| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.12.2012, 10:21
| #1 |
 |  Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Hallo, ich bekomme bei der Google-Suche die Aufforderung ein Captcha einzugeben, da "Unsere Systeme ungewöhnlichen Datenverkehr aus Ihrem Computernetzwerk erkannt haben". Ich nutze Antivir und bisher wurde mir keine Malware o.ä. angezeigt. Was kann ich tun? Gruß, taart |
|
11.12.2012, 15:19
| #2 | |
| /// TB-Ausbilder  | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
12.12.2012, 09:05
| #3 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Hallo,
__________________eines vorab, danke für Deine Hilfe. Hier die defogger_default.txt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 08:25 on 12/12/2012 (Doppelleben) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Hier die aswMBR.txt aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-12 08:25:39 ----------------------------- 08:25:39.997 OS Version: Windows x64 6.1.7601 Service Pack 1 08:25:39.997 Number of processors: 2 586 0xF0D 08:25:39.997 ComputerName: CHRISTINE-NB UserName: Doppelleben 08:25:40.886 Initialize success 08:25:51.010 AVAST engine defs: 12121101 08:25:57.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:25:57.094 Disk 0 Vendor: ST9160821AS 3.ALC Size: 152627MB BusType: 3 08:25:57.110 Disk 0 MBR read successfully 08:25:57.110 Disk 0 MBR scan 08:25:57.157 Disk 0 Windows 7 default MBR code 08:25:57.172 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9156 MB offset 2048 08:25:57.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 18753536 08:25:57.266 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100000 MB offset 18958336 08:25:57.297 Disk 0 Partition - 00 0F Extended LBA 43369 MB offset 223758336 08:25:57.328 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 43368 MB offset 223760384 08:25:57.375 Disk 0 scanning C:\Windows\system32\drivers 08:26:13.786 Service scanning 08:26:41.679 Modules scanning 08:26:41.679 Disk 0 trace - called modules: 08:26:41.757 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 08:26:41.757 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002793060] 08:26:41.757 3 CLASSPNP.SYS[fffff880019b443f] -> nt!IofCallDriver -> [0xfffffa8002286e40] 08:26:41.773 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002283060] 08:26:42.381 AVAST engine scan C:\Windows 08:26:47.576 AVAST engine scan C:\Windows\system32 08:31:27.864 AVAST engine scan C:\Windows\system32\drivers 08:31:49.017 AVAST engine scan C:\Users\Doppelleben 08:39:28.330 AVAST engine scan C:\ProgramData 08:41:14.722 Scan finished successfully 08:46:20.172 Disk 0 MBR has been saved successfully to "C:\Users\Doppelleben\Desktop\MBR.dat" 08:46:20.187 The log file has been saved successfully to "C:\Users\Doppelleben\Desktop\aswMBR.txt" HIer die logfile vom tdssKiller 08:49:03.0856 3864 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 08:49:05.0950 3864 ============================================================ 08:49:05.0950 3864 Current date / time: 2012/12/12 08:49:05.0950 08:49:05.0950 3864 SystemInfo: 08:49:05.0950 3864 08:49:05.0950 3864 OS Version: 6.1.7601 ServicePack: 1.0 08:49:05.0950 3864 Product type: Workstation 08:49:05.0950 3864 ComputerName: CHRISTINE-NB 08:49:05.0950 3864 UserName: Doppelleben 08:49:05.0950 3864 Windows directory: C:\Windows 08:49:05.0950 3864 System windows directory: C:\Windows 08:49:05.0950 3864 Running under WOW64 08:49:05.0950 3864 Processor architecture: Intel x64 08:49:05.0950 3864 Number of processors: 2 08:49:05.0950 3864 Page size: 0x1000 08:49:05.0950 3864 Boot type: Normal boot 08:49:05.0950 3864 ============================================================ 08:49:09.0179 3864 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:49:09.0179 3864 ============================================================ 08:49:09.0179 3864 \Device\Harddisk0\DR0: 08:49:09.0194 3864 MBR partitions: 08:49:09.0194 3864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11E2800, BlocksNum 0x32000 08:49:09.0194 3864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1214800, BlocksNum 0xC350000 08:49:09.0210 3864 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD565000, BlocksNum 0x54B4000 08:49:09.0210 3864 ============================================================ 08:49:09.0304 3864 C: <-> \Device\Harddisk0\DR0\Partition2 08:49:09.0350 3864 D: <-> \Device\Harddisk0\DR0\Partition3 08:49:09.0350 3864 ============================================================ 08:49:09.0350 3864 Initialize success 08:49:09.0350 3864 ============================================================ 08:49:43.0530 3568 ============================================================ 08:49:43.0530 3568 Scan started 08:49:43.0530 3568 Mode: Manual; TDLFS; 08:49:43.0530 3568 ============================================================ 08:49:44.0684 3568 ================ Scan system memory ======================== 08:49:44.0684 3568 System memory - ok 08:49:44.0684 3568 ================ Scan services ============================= 08:49:44.0840 3568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 08:49:44.0840 3568 1394ohci - ok 08:49:44.0903 3568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 08:49:44.0918 3568 ACPI - ok 08:49:44.0934 3568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 08:49:44.0934 3568 AcpiPmi - ok 08:49:45.0106 3568 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:49:45.0121 3568 AdobeARMservice - ok 08:49:45.0262 3568 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:49:45.0262 3568 AdobeFlashPlayerUpdateSvc - ok 08:49:45.0324 3568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 08:49:45.0324 3568 adp94xx - ok 08:49:45.0371 3568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 08:49:45.0386 3568 adpahci - ok 08:49:45.0418 3568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 08:49:45.0418 3568 adpu320 - ok 08:49:45.0464 3568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 08:49:45.0464 3568 AeLookupSvc - ok 08:49:45.0527 3568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 08:49:45.0527 3568 AFD - ok 08:49:45.0589 3568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 08:49:45.0589 3568 agp440 - ok 08:49:45.0605 3568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 08:49:45.0605 3568 ALG - ok 08:49:45.0652 3568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 08:49:45.0652 3568 aliide - ok 08:49:45.0652 3568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 08:49:45.0667 3568 amdide - ok 08:49:45.0698 3568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 08:49:45.0698 3568 AmdK8 - ok 08:49:45.0714 3568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 08:49:45.0714 3568 AmdPPM - ok 08:49:45.0761 3568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 08:49:45.0761 3568 amdsata - ok 08:49:45.0776 3568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 08:49:45.0792 3568 amdsbs - ok 08:49:45.0808 3568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 08:49:45.0808 3568 amdxata - ok 08:49:45.0917 3568 [ 90094521331F35FC1D77B38AFAD51D36 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe 08:49:45.0979 3568 AntiVirFirewallService - ok 08:49:46.0010 3568 [ 8784833784A693716F56B76A7B9B5A0B ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 08:49:46.0026 3568 AntiVirMailService - ok 08:49:46.0073 3568 [ 5158368A68191EEAF1106036D43F826D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 08:49:46.0104 3568 AntiVirSchedulerService - ok 08:49:46.0135 3568 [ D57CA9416C71B561EC7FA1071B2941B7 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 08:49:46.0135 3568 AntiVirService - ok 08:49:46.0182 3568 [ EC75AEF05AF60BFAA983F49239C106D4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 08:49:46.0213 3568 AntiVirWebService - ok 08:49:46.0291 3568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 08:49:46.0291 3568 AppID - ok 08:49:46.0307 3568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 08:49:46.0307 3568 AppIDSvc - ok 08:49:46.0354 3568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 08:49:46.0354 3568 Appinfo - ok 08:49:46.0416 3568 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:49:46.0447 3568 Apple Mobile Device - ok 08:49:46.0510 3568 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 08:49:46.0510 3568 AppMgmt - ok 08:49:46.0541 3568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 08:49:46.0541 3568 arc - ok 08:49:46.0572 3568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 08:49:46.0572 3568 arcsas - ok 08:49:46.0603 3568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 08:49:46.0603 3568 AsyncMac - ok 08:49:46.0634 3568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 08:49:46.0634 3568 atapi - ok 08:49:46.0697 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 08:49:46.0728 3568 AudioEndpointBuilder - ok 08:49:46.0759 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 08:49:46.0759 3568 AudioSrv - ok 08:49:46.0806 3568 [ 33EED63EC03EB4F1E32AE98548EF8D82 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys 08:49:46.0822 3568 avfwim - ok 08:49:46.0884 3568 [ ABE753B6883F2AD24654F74718FFD6E9 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys 08:49:46.0884 3568 avfwot - ok 08:49:46.0900 3568 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 08:49:46.0900 3568 avgntflt - ok 08:49:46.0946 3568 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 08:49:46.0946 3568 avipbb - ok 08:49:46.0993 3568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 08:49:46.0993 3568 AxInstSV - ok 08:49:47.0056 3568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 08:49:47.0056 3568 b06bdrv - ok 08:49:47.0102 3568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 08:49:47.0102 3568 b57nd60a - ok 08:49:47.0149 3568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 08:49:47.0149 3568 BDESVC - ok 08:49:47.0180 3568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 08:49:47.0180 3568 Beep - ok 08:49:47.0258 3568 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 08:49:47.0290 3568 BFE - ok 08:49:47.0352 3568 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 08:49:47.0383 3568 BITS - ok 08:49:47.0414 3568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 08:49:47.0414 3568 blbdrive - ok 08:49:47.0555 3568 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 08:49:47.0602 3568 Bonjour Service - ok 08:49:47.0648 3568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 08:49:47.0648 3568 bowser - ok 08:49:47.0680 3568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:49:47.0680 3568 BrFiltLo - ok 08:49:47.0695 3568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:49:47.0695 3568 BrFiltUp - ok 08:49:47.0742 3568 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 08:49:47.0742 3568 BridgeMP - ok 08:49:47.0789 3568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 08:49:47.0789 3568 Browser - ok 08:49:47.0820 3568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 08:49:47.0820 3568 Brserid - ok 08:49:47.0836 3568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 08:49:47.0851 3568 BrSerWdm - ok 08:49:47.0867 3568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 08:49:47.0867 3568 BrUsbMdm - ok 08:49:47.0867 3568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 08:49:47.0867 3568 BrUsbSer - ok 08:49:47.0929 3568 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 08:49:47.0929 3568 BthEnum - ok 08:49:47.0960 3568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 08:49:47.0960 3568 BTHMODEM - ok 08:49:47.0992 3568 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 08:49:47.0992 3568 BthPan - ok 08:49:48.0038 3568 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 08:49:48.0070 3568 BTHPORT - ok 08:49:48.0116 3568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 08:49:48.0116 3568 bthserv - ok 08:49:48.0132 3568 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 08:49:48.0132 3568 BTHUSB - ok 08:49:48.0194 3568 catchme - ok 08:49:48.0226 3568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 08:49:48.0241 3568 cdfs - ok 08:49:48.0288 3568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 08:49:48.0288 3568 cdrom - ok 08:49:48.0350 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 08:49:48.0350 3568 CertPropSvc - ok 08:49:48.0366 3568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 08:49:48.0366 3568 circlass - ok 08:49:48.0413 3568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 08:49:48.0428 3568 CLFS - ok 08:49:48.0491 3568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:49:48.0522 3568 clr_optimization_v2.0.50727_32 - ok 08:49:48.0600 3568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:49:48.0600 3568 clr_optimization_v2.0.50727_64 - ok 08:49:48.0678 3568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:49:48.0756 3568 clr_optimization_v4.0.30319_32 - ok 08:49:48.0803 3568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:49:48.0818 3568 clr_optimization_v4.0.30319_64 - ok 08:49:48.0865 3568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 08:49:48.0865 3568 CmBatt - ok 08:49:48.0896 3568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 08:49:48.0896 3568 cmdide - ok 08:49:48.0959 3568 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 08:49:48.0974 3568 CNG - ok 08:49:49.0006 3568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 08:49:49.0021 3568 Compbatt - ok 08:49:49.0052 3568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 08:49:49.0052 3568 CompositeBus - ok 08:49:49.0068 3568 COMSysApp - ok 08:49:49.0084 3568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 08:49:49.0084 3568 crcdisk - ok 08:49:49.0130 3568 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 08:49:49.0130 3568 CryptSvc - ok 08:49:49.0193 3568 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 08:49:49.0208 3568 CSC - ok 08:49:49.0255 3568 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 08:49:49.0255 3568 CscService - ok 08:49:49.0318 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 08:49:49.0333 3568 DcomLaunch - ok 08:49:49.0380 3568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 08:49:49.0396 3568 defragsvc - ok 08:49:49.0442 3568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 08:49:49.0442 3568 DfsC - ok 08:49:49.0474 3568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 08:49:49.0489 3568 Dhcp - ok 08:49:49.0520 3568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 08:49:49.0520 3568 discache - ok 08:49:49.0567 3568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 08:49:49.0567 3568 Disk - ok 08:49:49.0598 3568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 08:49:49.0598 3568 Dnscache - ok 08:49:49.0661 3568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 08:49:49.0661 3568 dot3svc - ok 08:49:49.0708 3568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 08:49:49.0708 3568 DPS - ok 08:49:49.0754 3568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 08:49:49.0754 3568 drmkaud - ok 08:49:49.0801 3568 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys 08:49:49.0801 3568 dsNcAdpt - ok 08:49:49.0895 3568 [ DBB553EFC611BFC7FC2E658FFDD3AF33 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe 08:49:49.0957 3568 dsNcService - ok 08:49:50.0020 3568 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 08:49:50.0020 3568 dtsoftbus01 - ok 08:49:50.0113 3568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 08:49:50.0144 3568 DXGKrnl - ok 08:49:50.0191 3568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 08:49:50.0191 3568 EapHost - ok 08:49:50.0332 3568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 08:49:50.0425 3568 ebdrv - ok 08:49:50.0456 3568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 08:49:50.0456 3568 EFS - ok 08:49:50.0534 3568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 08:49:50.0597 3568 ehRecvr - ok 08:49:50.0612 3568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 08:49:50.0628 3568 ehSched - ok 08:49:50.0675 3568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 08:49:50.0706 3568 elxstor - ok 08:49:50.0737 3568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 08:49:50.0737 3568 ErrDev - ok 08:49:50.0800 3568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 08:49:50.0815 3568 EventSystem - ok 08:49:50.0846 3568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 08:49:50.0846 3568 exfat - ok 08:49:50.0862 3568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 08:49:50.0878 3568 fastfat - ok 08:49:50.0924 3568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 08:49:50.0956 3568 Fax - ok 08:49:50.0971 3568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 08:49:50.0971 3568 fdc - ok 08:49:50.0987 3568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 08:49:50.0987 3568 fdPHost - ok 08:49:51.0002 3568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 08:49:51.0002 3568 FDResPub - ok 08:49:51.0018 3568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 08:49:51.0034 3568 FileInfo - ok 08:49:51.0034 3568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 08:49:51.0034 3568 Filetrace - ok 08:49:51.0065 3568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 08:49:51.0065 3568 flpydisk - ok 08:49:51.0112 3568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 08:49:51.0112 3568 FltMgr - ok 08:49:51.0190 3568 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 08:49:51.0221 3568 FontCache - ok 08:49:51.0283 3568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:49:51.0314 3568 FontCache3.0.0.0 - ok 08:49:51.0330 3568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 08:49:51.0330 3568 FsDepends - ok 08:49:51.0377 3568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 08:49:51.0377 3568 Fs_Rec - ok 08:49:51.0424 3568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 08:49:51.0424 3568 fvevol - ok 08:49:51.0470 3568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 08:49:51.0470 3568 gagp30kx - ok 08:49:51.0517 3568 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:49:51.0517 3568 GEARAspiWDM - ok 08:49:51.0564 3568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 08:49:51.0595 3568 gpsvc - ok 08:49:51.0626 3568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 08:49:51.0626 3568 hcw85cir - ok 08:49:51.0689 3568 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 08:49:51.0704 3568 HdAudAddService - ok 08:49:51.0767 3568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 08:49:51.0767 3568 HDAudBus - ok 08:49:51.0782 3568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 08:49:51.0782 3568 HidBatt - ok 08:49:51.0798 3568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 08:49:51.0814 3568 HidBth - ok 08:49:51.0814 3568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 08:49:51.0814 3568 HidIr - ok 08:49:51.0860 3568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 08:49:51.0860 3568 hidserv - ok 08:49:51.0938 3568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 08:49:51.0938 3568 HidUsb - ok 08:49:51.0985 3568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 08:49:51.0985 3568 hkmsvc - ok 08:49:52.0032 3568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 08:49:52.0032 3568 HomeGroupListener - ok 08:49:52.0063 3568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 08:49:52.0063 3568 HomeGroupProvider - ok 08:49:52.0110 3568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 08:49:52.0110 3568 HpSAMD - ok 08:49:52.0172 3568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 08:49:52.0204 3568 HTTP - ok 08:49:52.0250 3568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 08:49:52.0250 3568 hwpolicy - ok 08:49:52.0297 3568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 08:49:52.0297 3568 i8042prt - ok 08:49:52.0360 3568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 08:49:52.0360 3568 iaStorV - ok 08:49:52.0438 3568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:49:52.0718 3568 idsvc - ok 08:49:52.0937 3568 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 08:49:53.0108 3568 igfx - ok 08:49:53.0155 3568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 08:49:53.0155 3568 iirsp - ok 08:49:53.0218 3568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 08:49:53.0249 3568 IKEEXT - ok 08:49:53.0296 3568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 08:49:53.0296 3568 intelide - ok 08:49:53.0327 3568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 08:49:53.0327 3568 intelppm - ok 08:49:53.0358 3568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 08:49:53.0358 3568 IPBusEnum - ok 08:49:53.0389 3568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:49:53.0389 3568 IpFilterDriver - ok 08:49:53.0452 3568 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 08:49:53.0467 3568 iphlpsvc - ok 08:49:53.0498 3568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 08:49:53.0498 3568 IPMIDRV - ok 08:49:53.0514 3568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 08:49:53.0514 3568 IPNAT - ok 08:49:53.0592 3568 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 08:49:53.0670 3568 iPod Service - ok 08:49:53.0701 3568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 08:49:53.0701 3568 IRENUM - ok 08:49:53.0748 3568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 08:49:53.0748 3568 isapnp - ok 08:49:53.0779 3568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 08:49:53.0779 3568 iScsiPrt - ok 08:49:53.0810 3568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 08:49:53.0810 3568 kbdclass - ok 08:49:53.0826 3568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 08:49:53.0826 3568 kbdhid - ok 08:49:53.0842 3568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 08:49:53.0857 3568 KeyIso - ok 08:49:53.0873 3568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 08:49:53.0888 3568 KSecDD - ok 08:49:53.0920 3568 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 08:49:53.0935 3568 KSecPkg - ok 08:49:53.0951 3568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 08:49:53.0951 3568 ksthunk - ok 08:49:53.0998 3568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 08:49:53.0998 3568 KtmRm - ok 08:49:54.0091 3568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 08:49:54.0107 3568 LanmanServer - ok 08:49:54.0154 3568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 08:49:54.0154 3568 LanmanWorkstation - ok 08:49:54.0185 3568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 08:49:54.0185 3568 lltdio - ok 08:49:54.0232 3568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 08:49:54.0232 3568 lltdsvc - ok 08:49:54.0247 3568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 08:49:54.0247 3568 lmhosts - ok 08:49:54.0294 3568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 08:49:54.0294 3568 LSI_FC - ok 08:49:54.0325 3568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 08:49:54.0325 3568 LSI_SAS - ok 08:49:54.0341 3568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:49:54.0341 3568 LSI_SAS2 - ok 08:49:54.0372 3568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:49:54.0372 3568 LSI_SCSI - ok 08:49:54.0403 3568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 08:49:54.0403 3568 luafv - ok 08:49:54.0434 3568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 08:49:54.0434 3568 Mcx2Svc - ok 08:49:54.0450 3568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 08:49:54.0450 3568 megasas - ok 08:49:54.0481 3568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 08:49:54.0481 3568 MegaSR - ok 08:49:54.0512 3568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 08:49:54.0512 3568 MMCSS - ok 08:49:54.0528 3568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 08:49:54.0528 3568 Modem - ok 08:49:54.0559 3568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 08:49:54.0559 3568 monitor - ok 08:49:54.0590 3568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 08:49:54.0590 3568 mouclass - ok 08:49:54.0622 3568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 08:49:54.0622 3568 mouhid - ok 08:49:54.0668 3568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 08:49:54.0668 3568 mountmgr - ok 08:49:54.0746 3568 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:49:54.0778 3568 MozillaMaintenance - ok 08:49:54.0809 3568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 08:49:54.0824 3568 mpio - ok 08:49:54.0840 3568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 08:49:54.0856 3568 mpsdrv - ok 08:49:54.0902 3568 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 08:49:54.0934 3568 MpsSvc - ok 08:49:54.0980 3568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 08:49:54.0980 3568 MRxDAV - ok 08:49:55.0027 3568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 08:49:55.0027 3568 mrxsmb - ok 08:49:55.0074 3568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:49:55.0090 3568 mrxsmb10 - ok 08:49:55.0121 3568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:49:55.0121 3568 mrxsmb20 - ok 08:49:55.0136 3568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 08:49:55.0136 3568 msahci - ok 08:49:55.0152 3568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 08:49:55.0152 3568 msdsm - ok 08:49:55.0183 3568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 08:49:55.0199 3568 MSDTC - ok 08:49:55.0246 3568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 08:49:55.0246 3568 Msfs - ok 08:49:55.0277 3568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 08:49:55.0277 3568 mshidkmdf - ok 08:49:55.0308 3568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 08:49:55.0308 3568 msisadrv - ok 08:49:55.0355 3568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 08:49:55.0355 3568 MSiSCSI - ok 08:49:55.0355 3568 msiserver - ok 08:49:55.0402 3568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 08:49:55.0402 3568 MSKSSRV - ok 08:49:55.0402 3568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 08:49:55.0417 3568 MSPCLOCK - ok 08:49:55.0433 3568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 08:49:55.0433 3568 MSPQM - ok 08:49:55.0480 3568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 08:49:55.0480 3568 MsRPC - ok 08:49:55.0511 3568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 08:49:55.0511 3568 mssmbios - ok 08:49:55.0526 3568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 08:49:55.0526 3568 MSTEE - ok 08:49:55.0542 3568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 08:49:55.0542 3568 MTConfig - ok 08:49:55.0573 3568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 08:49:55.0589 3568 Mup - ok 08:49:55.0636 3568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 08:49:55.0636 3568 napagent - ok 08:49:55.0682 3568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 08:49:55.0698 3568 NativeWifiP - ok 08:49:55.0760 3568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 08:49:55.0807 3568 NDIS - ok 08:49:55.0823 3568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 08:49:55.0823 3568 NdisCap - ok 08:49:55.0854 3568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 08:49:55.0854 3568 NdisTapi - ok 08:49:55.0885 3568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 08:49:55.0901 3568 Ndisuio - ok 08:49:55.0932 3568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 08:49:55.0932 3568 NdisWan - ok 08:49:55.0994 3568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 08:49:55.0994 3568 NDProxy - ok 08:49:56.0072 3568 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 08:49:56.0072 3568 Net Driver HPZ12 - ok 08:49:56.0104 3568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 08:49:56.0104 3568 NetBIOS - ok 08:49:56.0150 3568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 08:49:56.0150 3568 NetBT - ok 08:49:56.0182 3568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 08:49:56.0182 3568 Netlogon - ok 08:49:56.0228 3568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 08:49:56.0244 3568 Netman - ok 08:49:56.0260 3568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 08:49:56.0275 3568 netprofm - ok 08:49:56.0291 3568 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:49:56.0322 3568 NetTcpPortSharing - ok 08:49:56.0540 3568 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 08:49:56.0728 3568 netw5v64 - ok 08:49:56.0774 3568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 08:49:56.0774 3568 nfrd960 - ok 08:49:56.0806 3568 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 08:49:56.0806 3568 NlaSvc - ok 08:49:56.0821 3568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 08:49:56.0821 3568 Npfs - ok 08:49:56.0852 3568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 08:49:56.0852 3568 nsi - ok 08:49:56.0868 3568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 08:49:56.0868 3568 nsiproxy - ok 08:49:56.0962 3568 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 08:49:57.0024 3568 Ntfs - ok 08:49:57.0040 3568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 08:49:57.0055 3568 Null - ok 08:49:57.0102 3568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 08:49:57.0102 3568 nvraid - ok 08:49:57.0133 3568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 08:49:57.0133 3568 nvstor - ok 08:49:57.0164 3568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 08:49:57.0164 3568 nv_agp - ok 08:49:57.0258 3568 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 08:49:57.0336 3568 odserv - ok 08:49:57.0367 3568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 08:49:57.0383 3568 ohci1394 - ok 08:49:57.0414 3568 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:49:57.0430 3568 ose - ok 08:49:57.0461 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 08:49:57.0461 3568 p2pimsvc - ok 08:49:57.0492 3568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 08:49:57.0523 3568 p2psvc - ok 08:49:57.0539 3568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 08:49:57.0539 3568 Parport - ok 08:49:57.0586 3568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 08:49:57.0586 3568 partmgr - ok 08:49:57.0601 3568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 08:49:57.0601 3568 PcaSvc - ok 08:49:57.0648 3568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 08:49:57.0664 3568 pci - ok 08:49:57.0664 3568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 08:49:57.0695 3568 pciide - ok 08:49:57.0710 3568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 08:49:57.0710 3568 pcmcia - ok 08:49:57.0726 3568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 08:49:57.0742 3568 pcw - ok 08:49:57.0757 3568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 08:49:57.0788 3568 PEAUTH - ok 08:49:57.0851 3568 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 08:49:57.0944 3568 PeerDistSvc - ok 08:49:58.0022 3568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 08:49:58.0038 3568 PerfHost - ok 08:49:58.0132 3568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 08:49:58.0178 3568 pla - ok 08:49:58.0210 3568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 08:49:58.0225 3568 PlugPlay - ok 08:49:58.0319 3568 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 08:49:58.0319 3568 Pml Driver HPZ12 - ok 08:49:58.0350 3568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 08:49:58.0350 3568 PNRPAutoReg - ok 08:49:58.0381 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 08:49:58.0381 3568 PNRPsvc - ok 08:49:58.0428 3568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 08:49:58.0459 3568 PolicyAgent - ok 08:49:58.0490 3568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 08:49:58.0490 3568 Power - ok 08:49:58.0537 3568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 08:49:58.0537 3568 PptpMiniport - ok 08:49:58.0568 3568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 08:49:58.0568 3568 Processor - ok 08:49:58.0600 3568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 08:49:58.0615 3568 ProfSvc - ok 08:49:58.0631 3568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 08:49:58.0631 3568 ProtectedStorage - ok 08:49:58.0678 3568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 08:49:58.0678 3568 Psched - ok 08:49:58.0756 3568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 08:49:58.0802 3568 ql2300 - ok 08:49:58.0818 3568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 08:49:58.0818 3568 ql40xx - ok 08:49:58.0865 3568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 08:49:58.0865 3568 QWAVE - ok 08:49:58.0880 3568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 08:49:58.0880 3568 QWAVEdrv - ok 08:49:58.0912 3568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 08:49:58.0912 3568 RasAcd - ok 08:49:58.0927 3568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 08:49:58.0927 3568 RasAgileVpn - ok 08:49:58.0943 3568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 08:49:58.0958 3568 RasAuto - ok 08:49:58.0974 3568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 08:49:58.0974 3568 Rasl2tp - ok 08:49:59.0021 3568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 08:49:59.0036 3568 RasMan - ok 08:49:59.0068 3568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 08:49:59.0068 3568 RasPppoe - ok 08:49:59.0083 3568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 08:49:59.0083 3568 RasSstp - ok 08:49:59.0146 3568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 08:49:59.0146 3568 rdbss - ok 08:49:59.0161 3568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 08:49:59.0161 3568 rdpbus - ok 08:49:59.0192 3568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 08:49:59.0192 3568 RDPCDD - ok 08:49:59.0239 3568 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 08:49:59.0239 3568 RDPDR - ok 08:49:59.0255 3568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 08:49:59.0255 3568 RDPENCDD - ok 08:49:59.0270 3568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 08:49:59.0270 3568 RDPREFMP - ok 08:49:59.0333 3568 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 08:49:59.0333 3568 RdpVideoMiniport - ok 08:49:59.0380 3568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 08:49:59.0380 3568 RDPWD - ok 08:49:59.0442 3568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 08:49:59.0442 3568 rdyboost - ok 08:49:59.0473 3568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 08:49:59.0473 3568 RemoteAccess - ok 08:49:59.0520 3568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 08:49:59.0520 3568 RemoteRegistry - ok 08:49:59.0551 3568 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 08:49:59.0567 3568 RFCOMM - ok 08:49:59.0598 3568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 08:49:59.0598 3568 RpcEptMapper - ok 08:49:59.0614 3568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 08:49:59.0614 3568 RpcLocator - ok 08:49:59.0645 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 08:49:59.0645 3568 RpcSs - ok 08:49:59.0692 3568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 08:49:59.0692 3568 rspndr - ok 08:49:59.0738 3568 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 08:49:59.0754 3568 RTL8167 - ok 08:49:59.0785 3568 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 08:49:59.0785 3568 s3cap - ok 08:49:59.0816 3568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 08:49:59.0816 3568 SamSs - ok 08:49:59.0832 3568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 08:49:59.0832 3568 sbp2port - ok 08:49:59.0879 3568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 08:49:59.0879 3568 SCardSvr - ok 08:49:59.0910 3568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 08:49:59.0926 3568 scfilter - ok 08:49:59.0988 3568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 08:50:00.0035 3568 Schedule - ok 08:50:00.0066 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 08:50:00.0066 3568 SCPolicySvc - ok 08:50:00.0113 3568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 08:50:00.0113 3568 SDRSVC - ok 08:50:00.0144 3568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 08:50:00.0144 3568 secdrv - ok 08:50:00.0175 3568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 08:50:00.0191 3568 seclogon - ok 08:50:00.0222 3568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 08:50:00.0222 3568 SENS - ok 08:50:00.0238 3568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 08:50:00.0238 3568 SensrSvc - ok 08:50:00.0253 3568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 08:50:00.0253 3568 Serenum - ok 08:50:00.0284 3568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 08:50:00.0284 3568 Serial - ok 08:50:00.0316 3568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 08:50:00.0316 3568 sermouse - ok 08:50:00.0362 3568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 08:50:00.0378 3568 SessionEnv - ok 08:50:00.0409 3568 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys 08:50:00.0409 3568 SFEP - ok 08:50:00.0456 3568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 08:50:00.0456 3568 sffdisk - ok 08:50:00.0472 3568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 08:50:00.0472 3568 sffp_mmc - ok 08:50:00.0487 3568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 08:50:00.0487 3568 sffp_sd - ok 08:50:00.0518 3568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 08:50:00.0534 3568 sfloppy - ok 08:50:00.0565 3568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 08:50:00.0581 3568 SharedAccess - ok 08:50:00.0628 3568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 08:50:00.0628 3568 ShellHWDetection - ok 08:50:00.0674 3568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:50:00.0674 3568 SiSRaid2 - ok 08:50:00.0690 3568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 08:50:00.0690 3568 SiSRaid4 - ok 08:50:00.0940 3568 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 08:50:01.0049 3568 Skype C2C Service - ok 08:50:01.0127 3568 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 08:50:01.0189 3568 SkypeUpdate - ok 08:50:01.0205 3568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 08:50:01.0205 3568 Smb - ok 08:50:01.0267 3568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 08:50:01.0267 3568 SNMPTRAP - ok 08:50:01.0298 3568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 08:50:01.0298 3568 spldr - ok 08:50:01.0361 3568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 08:50:01.0392 3568 Spooler - ok 08:50:01.0532 3568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 08:50:01.0642 3568 sppsvc - ok 08:50:01.0688 3568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 08:50:01.0688 3568 sppuinotify - ok 08:50:01.0735 3568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 08:50:01.0735 3568 srv - ok 08:50:01.0766 3568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 08:50:01.0782 3568 srv2 - ok 08:50:01.0829 3568 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 08:50:01.0829 3568 SrvHsfHDA - ok 08:50:01.0907 3568 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 08:50:01.0969 3568 SrvHsfV92 - ok 08:50:02.0016 3568 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 08:50:02.0032 3568 SrvHsfWinac - ok 08:50:02.0047 3568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 08:50:02.0063 3568 srvnet - ok 08:50:02.0094 3568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 08:50:02.0094 3568 SSDPSRV - ok 08:50:02.0125 3568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 08:50:02.0125 3568 SstpSvc - ok 08:50:02.0156 3568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 08:50:02.0156 3568 stexstor - ok 08:50:02.0203 3568 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 08:50:02.0203 3568 StillCam - ok 08:50:02.0266 3568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 08:50:02.0281 3568 stisvc - ok 08:50:02.0328 3568 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 08:50:02.0328 3568 storflt - ok 08:50:02.0359 3568 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 08:50:02.0359 3568 StorSvc - ok 08:50:02.0390 3568 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 08:50:02.0390 3568 storvsc - ok 08:50:02.0422 3568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 08:50:02.0422 3568 swenum - ok 08:50:02.0468 3568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 08:50:02.0500 3568 swprv - ok 08:50:02.0578 3568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 08:50:02.0640 3568 SysMain - ok 08:50:02.0687 3568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 08:50:02.0687 3568 TabletInputService - ok 08:50:02.0734 3568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 08:50:02.0749 3568 TapiSrv - ok 08:50:02.0780 3568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 08:50:02.0780 3568 TBS - ok 08:50:02.0874 3568 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 08:50:02.0936 3568 Tcpip - ok 08:50:02.0999 3568 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 08:50:03.0014 3568 TCPIP6 - ok 08:50:03.0046 3568 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 08:50:03.0046 3568 tcpipreg - ok 08:50:03.0077 3568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 08:50:03.0077 3568 TDPIPE - ok 08:50:03.0108 3568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 08:50:03.0108 3568 TDTCP - ok 08:50:03.0139 3568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 08:50:03.0155 3568 tdx - ok 08:50:03.0155 3568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 08:50:03.0155 3568 TermDD - ok 08:50:03.0202 3568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 08:50:03.0217 3568 TermService - ok 08:50:03.0248 3568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 08:50:03.0248 3568 Themes - ok 08:50:03.0264 3568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 08:50:03.0264 3568 THREADORDER - ok 08:50:03.0280 3568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 08:50:03.0280 3568 TrkWks - ok 08:50:03.0358 3568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 08:50:03.0358 3568 TrustedInstaller - ok 08:50:03.0404 3568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 08:50:03.0404 3568 tssecsrv - ok 08:50:03.0467 3568 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 08:50:03.0467 3568 TsUsbFlt - ok 08:50:03.0529 3568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 08:50:03.0529 3568 tunnel - ok 08:50:03.0560 3568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 08:50:03.0560 3568 uagp35 - ok 08:50:03.0607 3568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 08:50:03.0623 3568 udfs - ok 08:50:03.0654 3568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 08:50:03.0654 3568 UI0Detect - ok 08:50:03.0685 3568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 08:50:03.0685 3568 uliagpkx - ok 08:50:03.0732 3568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 08:50:03.0732 3568 umbus - ok 08:50:03.0748 3568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 08:50:03.0748 3568 UmPass - ok 08:50:03.0794 3568 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 08:50:03.0794 3568 UmRdpService - ok 08:50:03.0841 3568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 08:50:03.0841 3568 upnphost - ok 08:50:03.0872 3568 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 08:50:03.0872 3568 USBAAPL64 - ok 08:50:03.0935 3568 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 08:50:03.0935 3568 usbaudio - ok 08:50:03.0966 3568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 08:50:03.0966 3568 usbccgp - ok 08:50:03.0997 3568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 08:50:03.0997 3568 usbcir - ok 08:50:04.0028 3568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 08:50:04.0044 3568 usbehci - ok 08:50:04.0060 3568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 08:50:04.0060 3568 usbhub - ok 08:50:04.0091 3568 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 08:50:04.0091 3568 usbohci - ok 08:50:04.0106 3568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 08:50:04.0106 3568 usbprint - ok 08:50:04.0153 3568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:50:04.0153 3568 USBSTOR - ok 08:50:04.0184 3568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 08:50:04.0184 3568 usbuhci - ok 08:50:04.0247 3568 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 08:50:04.0247 3568 usbvideo - ok 08:50:04.0278 3568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 08:50:04.0278 3568 UxSms - ok 08:50:04.0294 3568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 08:50:04.0294 3568 VaultSvc - ok 08:50:04.0340 3568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 08:50:04.0340 3568 vdrvroot - ok 08:50:04.0403 3568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 08:50:04.0434 3568 vds - ok 08:50:04.0465 3568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 08:50:04.0465 3568 vga - ok 08:50:04.0481 3568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 08:50:04.0481 3568 VgaSave - ok 08:50:04.0528 3568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 08:50:04.0528 3568 vhdmp - ok 08:50:04.0559 3568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 08:50:04.0559 3568 viaide - ok 08:50:04.0590 3568 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 08:50:04.0590 3568 vmbus - ok 08:50:04.0606 3568 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 08:50:04.0606 3568 VMBusHID - ok 08:50:04.0621 3568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 08:50:04.0621 3568 volmgr - ok 08:50:04.0684 3568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 08:50:04.0699 3568 volmgrx - ok 08:50:04.0746 3568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 08:50:04.0746 3568 volsnap - ok 08:50:04.0793 3568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 08:50:04.0793 3568 vsmraid - ok 08:50:04.0871 3568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 08:50:04.0933 3568 VSS - ok 08:50:04.0949 3568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 08:50:04.0949 3568 vwifibus - ok 08:50:04.0996 3568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 08:50:05.0011 3568 W32Time - ok 08:50:05.0027 3568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 08:50:05.0027 3568 WacomPen - ok 08:50:05.0074 3568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 08:50:05.0074 3568 WANARP - ok 08:50:05.0089 3568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 08:50:05.0089 3568 Wanarpv6 - ok 08:50:05.0183 3568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 08:50:05.0230 3568 wbengine - ok 08:50:05.0261 3568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 08:50:05.0261 3568 WbioSrvc - ok 08:50:05.0308 3568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 08:50:05.0339 3568 wcncsvc - ok 08:50:05.0354 3568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 08:50:05.0354 3568 WcsPlugInService - ok 08:50:05.0370 3568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 08:50:05.0370 3568 Wd - ok 08:50:05.0401 3568 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 08:50:05.0401 3568 WDC_SAM - ok 08:50:05.0464 3568 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 08:50:05.0510 3568 Wdf01000 - ok 08:50:05.0510 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 08:50:05.0526 3568 WdiServiceHost - ok 08:50:05.0526 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 08:50:05.0526 3568 WdiSystemHost - ok 08:50:05.0557 3568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 08:50:05.0557 3568 WebClient - ok 08:50:05.0588 3568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 08:50:05.0588 3568 Wecsvc - ok 08:50:05.0620 3568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 08:50:05.0620 3568 wercplsupport - ok 08:50:05.0651 3568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 08:50:05.0651 3568 WerSvc - ok 08:50:05.0698 3568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 08:50:05.0698 3568 WfpLwf - ok 08:50:05.0729 3568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 08:50:05.0729 3568 WIMMount - ok 08:50:05.0760 3568 WinDefend - ok 08:50:05.0760 3568 WinHttpAutoProxySvc - ok 08:50:05.0822 3568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 08:50:05.0838 3568 Winmgmt - ok 08:50:05.0932 3568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 08:50:06.0010 3568 WinRM - ok 08:50:06.0072 3568 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 08:50:06.0072 3568 WinUsb - ok 08:50:06.0119 3568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 08:50:06.0150 3568 Wlansvc - ok 08:50:06.0306 3568 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:50:06.0415 3568 wlidsvc - ok 08:50:06.0446 3568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 08:50:06.0446 3568 WmiAcpi - ok 08:50:06.0493 3568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 08:50:06.0493 3568 wmiApSrv - ok 08:50:06.0524 3568 WMPNetworkSvc - ok 08:50:06.0556 3568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 08:50:06.0556 3568 WPCSvc - ok 08:50:06.0602 3568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 08:50:06.0602 3568 WPDBusEnum - ok 08:50:06.0634 3568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 08:50:06.0634 3568 ws2ifsl - ok 08:50:06.0665 3568 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 08:50:06.0680 3568 wscsvc - ok 08:50:06.0680 3568 WSearch - ok 08:50:06.0790 3568 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 08:50:06.0868 3568 wuauserv - ok 08:50:06.0899 3568 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 08:50:06.0899 3568 WudfPf - ok 08:50:06.0946 3568 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 08:50:06.0946 3568 WUDFRd - ok 08:50:06.0992 3568 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 08:50:06.0992 3568 wudfsvc - ok 08:50:07.0024 3568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 08:50:07.0039 3568 WwanSvc - ok 08:50:07.0070 3568 ================ Scan global =============================== 08:50:07.0086 3568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 08:50:07.0133 3568 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 08:50:07.0148 3568 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 08:50:07.0195 3568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 08:50:07.0211 3568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 08:50:07.0226 3568 [Global] - ok 08:50:07.0226 3568 ================ Scan MBR ================================== 08:50:07.0242 3568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 08:50:07.0523 3568 \Device\Harddisk0\DR0 - ok 08:50:07.0523 3568 ================ Scan VBR ================================== 08:50:07.0523 3568 [ 47D6447E42ABB46BB007308076E44048 ] \Device\Harddisk0\DR0\Partition1 08:50:07.0523 3568 \Device\Harddisk0\DR0\Partition1 - ok 08:50:07.0554 3568 [ 6A25250598FC2DE49A4E211AF2138DFB ] \Device\Harddisk0\DR0\Partition2 08:50:07.0554 3568 \Device\Harddisk0\DR0\Partition2 - ok 08:50:07.0585 3568 [ E2B3B2E02B6A6D3E0DB9F3F57D13FD93 ] \Device\Harddisk0\DR0\Partition3 08:50:07.0585 3568 \Device\Harddisk0\DR0\Partition3 - ok 08:50:07.0585 3568 ============================================================ 08:50:07.0585 3568 Scan finished 08:50:07.0585 3568 ============================================================ 08:50:07.0601 3268 Detected object count: 0 08:50:07.0601 3268 Actual detected object count: 0 08:50:19.0739 3364 Deinitialize success Hier die dds.txt: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Doppelleben at 8:57:18 on 2012-12-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.2038.1045 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5D2656B2-96A0-4F00-8DA2-450C4C414309} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5D2656B2-96A0-4F00-8DA2-450C4C414309}\5416379724F687D2934434134323 : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-18 22:54; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2011-7-29 131336]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-20 270912]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-7-29 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-7-29 340136]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-29 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-29 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-7-29 428200]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-7-29 88288]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2011-7-29 101984]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-12-12 02:55:34 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F3DA5AF-676F-4FF4-9534-46667F895EAA}\offreg.dll
2012-12-11 22:33:59 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-12-11 09:10:25 -------- d-----w- C:\ProgramData\HitmanPro
2012-12-11 09:01:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F3DA5AF-676F-4FF4-9534-46667F895EAA}\mpengine.dll
2012-11-23 13:38:38 -------- d-s---w- C:\ComboFix
2012-11-18 21:53:26 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-11-15 13:21:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 13:21:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 13:21:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 13:21:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 13:06:06 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 13:06:06 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 13:06:05 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 13:06:05 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 13:06:05 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 13:06:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 13:06:05 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 13:04:13 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-15 13:04:13 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-15 13:04:13 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-15 13:04:13 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-15 13:04:13 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-15 13:04:13 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-15 13:04:13 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-15 13:04:12 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-15 13:04:12 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-15 12:16:39 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 12:16:39 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-15 09:35:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-15 09:35:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-12-12 00:19:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 00:19:17 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 8:58:17,19 ===============
hier die attach.txt: Code:
ATTFilter Dropbox
GPL Ghostscript
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Juniper Networks Network Connect 6.4.0
Juniper Networks Network Connect 7.1.0
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Junk Mail filter update
K-Lite Mega Codec Pack 7.2.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
RedMon - Redirection Port Monitor
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.0
Spybot - Search & Destroy
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
VAIO Control Center
VAIO Update
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10.12.2012 07:37:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the dsNcService service.
07.12.2012 23:38:22, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
06.12.2012 21:57:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
05.12.2012 08:06:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
|
|
12.12.2012, 18:30
| #4 |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Die attach ist nicht vollständig.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.12.2012, 21:28
| #5 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Entschuldige, das Programm sagte diesmal, ich müsste es als zip speichern, also im Anhang mitgeschickt. Hier nochmal die attach.txt: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 24.08.2010 13:12:45
System Uptime: 12.12.2012 17:36:43 (4 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | N/A | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 36,254 GiB free.
D: is FIXED (NTFS) - 42 GiB total, 28,717 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9015104D&REV_00\4&32B6E616&0&3AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_9015104D&REV_00\4&32B6E616&0&3AF0
Service:
.
==== System Restore Points ===================
.
RP375: 04.12.2012 09:47:39 - Windows Update
RP376: 07.12.2012 10:02:03 - Windows Update
RP377: 11.12.2012 09:59:13 - Windows Update
RP378: 12.12.2012 03:00:47 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Premium Security Suite
Bonjour
CCleaner
Citavi
D3DX10
DAEMON Tools Lite
Dissertation-HU für Microsoft Word 2010 Deutsch
Dropbox
GPL Ghostscript
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Juniper Networks Network Connect 6.4.0
Juniper Networks Network Connect 7.1.0
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Junk Mail filter update
K-Lite Mega Codec Pack 7.2.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
RedMon - Redirection Port Monitor
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.0
Spybot - Search & Destroy
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
VAIO Control Center
VAIO Update
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10.12.2012 07:37:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the dsNcService service.
07.12.2012 23:38:22, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
06.12.2012 21:57:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
05.12.2012 08:06:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
|
|
12.12.2012, 21:42
| #6 | ||
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Gut soweit .... dann Schritt 1: Deinstalliere CCleaner und Spybot Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Scan mit Combofix
__________________ --> Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig |
|
12.12.2012, 23:03
| #7 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig hallo nochmal, hier die adwCleaner.txt: # AdwCleaner v2.100 - Logfile created 12/12/2012 at 21:59:02 # Updated 09/12/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Doppelleben - CHRISTINE-NB # Boot Mode : Normal # Running from : C:\Users\Doppelleben\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Doppelleben\AppData\Local\Conduit Folder Deleted : C:\Users\Doppelleben\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\Conduit Folder Deleted : C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\ConduitEngine Folder Deleted : C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\extensions\engine@conduit.com ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682 Key Deleted : HKLM\Software\Conduit ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (de) Profile name : default File : C:\Users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\prefs.js Deleted : user_pref("CT2776682..clientLogIsEnabled", true); Deleted : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2776682.CTID", "CT2776682"); Deleted : user_pref("CT2776682.CurrentServerDate", "29-4-2011"); Deleted : user_pref("CT2776682.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2776682.DialogsGetterLastCheckTime", "Fri Apr 29 2011 13:36:13 GMT+0200"); Deleted : user_pref("CT2776682.DownloadReferralCookieData", ""); Deleted : user_pref("CT2776682.FirstServerDate", "29-4-2011"); Deleted : user_pref("CT2776682.FirstTime", true); Deleted : user_pref("CT2776682.FirstTimeFF3", true); Deleted : user_pref("CT2776682.FixPageNotFoundErrors", true); Deleted : user_pref("CT2776682.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2776682.HasUserGlobalKeys", true); Deleted : user_pref("CT2776682.Initialize", true); Deleted : user_pref("CT2776682.InitializeCommonPrefs", true); Deleted : user_pref("CT2776682.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2776682.InstallationId", "Integrated_BrotherSoft_TB.exe"); Deleted : user_pref("CT2776682.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2776682.InstalledDate", "Fri Apr 29 2011 13:36:11 GMT+0200"); Deleted : user_pref("CT2776682.InvalidateCache", false); Deleted : user_pref("CT2776682.IsGrouping", false); Deleted : user_pref("CT2776682.IsMulticommunity", false); Deleted : user_pref("CT2776682.IsOpenThankYouPage", false); Deleted : user_pref("CT2776682.IsOpenUninstallPage", true); Deleted : user_pref("CT2776682.LanguagePackLastCheckTime", "Fri Apr 29 2011 13:36:20 GMT+0200"); Deleted : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2776682.LastLogin_3.3.3.2", "Fri Apr 29 2011 13:36:12 GMT+0200"); Deleted : user_pref("CT2776682.LatestVersion", "3.3.3.2"); Deleted : user_pref("CT2776682.Locale", "en"); Deleted : user_pref("CT2776682.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2776682.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2776682.RadioIsPodcast", false); Deleted : user_pref("CT2776682.RadioLastCheckTime", "Fri Apr 29 2011 13:36:14 GMT+0200"); Deleted : user_pref("CT2776682.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2776682.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2776682.RadioMediaID", "9962"); Deleted : user_pref("CT2776682.RadioMediaType", "Media Player"); Deleted : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962"); Deleted : user_pref("CT2776682.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2776682.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...] Deleted : user_pref("CT2776682.SearchInNewTabEnabled", true); Deleted : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Fri Apr 29 2011 13:36:12 GMT+0200"); Deleted : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2776682.ServiceMapLastCheckTime", "Fri Apr 29 2011 13:36:10 GMT+0200"); Deleted : user_pref("CT2776682.SettingsLastCheckTime", "Fri Apr 29 2011 13:36:10 GMT+0200"); Deleted : user_pref("CT2776682.SettingsLastUpdate", "1304056373"); Deleted : user_pref("CT2776682.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Fri Apr 29 2011 13:36:10 GMT+0200"); Deleted : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2776682"); Deleted : user_pref("CT2776682.UserID", "UN41449362254294433"); Deleted : user_pref("CT2776682.alertChannelId", "1168776"); Deleted : user_pref("CT2776682.backendstorage.2776682a129476538034918884000000paramsgk", "7B227570646174655265[...] Deleted : user_pref("CT2776682.backendstorage.2776682a129485298065862948000000paramsgk", "7B227570646174655265[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000cat0", "253542253544"); Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000embeddedversion", "312E312[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000feedsobj", "25374225323263[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000lastreporttime", "31333034[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000newfeeds", "6E657746656564[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129476538034918884000000readitemsarr", "2537422537[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000cat0", "253542253544"); Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000embeddedversion", "312E312[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000feedsobj", "25374225323263[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000lastreporttime", "31333034[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000newfeeds", "6E657746656564[...] Deleted : user_pref("CT2776682.backendstorage.rssapp2776682a129485298065862948000000readitemsarr", "2537422537[...] Deleted : user_pref("CT2776682.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Deleted : user_pref("CT2776682.globalFirstTimeInfoLastCheckTime", "Fri Apr 29 2011 13:36:12 GMT+0200"); Deleted : user_pref("CT2776682.isAppTrackingManagerOn", true); Deleted : user_pref("CT2776682.myStuffEnabled", true); Deleted : user_pref("CT2776682.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2776682.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2776682.testingCtid", ""); Deleted : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Fri Apr 29 2011 13:36:12 GMT+0200"); Deleted : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Fri Apr 29 2011 13:36:17 GMT+0200"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2776682",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2776682"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{51a86bb3-6602-4c85-92a5-130ee4864f13}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "brothersoft_extreme"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2776682"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{51a86bb3-6602-4c85-92a5-130ee4864f13}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "brothersoft_extreme"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2776682"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2776682"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 29 2011 13:36:17 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 13:26:42 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 23:47:30 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "4fdc3e68-7418-4f6e-b388-613bbbb882dc"); Deleted : user_pref("CommunityToolbar.globalUserId", "e0cac82a-17a8-4d40-b814-907ecd95d38e"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 15 2011 18:04:51 GMT+0200"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Jun 22 2011 23:47:33 GMT+0200"); Deleted : user_pref("ConduitEngine.FirstServerDate", "04/29/2011 14"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Apr 29 2011 13:36:14 GMT+0200"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Jun 23 2011 23:47:34 GMT+0200"); Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jun 24 2011 21:31:59 GMT+0200"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jun 24 2011 21:31:57 GMT+0200"); Deleted : user_pref("ConduitEngine.UserID", "UN39278240726741614"); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Jun 23 2011 23:47:34 GMT+0200"); Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 18:31:59 GMT+0200"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("ConduitEngine.usagesFlag", 2); Profile name : default File : C:\Users\taart\AppData\Roaming\Mozilla\Firefox\Profiles\gglkjdty.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Doppelleben\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [15464 octets] - [12/12/2012 21:59:02] ########## EOF - C:\AdwCleaner[S1].txt - [15525 octets] ########## und ComboFix-Log: Code:
ATTFilter ComboFix 12-12-10.01 - Doppelleben 12.12.2012 22:12:31.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.2038.761 [GMT 1:00]
ausgeführt von:: c:\users\Doppelleben\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Doppelleben\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-12 bis 2012-12-12 ))))))))))))))))))))))))))))))
.
.
2012-12-12 21:22 . 2012-12-12 21:22 -------- d-----w- c:\users\taart\AppData\Local\temp
2012-12-12 21:22 . 2012-12-12 21:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-12 21:22 . 2012-12-12 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 21:12 . 2012-12-12 21:12 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F3DA5AF-676F-4FF4-9534-46667F895EAA}\offreg.dll
2012-12-11 22:33 . 2012-10-04 17:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-12-11 09:10 . 2012-12-11 09:11 -------- d-----w- c:\programdata\HitmanPro
2012-12-11 09:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F3DA5AF-676F-4FF4-9534-46667F895EAA}\mpengine.dll
2012-11-26 19:18 . 2012-11-26 19:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-21 12:31 . 2012-11-21 12:32 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-18 21:53 . 2012-12-11 22:14 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-11-15 13:21 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 13:21 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 13:21 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 13:21 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 13:06 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 13:06 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 13:06 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 13:06 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 13:06 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 13:06 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 13:06 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 13:04 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-15 13:04 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-15 13:04 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-15 13:04 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-15 13:04 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-15 13:04 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-15 13:04 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-15 13:04 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-15 13:04 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 12:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 12:16 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 09:35 . 2012-12-12 20:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-15 09:35 . 2012-12-12 20:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 02:04 . 2010-08-24 12:18 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 00:19 . 2012-07-04 13:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 00:19 . 2012-07-04 13:39 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38 . 2012-11-28 09:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-11 22:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-07-29 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-07-29 131336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-20 270912]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-07-29 567464]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-07-29 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-29 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-29 428200]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-07-29 101984]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 00:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Doppelleben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - ExtSQL: 2012-11-18 22:54; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Doppelleben\AppData\Roaming\Mozilla\Firefox\Profiles\zlhea29q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-12 22:35:51
ComboFix-quarantined-files.txt 2012-12-12 21:35
ComboFix2.txt 2012-06-30 11:11
.
Vor Suchlauf: 38.836.183.040 bytes free
Nach Suchlauf: 38.385.012.736 bytes free
.
- - End Of File - - 09D28EBD6F94F526409993084C1ABE00
|
|
12.12.2012, 23:04
| #8 | |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.12.2012, 11:17
| #9 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Hallo, hier das Logfile von Malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.12.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Doppelleben :: CHRISTINE-NB [Administrator] 12.12.2012 23:10:14 mbam-log-2012-12-12 (23-10-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230578 Laufzeit: 4 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Beim Eset-Scan wurden keine infizierten Objekte gefunden. ...das Logfile vom SecurityCheck: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AntiVir Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 JavaFX 2.1.1 Java(TM) 7 Update 5 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Schaut's gut aus?  |
|
13.12.2012, 11:23
| #10 |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Ja tut es! Schritt 1: Update: Internetexplorer Schritt 2: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 3: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.12.2012, 11:24
| #11 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Hmm..., habe eben die Google-Suche benutzt und wurde wieder aufgefordert ein Captcha einzugeben...liegt das Problem an nicht gefundenen Viren o.ä. oder woran?  |
|
13.12.2012, 11:24
| #12 |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Offenbar nicht, aber mach erstmal weiter wir suchen am Schluss danach.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.12.2012, 11:40
| #13 |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Benutzt du irgendeinen Proxy um irgendwelche Internetsperren zu umgehen? Wenn ja bitte mal deaktivieren.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.12.2012, 12:16
| #14 |
| | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig so, alles ausgeführt. Hier das Logfile vom Security-Check: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AntiVir Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader XI Mozilla Firefox (17.0.1) Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Nein, benutze keinen Proxy... |
|
13.12.2012, 12:24
| #15 |
| /// TB-Ausbilder | Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig Gut also dieser Rechner ist jetzt sauber. Das Captcha wird immer noch abgefragt? Malware ist es jetzt nicht mehr. Zumindest bei diesem Rechner. Welche anderen Netzwerkgeräte befinden sich noch im Haushalt?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig |
| antivir, aufforderung, captcha, compu, computer, computernetzwerk, datenverkehr, einzugeben, erkannt, fahren, malware, nutze, nötig, systeme, ungewöhnlichen datenverkehr, verkehr |
Button.
und dann 
Linear-Darstellung
