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:15:11.0979 4056 AeLookupSvc - ok
23:15:12.0024 4056 [ CC946C4EBF60CB6DC8816E5F8A941EAD ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
23:15:12.0029 4056 afcdp - ok
23:15:12.0154 4056 [ 149E8CA66CEADE0D17AC4028A567499F ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
23:15:12.0229 4056 afcdpsrv - ok
23:15:12.0299 4056 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
23:15:12.0319 4056 AFD - ok
23:15:12.0339 4056 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:15:12.0339 4056 agp440 - ok
23:15:12.0364 4056 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:15:12.0369 4056 ALG - ok
23:15:12.0379 4056 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:15:12.0384 4056 aliide - ok
23:15:12.0434 4056 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:15:12.0434 4056 AMD External Events Utility - ok
23:15:12.0454 4056 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:15:12.0454 4056 amdide - ok
23:15:12.0499 4056 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:15:12.0499 4056 AmdK8 - ok
23:15:12.0509 4056 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:15:12.0509 4056 AmdPPM - ok
23:15:12.0564 4056 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:15:12.0564 4056 amdsata - ok
23:15:12.0624 4056 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:15:12.0629 4056 amdsbs - ok
23:15:12.0664 4056 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:15:12.0669 4056 amdxata - ok
23:15:12.0689 4056 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
23:15:12.0694 4056 AppID - ok
23:15:12.0709 4056 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:15:12.0714 4056 AppIDSvc - ok
23:15:12.0729 4056 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
23:15:12.0729 4056 Appinfo - ok
23:15:12.0759 4056 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:15:12.0764 4056 AppMgmt - ok
23:15:12.0779 4056 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:15:12.0779 4056 arc - ok
23:15:12.0789 4056 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:15:12.0789 4056 arcsas - ok
23:15:12.0874 4056 aspnet_state - ok
23:15:12.0914 4056 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:15:12.0914 4056 AsyncMac - ok
23:15:12.0949 4056 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:15:12.0949 4056 atapi - ok
23:15:13.0024 4056 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:15:13.0024 4056 AtiHdmiService - ok
23:15:13.0154 4056 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:15:13.0274 4056 atikmdag - ok
23:15:13.0324 4056 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
23:15:13.0324 4056 AtiPcie - ok
23:15:13.0389 4056 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:15:13.0394 4056 AudioEndpointBuilder - ok
23:15:13.0414 4056 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:15:13.0419 4056 AudioSrv - ok
23:15:13.0484 4056 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:15:13.0484 4056 AxInstSV - ok
23:15:13.0549 4056 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:15:13.0559 4056 b06bdrv - ok
23:15:13.0604 4056 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:15:13.0609 4056 b57nd60a - ok
23:15:13.0654 4056 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:15:13.0659 4056 BCM42RLY - ok
23:15:13.0754 4056 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:15:13.0779 4056 BCM43XX - ok
23:15:13.0839 4056 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:15:13.0839 4056 BDESVC - ok
23:15:13.0854 4056 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:15:13.0854 4056 Beep - ok
23:15:13.0919 4056 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
23:15:13.0929 4056 BFE - ok
23:15:14.0234 4056 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
23:15:14.0249 4056 BHDrvx64 - ok
23:15:14.0284 4056 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
23:15:14.0304 4056 BITS - ok
23:15:14.0349 4056 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:15:14.0349 4056 blbdrive - ok
23:15:14.0399 4056 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:15:14.0399 4056 bowser - ok
23:15:14.0424 4056 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:15:14.0424 4056 BrFiltLo - ok
23:15:14.0429 4056 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:15:14.0429 4056 BrFiltUp - ok
23:15:14.0439 4056 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
23:15:14.0444 4056 Browser - ok
23:15:14.0464 4056 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:15:14.0469 4056 Brserid - ok
23:15:14.0484 4056 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:15:14.0484 4056 BrSerWdm - ok
23:15:14.0489 4056 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:15:14.0489 4056 BrUsbMdm - ok
23:15:14.0499 4056 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:15:14.0499 4056 BrUsbSer - ok
23:15:14.0509 4056 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:15:14.0509 4056 BTHMODEM - ok
23:15:14.0549 4056 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:15:14.0549 4056 bthserv - ok
23:15:14.0639 4056 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1401010.002\ccSetx64.sys
23:15:14.0644 4056 ccSet_NIS - ok
23:15:14.0699 4056 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:15:14.0704 4056 cdfs - ok
23:15:14.0729 4056 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:15:14.0734 4056 cdrom - ok
23:15:14.0774 4056 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
23:15:14.0779 4056 CertPropSvc - ok
23:15:14.0824 4056 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:15:14.0824 4056 circlass - ok
23:15:14.0844 4056 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:15:14.0854 4056 CLFS - ok
23:15:15.0054 4056 [ FFEFA728BBB3D981A66AF13259368D9C ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
23:15:15.0054 4056 CLHNServiceForPowerDVD12 - ok
23:15:15.0089 4056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:15.0089 4056 clr_optimization_v2.0.50727_32 - ok
23:15:15.0134 4056 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:15:15.0139 4056 clr_optimization_v2.0.50727_64 - ok
23:15:15.0149 4056 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:15:15.0149 4056 CmBatt - ok
23:15:15.0184 4056 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:15:15.0184 4056 cmdide - ok
23:15:15.0244 4056 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
23:15:15.0264 4056 CNG - ok
23:15:15.0344 4056 [ D2D11004E0D114B4A7C07FDE6CEBFCEE ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:15:15.0354 4056 CnxtHdAudService - ok
23:15:15.0384 4056 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:15:15.0384 4056 Compbatt - ok
23:15:15.0434 4056 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:15:15.0439 4056 CompositeBus - ok
23:15:15.0459 4056 COMSysApp - ok
23:15:15.0474 4056 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:15:15.0474 4056 crcdisk - ok
23:15:15.0519 4056 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:15:15.0519 4056 CryptSvc - ok
23:15:15.0549 4056 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
23:15:15.0569 4056 CSC - ok
23:15:15.0599 4056 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
23:15:15.0604 4056 CscService - ok
23:15:15.0719 4056 [ 6DAC5435B54D90474646C55E9E5750DF ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
23:15:15.0719 4056 CyberLink PowerDVD 12 Media Server Monitor Service - ok
23:15:15.0764 4056 [ 02C624C030012B250AC88DD2767F8CF5 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
23:15:15.0764 4056 CyberLink PowerDVD 12 Media Server Service - ok
23:15:15.0854 4056 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:15:15.0864 4056 DcomLaunch - ok
23:15:15.0909 4056 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:15:15.0914 4056 defragsvc - ok
23:15:15.0979 4056 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:15:15.0979 4056 DfsC - ok
23:15:16.0034 4056 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
23:15:16.0039 4056 Dhcp - ok
23:15:16.0084 4056 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:15:16.0084 4056 discache - ok
23:15:16.0149 4056 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:15:16.0154 4056 Disk - ok
23:15:16.0224 4056 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:15:16.0229 4056 Dnscache - ok
23:15:16.0364 4056 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
23:15:16.0369 4056 DockLoginService - ok
23:15:16.0409 4056 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
23:15:16.0414 4056 dot3svc - ok
23:15:16.0429 4056 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
23:15:16.0429 4056 DPS - ok
23:15:16.0489 4056 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:15:16.0489 4056 drmkaud - ok
23:15:16.0544 4056 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:15:16.0549 4056 DXGKrnl - ok
23:15:16.0559 4056 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:15:16.0564 4056 EapHost - ok
23:15:16.0659 4056 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:15:16.0794 4056 ebdrv - ok
23:15:16.0884 4056 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:15:16.0894 4056 eeCtrl - ok
23:15:16.0954 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
23:15:16.0954 4056 EFS - ok
23:15:17.0034 4056 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:15:17.0054 4056 ehRecvr - ok
23:15:17.0079 4056 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:15:17.0084 4056 ehSched - ok
23:15:17.0149 4056 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:15:17.0169 4056 elxstor - ok
23:15:17.0229 4056 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:15:17.0229 4056 EraserUtilRebootDrv - ok
23:15:17.0249 4056 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:15:17.0249 4056 ErrDev - ok
23:15:17.0329 4056 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:15:17.0334 4056 EventSystem - ok
23:15:17.0359 4056 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:15:17.0364 4056 exfat - ok
23:15:17.0379 4056 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:15:17.0384 4056 fastfat - ok
23:15:17.0434 4056 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
23:15:17.0459 4056 Fax - ok
23:15:17.0484 4056 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:15:17.0484 4056 fdc - ok
23:15:17.0499 4056 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:15:17.0499 4056 fdPHost - ok
23:15:17.0524 4056 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:15:17.0524 4056 FDResPub - ok
23:15:17.0534 4056 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:15:17.0534 4056 FileInfo - ok
23:15:17.0559 4056 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:15:17.0559 4056 Filetrace - ok
23:15:17.0564 4056 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:15:17.0564 4056 flpydisk - ok
23:15:17.0609 4056 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:15:17.0629 4056 FltMgr - ok
23:15:17.0689 4056 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
23:15:17.0719 4056 FontCache - ok
23:15:17.0804 4056 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:15:17.0804 4056 FontCache3.0.0.0 - ok
23:15:17.0844 4056 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:15:17.0844 4056 FsDepends - ok
23:15:17.0889 4056 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:15:17.0889 4056 Fs_Rec - ok
23:15:17.0949 4056 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:15:17.0959 4056 fvevol - ok
23:15:17.0994 4056 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:15:17.0994 4056 gagp30kx - ok
23:15:18.0054 4056 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
23:15:18.0064 4056 gpsvc - ok
23:15:18.0094 4056 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:15:18.0094 4056 hcw85cir - ok
23:15:18.0109 4056 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:15:18.0109 4056 HDAudBus - ok
23:15:18.0119 4056 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:15:18.0119 4056 HidBatt - ok
23:15:18.0124 4056 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:15:18.0129 4056 HidBth - ok
23:15:18.0139 4056 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:15:18.0144 4056 HidIr - ok
23:15:18.0154 4056 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:15:18.0159 4056 hidserv - ok
23:15:18.0209 4056 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:15:18.0209 4056 HidUsb - ok
23:15:18.0229 4056 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:15:18.0234 4056 hkmsvc - ok
23:15:18.0264 4056 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:15:18.0264 4056 HomeGroupListener - ok
23:15:18.0294 4056 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:15:18.0299 4056 HomeGroupProvider - ok
23:15:18.0324 4056 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:15:18.0324 4056 HpSAMD - ok
23:15:18.0349 4056 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:15:18.0369 4056 HTTP - ok
23:15:18.0379 4056 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:15:18.0384 4056 hwpolicy - ok
23:15:18.0429 4056 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:15:18.0434 4056 i8042prt - ok
23:15:18.0459 4056 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:15:18.0464 4056 iaStorV - ok
23:15:18.0519 4056 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:15:18.0544 4056 idsvc - ok
23:15:18.0674 4056 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120928.001\IDSvia64.sys
23:15:18.0679 4056 IDSVia64 - ok
23:15:18.0704 4056 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:15:18.0704 4056 iirsp - ok
23:15:18.0734 4056 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
23:15:18.0744 4056 IKEEXT - ok
23:15:18.0764 4056 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:15:18.0764 4056 intelide - ok
23:15:18.0789 4056 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:15:18.0794 4056 intelppm - ok
23:15:18.0829 4056 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:15:18.0834 4056 IPBusEnum - ok
23:15:18.0869 4056 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:15:18.0874 4056 IpFilterDriver - ok
23:15:18.0899 4056 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:15:18.0909 4056 iphlpsvc - ok
23:15:18.0944 4056 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:15:18.0944 4056 IPMIDRV - ok
23:15:18.0984 4056 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:15:18.0984 4056 IPNAT - ok
23:15:19.0049 4056 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:15:19.0054 4056 IRENUM - ok
23:15:19.0064 4056 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:15:19.0064 4056 isapnp - ok
23:15:19.0084 4056 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:15:19.0089 4056 iScsiPrt - ok
23:15:19.0134 4056 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:15:19.0139 4056 k57nd60a - ok
23:15:19.0189 4056 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:15:19.0189 4056 kbdclass - ok
23:15:19.0209 4056 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:15:19.0209 4056 kbdhid - ok
23:15:19.0229 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
23:15:19.0229 4056 KeyIso - ok
23:15:19.0244 4056 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:15:19.0249 4056 KSecDD - ok
23:15:19.0289 4056 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:15:19.0294 4056 KSecPkg - ok
23:15:19.0309 4056 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:15:19.0309 4056 ksthunk - ok
23:15:19.0339 4056 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:15:19.0344 4056 KtmRm - ok
23:15:19.0389 4056 [ F33C5D79D3273530E1892A0922283A7B ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
23:15:19.0389 4056 L8042Kbd - ok
23:15:19.0459 4056 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:15:19.0464 4056 LanmanServer - ok
23:15:19.0499 4056 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:15:19.0504 4056 LanmanWorkstation - ok
23:15:19.0579 4056 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
23:15:19.0584 4056 LBTServ - ok
23:15:19.0644 4056 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
23:15:19.0649 4056 LEqdUsb - ok
23:15:19.0709 4056 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
23:15:19.0714 4056 LHidEqd - ok
23:15:19.0739 4056 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:15:19.0739 4056 LHidFilt - ok
23:15:19.0794 4056 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:15:19.0794 4056 lltdio - ok
23:15:19.0834 4056 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:15:19.0849 4056 lltdsvc - ok
23:15:19.0884 4056 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:15:19.0884 4056 lmhosts - ok
23:15:19.0899 4056 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:15:19.0899 4056 LMouFilt - ok
23:15:19.0959 4056 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:15:19.0964 4056 LSI_FC - ok
23:15:19.0979 4056 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:15:19.0979 4056 LSI_SAS - ok
23:15:19.0999 4056 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:15:19.0999 4056 LSI_SAS2 - ok
23:15:20.0034 4056 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:15:20.0034 4056 LSI_SCSI - ok
23:15:20.0089 4056 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:15:20.0089 4056 luafv - ok
23:15:20.0114 4056 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:15:20.0119 4056 Mcx2Svc - ok
23:15:20.0129 4056 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:15:20.0129 4056 megasas - ok
23:15:20.0159 4056 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:15:20.0164 4056 MegaSR - ok
23:15:20.0189 4056 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:15:20.0189 4056 MMCSS - ok
23:15:20.0199 4056 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:15:20.0199 4056 Modem - ok
23:15:20.0239 4056 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:15:20.0239 4056 monitor - ok
23:15:20.0254 4056 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:15:20.0259 4056 mouclass - ok
23:15:20.0304 4056 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:15:20.0304 4056 mouhid - ok
23:15:20.0329 4056 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:15:20.0329 4056 mountmgr - ok
23:15:20.0349 4056 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:15:20.0349 4056 mpio - ok
23:15:20.0374 4056 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:15:20.0374 4056 mpsdrv - ok
23:15:20.0409 4056 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:15:20.0424 4056 MpsSvc - ok
23:15:20.0444 4056 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:15:20.0444 4056 MRxDAV - ok
23:15:20.0504 4056 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:15:20.0509 4056 mrxsmb - ok
23:15:20.0559 4056 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:15:20.0564 4056 mrxsmb10 - ok
23:15:20.0584 4056 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:15:20.0584 4056 mrxsmb20 - ok
23:15:20.0599 4056 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:15:20.0599 4056 msahci - ok
23:15:20.0619 4056 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:15:20.0624 4056 msdsm - ok
23:15:20.0644 4056 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:15:20.0649 4056 MSDTC - ok
23:15:20.0669 4056 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:15:20.0669 4056 Msfs - ok
23:15:20.0679 4056 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:15:20.0679 4056 mshidkmdf - ok
23:15:20.0694 4056 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:15:20.0694 4056 msisadrv - ok
23:15:20.0739 4056 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:15:20.0744 4056 MSiSCSI - ok
23:15:20.0749 4056 msiserver - ok
23:15:20.0774 4056 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:15:20.0774 4056 MSKSSRV - ok
23:15:20.0804 4056 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:15:20.0804 4056 MSPCLOCK - ok
23:15:20.0809 4056 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:15:20.0809 4056 MSPQM - ok
23:15:20.0834 4056 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:15:20.0839 4056 MsRPC - ok
23:15:20.0859 4056 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:15:20.0859 4056 mssmbios - ok
23:15:20.0874 4056 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:15:20.0879 4056 MSTEE - ok
23:15:20.0884 4056 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:15:20.0884 4056 MTConfig - ok
23:15:20.0904 4056 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:15:20.0904 4056 Mup - ok
23:15:20.0974 4056 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
23:15:20.0979 4056 napagent - ok
23:15:21.0049 4056 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:15:21.0054 4056 NativeWifiP - ok
23:15:21.0209 4056 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120929.018\ENG64.SYS
23:15:21.0214 4056 NAVENG - ok
23:15:21.0299 4056 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120929.018\EX64.SYS
23:15:21.0319 4056 NAVEX15 - ok
23:15:21.0369 4056 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:15:21.0394 4056 NDIS - ok
23:15:21.0434 4056 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:15:21.0434 4056 NdisCap - ok
23:15:21.0484 4056 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:15:21.0484 4056 NdisTapi - ok
23:15:21.0529 4056 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:15:21.0529 4056 Ndisuio - ok
23:15:21.0549 4056 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:15:21.0554 4056 NdisWan - ok
23:15:21.0569 4056 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:15:21.0569 4056 NDProxy - ok
23:15:21.0609 4056 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:15:21.0614 4056 NetBIOS - ok
23:15:21.0629 4056 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:15:21.0634 4056 NetBT - ok
23:15:21.0659 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
23:15:21.0664 4056 Netlogon - ok
23:15:21.0729 4056 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:15:21.0734 4056 Netman - ok
23:15:21.0774 4056 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:15:21.0784 4056 netprofm - ok
23:15:21.0814 4056 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:15:21.0814 4056 NetTcpPortSharing - ok
23:15:21.0849 4056 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:15:21.0849 4056 nfrd960 - ok
23:15:22.0074 4056 [ DFD8873E4DC08E621A8366C6CD98AB28 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
23:15:22.0079 4056 NIS - ok
23:15:22.0129 4056 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:15:22.0134 4056 NlaSvc - ok
23:15:22.0159 4056 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:15:22.0159 4056 Npfs - ok
23:15:22.0179 4056 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:15:22.0179 4056 nsi - ok
23:15:22.0224 4056 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:15:22.0224 4056 nsiproxy - ok
23:15:22.0309 4056 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:15:22.0344 4056 Ntfs - ok
23:15:22.0409 4056 [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
23:15:22.0409 4056 ntk_PowerDVD12 - ok
23:15:22.0434 4056 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:15:22.0434 4056 Null - ok
23:15:22.0474 4056 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:15:22.0474 4056 nvraid - ok
23:15:22.0494 4056 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:15:22.0494 4056 nvstor - ok
23:15:22.0544 4056 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:15:22.0544 4056 nv_agp - ok
23:15:22.0614 4056 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:15:22.0634 4056 odserv - ok
23:15:22.0644 4056 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:15:22.0649 4056 ohci1394 - ok
23:15:22.0684 4056 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:15:22.0689 4056 ose - ok
23:15:22.0714 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:15:22.0719 4056 p2pimsvc - ok
23:15:22.0734 4056 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:15:22.0739 4056 p2psvc - ok
23:15:22.0759 4056 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:15:22.0759 4056 Parport - ok
23:15:22.0799 4056 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:15:22.0804 4056 partmgr - ok
23:15:22.0814 4056 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:15:22.0814 4056 PcaSvc - ok
23:15:22.0834 4056 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
23:15:22.0834 4056 pci - ok
23:15:22.0859 4056 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:15:22.0859 4056 pciide - ok
23:15:22.0879 4056 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:15:22.0879 4056 pcmcia - ok
23:15:22.0899 4056 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:15:22.0904 4056 pcw - ok
23:15:22.0924 4056 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:15:22.0939 4056 PEAUTH - ok
23:15:22.0984 4056 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:15:23.0034 4056 PeerDistSvc - ok
23:15:23.0124 4056 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:15:23.0129 4056 PerfHost - ok
23:15:23.0189 4056 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
23:15:23.0214 4056 pla - ok
23:15:23.0279 4056 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:15:23.0294 4056 PlugPlay - ok
23:15:23.0449 4056 [ C183B7E8C4DD96AF66D7ACE48D2D9B05 ] PnkBstrA C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
23:15:23.0454 4056 PnkBstrA - ok
23:15:23.0474 4056 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:15:23.0479 4056 PNRPAutoReg - ok
23:15:23.0494 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:15:23.0499 4056 PNRPsvc - ok
23:15:23.0529 4056 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:15:23.0534 4056 PolicyAgent - ok
23:15:23.0564 4056 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:15:23.0569 4056 Power - ok
23:15:23.0619 4056 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:15:23.0624 4056 PptpMiniport - ok
23:15:23.0649 4056 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:15:23.0649 4056 Processor - ok
23:15:23.0689 4056 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
23:15:23.0694 4056 ProfSvc - ok
23:15:23.0709 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:15:23.0714 4056 ProtectedStorage - ok
23:15:23.0769 4056 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:15:23.0774 4056 Psched - ok
23:15:23.0849 4056 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:15:23.0849 4056 PxHlpa64 - ok
23:15:23.0914 4056 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:15:23.0944 4056 ql2300 - ok
23:15:23.0964 4056 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:15:23.0964 4056 ql40xx - ok
23:15:23.0984 4056 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:15:23.0989 4056 QWAVE - ok
23:15:24.0004 4056 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:15:24.0004 4056 QWAVEdrv - ok
23:15:24.0019 4056 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:15:24.0019 4056 RasAcd - ok
23:15:24.0069 4056 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:15:24.0069 4056 RasAgileVpn - ok
23:15:24.0079 4056 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:15:24.0084 4056 RasAuto - ok
23:15:24.0129 4056 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:15:24.0129 4056 Rasl2tp - ok
23:15:24.0149 4056 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
23:15:24.0154 4056 RasMan - ok
23:15:24.0199 4056 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:15:24.0199 4056 RasPppoe - ok
23:15:24.0284 4056 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:15:24.0289 4056 RasSstp - ok
23:15:24.0324 4056 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:15:24.0329 4056 rdbss - ok
23:15:24.0359 4056 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:15:24.0359 4056 rdpbus - ok
23:15:24.0374 4056 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:15:24.0374 4056 RDPCDD - ok
23:15:24.0409 4056 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:15:24.0409 4056 RDPDR - ok
23:15:24.0449 4056 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:15:24.0449 4056 RDPENCDD - ok
23:15:24.0474 4056 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:15:24.0474 4056 RDPREFMP - ok
23:15:24.0529 4056 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:15:24.0534 4056 RDPWD - ok
23:15:24.0554 4056 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:15:24.0559 4056 rdyboost - ok
23:15:24.0584 4056 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:15:24.0584 4056 RemoteAccess - ok
23:15:24.0609 4056 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:15:24.0609 4056 RemoteRegistry - ok
23:15:24.0624 4056 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:15:24.0629 4056 RpcEptMapper - ok
23:15:24.0649 4056 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:15:24.0649 4056 RpcLocator - ok
23:15:24.0679 4056 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
23:15:24.0684 4056 RpcSs - ok
23:15:24.0704 4056 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:15:24.0704 4056 rspndr - ok
23:15:24.0739 4056 [ 652BB6DB6397757E45DCD513692CEE0E ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
23:15:24.0739 4056 RSUSBSTOR - ok
23:15:24.0764 4056 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:15:24.0764 4056 s3cap - ok
23:15:24.0784 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
23:15:24.0789 4056 SamSs - ok
23:15:24.0799 4056 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:15:24.0804 4056 sbp2port - ok
23:15:24.0819 4056 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:15:24.0824 4056 SCardSvr - ok
23:15:24.0839 4056 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:15:24.0839 4056 scfilter - ok
23:15:24.0909 4056 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
23:15:24.0929 4056 Schedule - ok
23:15:24.0959 4056 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:15:24.0959 4056 SCPolicySvc - ok
23:15:24.0989 4056 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:15:24.0994 4056 SDRSVC - ok
23:15:25.0074 4056 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:15:25.0079 4056 SeaPort - ok
23:15:25.0144 4056 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:15:25.0144 4056 secdrv - ok
23:15:25.0159 4056 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
23:15:25.0164 4056 seclogon - ok
23:15:25.0204 4056 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:15:25.0204 4056 SENS - ok
23:15:25.0254 4056 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:15:25.0259 4056 SensrSvc - ok
23:15:25.0279 4056 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:15:25.0284 4056 Serenum - ok
23:15:25.0324 4056 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:15:25.0324 4056 Serial - ok
23:15:25.0349 4056 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:15:25.0354 4056 sermouse - ok
23:15:25.0379 4056 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
23:15:25.0384 4056 SessionEnv - ok
23:15:25.0439 4056 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:15:25.0444 4056 sffdisk - ok
23:15:25.0494 4056 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:15:25.0494 4056 sffp_mmc - ok
23:15:25.0539 4056 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:15:25.0544 4056 sffp_sd - ok
23:15:25.0554 4056 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:15:25.0554 4056 sfloppy - ok
23:15:25.0624 4056 [ BEB504962E36D6F368EBFC702A659E09 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:15:25.0634 4056 SftService - ok
23:15:25.0674 4056 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:15:25.0684 4056 SharedAccess - ok
23:15:25.0709 4056 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:15:25.0714 4056 ShellHWDetection - ok
23:15:25.0734 4056 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:15:25.0734 4056 SiSRaid2 - ok
23:15:25.0769 4056 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:15:25.0769 4056 SiSRaid4 - ok
23:15:25.0804 4056 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:15:25.0804 4056 Smb - ok
23:15:25.0869 4056 [ B2C19AE46C5A109679B4FB38058DF05A ] snapman C:\Windows\system32\DRIVERS\snapman.sys
23:15:25.0874 4056 snapman - ok
23:15:25.0924 4056 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:15:25.0929 4056 SNMPTRAP - ok
23:15:25.0989 4056 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:15:25.0989 4056 spldr - ok
23:15:26.0054 4056 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
23:15:26.0059 4056 Spooler - ok
23:15:26.0159 4056 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
23:15:26.0189 4056 sppsvc - ok
23:15:26.0209 4056 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:15:26.0214 4056 sppuinotify - ok
23:15:26.0284 4056 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
23:15:26.0289 4056 sprtsvc_DellSupportCenter - ok
23:15:26.0464 4056 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\NISx64\1401010.002\SRTSP64.SYS
23:15:26.0469 4056 SRTSP - ok
23:15:26.0534 4056 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1401010.002\SRTSPX64.SYS
23:15:26.0534 4056 SRTSPX - ok
23:15:26.0614 4056 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:15:26.0634 4056 srv - ok
23:15:26.0659 4056 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:15:26.0679 4056 srv2 - ok
23:15:26.0729 4056 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:15:26.0734 4056 srvnet - ok
23:15:26.0799 4056 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:15:26.0814 4056 SSDPSRV - ok
23:15:26.0839 4056 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:15:26.0844 4056 SstpSvc - ok
23:15:26.0854 4056 Steam Client Service - ok
23:15:26.0879 4056 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:15:26.0879 4056 stexstor - ok
23:15:26.0909 4056 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
23:15:26.0924 4056 stisvc - ok
23:15:26.0954 4056 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:15:26.0954 4056 storflt - ok
23:15:26.0979 4056 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:15:26.0979 4056 StorSvc - ok
23:15:26.0994 4056 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:15:26.0994 4056 storvsc - ok
23:15:27.0014 4056 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:15:27.0014 4056 swenum - ok
23:15:27.0039 4056 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:15:27.0044 4056 swprv - ok
23:15:27.0109 4056 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\NISx64\1401010.002\SYMDS64.SYS
23:15:27.0124 4056 SymDS - ok
23:15:27.0189 4056 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\NISx64\1401010.002\SYMEFA64.SYS
23:15:27.0224 4056 SymEFA - ok
23:15:27.0284 4056 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:15:27.0284 4056 SymEvent - ok
23:15:27.0319 4056 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1401010.002\Ironx64.SYS
23:15:27.0324 4056 SymIRON - ok
23:15:27.0339 4056 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1401010.002\SYMNETS.SYS
23:15:27.0344 4056 SymNetS - ok
23:15:27.0419 4056 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
23:15:27.0454 4056 SysMain - ok
23:15:27.0474 4056 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:15:27.0474 4056 TabletInputService - ok
23:15:27.0504 4056 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
23:15:27.0509 4056 TapiSrv - ok
23:15:27.0529 4056 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:15:27.0534 4056 TBS - ok
23:15:27.0614 4056 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:15:27.0634 4056 Tcpip - ok
23:15:27.0724 4056 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:15:27.0744 4056 TCPIP6 - ok
23:15:27.0779 4056 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:15:27.0779 4056 tcpipreg - ok
23:15:27.0799 4056 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:15:27.0799 4056 TDPIPE - ok
23:15:27.0874 4056 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
23:15:27.0894 4056 tdrpman273 - ok
23:15:27.0939 4056 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:15:27.0944 4056 TDTCP - ok
23:15:27.0964 4056 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:15:27.0964 4056 tdx - ok
23:15:27.0984 4056 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:15:27.0984 4056 TermDD - ok
23:15:28.0014 4056 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
23:15:28.0019 4056 TermService - ok
23:15:28.0034 4056 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:15:28.0039 4056 Themes - ok
23:15:28.0064 4056 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:15:28.0064 4056 THREADORDER - ok
23:15:28.0119 4056 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
23:15:28.0144 4056 timounter - ok
23:15:28.0164 4056 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:15:28.0169 4056 TrkWks - ok
23:15:28.0209 4056 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:15:28.0214 4056 TrustedInstaller - ok
23:15:28.0234 4056 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:15:28.0234 4056 tssecsrv - ok
23:15:28.0279 4056 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:15:28.0279 4056 tunnel - ok
23:15:28.0314 4056 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:15:28.0314 4056 uagp35 - ok
23:15:28.0364 4056 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:15:28.0374 4056 udfs - ok
23:15:28.0399 4056 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:15:28.0399 4056 UI0Detect - ok
23:15:28.0439 4056 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:15:28.0439 4056 uliagpkx - ok
23:15:28.0489 4056 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:15:28.0489 4056 umbus - ok
23:15:28.0509 4056 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:15:28.0509 4056 UmPass - ok
23:15:28.0564 4056 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
23:15:28.0569 4056 UmRdpService - ok
23:15:28.0594 4056 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:15:28.0599 4056 upnphost - ok
23:15:28.0644 4056 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:15:28.0644 4056 usbaudio - ok
23:15:28.0664 4056 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:15:28.0669 4056 usbccgp - ok
23:15:28.0709 4056 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:15:28.0714 4056 usbcir - ok
23:15:28.0729 4056 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:15:28.0734 4056 usbehci - ok
23:15:28.0754 4056 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:15:28.0759 4056 usbhub - ok
23:15:28.0774 4056 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:15:28.0779 4056 usbohci - ok
23:15:28.0789 4056 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:15:28.0789 4056 usbprint - ok
23:15:28.0809 4056 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:15:28.0814 4056 USBSTOR - ok
23:15:28.0834 4056 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:15:28.0834 4056 usbuhci - ok
23:15:28.0849 4056 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:15:28.0854 4056 UxSms - ok
23:15:28.0869 4056 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
23:15:28.0869 4056 VaultSvc - ok
23:15:28.0889 4056 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:15:28.0889 4056 vdrvroot - ok
23:15:28.0909 4056 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
23:15:28.0929 4056 vds - ok
23:15:28.0944 4056 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:15:28.0944 4056 vga - ok
23:15:28.0964 4056 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:15:28.0964 4056 VgaSave - ok
23:15:28.0979 4056 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:15:28.0984 4056 vhdmp - ok
23:15:29.0004 4056 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:15:29.0004 4056 viaide - ok
23:15:29.0034 4056 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:15:29.0039 4056 vmbus - ok
23:15:29.0059 4056 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:15:29.0059 4056 VMBusHID - ok
23:15:29.0074 4056 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:15:29.0079 4056 volmgr - ok
23:15:29.0099 4056 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:15:29.0104 4056 volmgrx - ok
23:15:29.0124 4056 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:15:29.0129 4056 volsnap - ok
23:15:29.0184 4056 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:15:29.0184 4056 vsmraid - ok
23:15:29.0234 4056 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
23:15:29.0269 4056 VSS - ok
23:15:29.0284 4056 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:15:29.0284 4056 vwifibus - ok
23:15:29.0319 4056 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:15:29.0319 4056 vwififlt - ok
23:15:29.0359 4056 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:15:29.0364 4056 W32Time - ok
23:15:29.0374 4056 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:15:29.0374 4056 WacomPen - ok
23:15:29.0424 4056 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:15:29.0429 4056 WANARP - ok
23:15:29.0439 4056 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:15:29.0439 4056 Wanarpv6 - ok
23:15:29.0484 4056 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
23:15:29.0524 4056 wbengine - ok
23:15:29.0549 4056 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:15:29.0554 4056 WbioSrvc - ok
23:15:29.0619 4056 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:15:29.0624 4056 wcncsvc - ok
23:15:29.0649 4056 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:15:29.0654 4056 WcsPlugInService - ok
23:15:29.0659 4056 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:15:29.0664 4056 Wd - ok
23:15:29.0689 4056 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:15:29.0704 4056 Wdf01000 - ok
23:15:29.0729 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:15:29.0734 4056 WdiServiceHost - ok
23:15:29.0739 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:15:29.0744 4056 WdiSystemHost - ok
23:15:29.0779 4056 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
23:15:29.0799 4056 WebClient - ok
23:15:29.0829 4056 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:15:29.0834 4056 Wecsvc - ok
23:15:29.0849 4056 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:15:29.0849 4056 wercplsupport - ok
23:15:29.0894 4056 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:15:29.0899 4056 WerSvc - ok
23:15:29.0924 4056 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:15:29.0924 4056 WfpLwf - ok
23:15:29.0984 4056 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
23:15:29.0989 4056 WimFltr - ok
23:15:30.0009 4056 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:15:30.0009 4056 WIMMount - ok
23:15:30.0029 4056 WinDefend - ok
23:15:30.0039 4056 WinHttpAutoProxySvc - ok
23:15:30.0084 4056 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:15:30.0089 4056 Winmgmt - ok
23:15:30.0169 4056 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
23:15:30.0199 4056 WinRM - ok
23:15:30.0269 4056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:15:30.0294 4056 Wlansvc - ok
23:15:30.0349 4056 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
23:15:30.0349 4056 wltrysvc - ok
23:15:30.0384 4056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:15:30.0389 4056 WmiAcpi - ok
23:15:30.0439 4056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:15:30.0444 4056 wmiApSrv - ok
23:15:30.0459 4056 WMPNetworkSvc - ok
23:15:30.0499 4056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:15:30.0504 4056 WPCSvc - ok
23:15:30.0549 4056 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:15:30.0554 4056 WPDBusEnum - ok
23:15:30.0594 4056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:15:30.0594 4056 ws2ifsl - ok
23:15:30.0649 4056 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
23:15:30.0654 4056 wscsvc - ok
23:15:30.0664 4056 WSearch - ok
23:15:30.0734 4056 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
23:15:30.0774 4056 wuauserv - ok
23:15:30.0804 4056 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:15:30.0809 4056 WudfPf - ok
23:15:30.0819 4056 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:15:30.0824 4056 wudfsvc - ok
23:15:30.0844 4056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:15:30.0849 4056 WwanSvc - ok
23:15:31.0024 4056 [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
23:15:31.0024 4056 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
23:15:31.0049 4056 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
23:15:31.0059 4056 ================ Scan global ===============================
23:15:31.0089 4056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:15:31.0144 4056 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:15:31.0169 4056 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:15:31.0189 4056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:15:31.0214 4056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:15:31.0219 4056 [Global] - ok
23:15:31.0219 4056 ================ Scan MBR ==================================
23:15:31.0239 4056 [ E3B3651837CBDF218DB955FC30ACB0E9 ] \Device\Harddisk0\DR0
23:15:31.0864 4056 \Device\Harddisk0\DR0 - ok
23:15:31.0864 4056 ================ Scan VBR ==================================
23:15:31.0869 4056 [ 2821677B1669FBFBB5461FD3A145D71F ] \Device\Harddisk0\DR0\Partition1
23:15:31.0869 4056 \Device\Harddisk0\DR0\Partition1 - ok
23:15:31.0884 4056 [ 8629E992645E005B36120EC45EEDBA00 ] \Device\Harddisk0\DR0\Partition2
23:15:31.0889 4056 \Device\Harddisk0\DR0\Partition2 - ok
23:15:31.0889 4056 ============================================================
23:15:31.0889 4056 Scan finished
23:15:31.0889 4056 ============================================================
23:15:31.0909 0884 Detected object count: 0
23:15:31.0909 0884 Actual detected object count: 0
23:17:37.0959 2260 Deinitialize success
Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/30/2012 um 23:19:10 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : Kazare - MEDIACENTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kazare\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v10.0.7 (de)
Profilname : default
Datei : C:\Users\Kazare\AppData\Roaming\Mozilla\Firefox\Profiles\x630p6fe.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [738 octets] - [30/09/2012 23:19:10]
########## EOF - C:\AdwCleaner[R1].txt - [797 octets] ##########
|
|
01.10.2012, 16:02
| #4 | |
| /// TB-Ausbilder | Durchsicht Logs nach Widerherstellung Servus, sieht soweit gut aus.  Zitat:
Ich gebe dir zum Abschluss eine bessere Alternative mit auf den Weg. Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
02.10.2012, 14:58
| #5 |
| | Durchsicht Logs nach Widerherstellung Hallo Matthias, kann dir nur den Logdatei von SecurityCheck posten da ich bei dem Eset Scanner kein ''List of found threats''-Button finden konnte, aber nach dem Scann von eset stand in dem Eset Fenster ''No threats found'', ich denke, dass es desswegen keine Liste gab. Habe noch eine Frage zu dem defogger, muss ich den am Schluss dann wieder umstellen? Er hat auch eine Datei angelegt (defogger_reenable), was hat es damit auf sich, bzw. kann ich die dann löschen? SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.51 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.0.1400 Java(TM) 6 Update 21 Java version out of Date! Adobe Flash Player 11.4.402.278 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 10.0.7 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
02.10.2012, 15:37
| #6 |
| /// TB-Ausbilder | Durchsicht Logs nach Widerherstellung Servus, Weiter unten findest du die notwendigen Hinweise zu DeFogger und einem Temp File Cleaner. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter. Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3
Schritt 4 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 6
Schritt 7 Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Schritt 8 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann. |
|
03.10.2012, 18:16
| #7 |
| | Durchsicht Logs nach Widerherstellung Hallo Matthias, danke nochmal für deine Hilfe, eine Frage hab ich jetzt noch, ich habe gerade das Java Update gemacht und jetzt steht in der Systemsteuerung ''Java (32-Bit) zuvor stand nichts hinter dem Logo, aber es war vorher eine 64bit Anwendung. Kann ich das neue irgendwo als 64-bit Version herunterladen? |
|
03.10.2012, 18:24
| #8 | |
| /// TB-Ausbilder | Durchsicht Logs nach Widerherstellung Servus, Zitat:
Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Durchsicht Logs nach Widerherstellung |
| .dll, administrator, autorun, benutzerprofil, bho, error, explorer, fehlermeldung, firefox, flash player, format, install.exe, logfile, neustart, plug-in, problem, programm, realtek, registry, rundll, schließen, security, senden, software, starten, svchost.exe, symantec, trojaner-board, wlan |
Linear-Darstellung
