| |
| |||||||
Log-Analyse und Auswertung: explorer.exe frisst sich mehr und mehr Speicher anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.03.2013, 15:04
| #1 |
 |  explorer.exe frisst sich mehr und mehr Speicher an Hallo Community! Ich hab mich neu hier angemeldet, in der Hoffnung jemand kann mir helfen. Kurz mein Problem: Meine Taskleiste hat sich in letzter Zeit oft aufgehängt. Ich hab dabei beobachtet, dass die explorer.exe mehr und mehr an Speicher zunahm (von anfänglichen 15-25K bis hin zu 400K!). Irgendwann wird die taskleiste dann blockiert, durch Prozess beenden und neu starten, funktioniert alles wieder, allerdings wieder nur bis sich der Prozess "vollgefressen" hat. Ich hab nun das hier vorgeschlagene Programm drüber laufen lassen und es wurde dabei eine infizierte Datei gefunden. Hab bis jetzt nichts weiteres unternommen (also noch nichts gelöscht oder dergleichen). Hoffe jemand kann mir weiterhelfen! Mfg Gordi Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.28.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 xxx xxx :: xxx-PC [Administrator] Schutz: Aktiviert 28.03.2013 10:20:15 MBAM-log-2013-03-28 (13-53-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 580541 Laufzeit: 3 Stunde(n), 20 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Windows 7 User\Downloads\SoftonicDownloader_fuer_java-se-development-kit-jdk.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) |
|
28.03.2013, 17:40
| #2 |
| /// TB-Ausbilder  | explorer.exe frisst sich mehr und mehr Speicher an!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
28.03.2013, 17:41
| #3 | |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher anZitat:
Lesestoff:Softwaredownloader Es gibt im Internet Downloadportale, die statt die Datei selbst anzubieten, dem User einen Downloader unterjubelt. Startet man diesen, dann wird erst das gewünschte Programm von der Webseite des Anbieters geladen. Üblicherweise installiert dieser Downloader auch Werbeprogramme auf deinem Rechner. Besonders bekannt dafür ist z.B. Softonic. Daber merke dir bitte für die Zukunft:
__________________ |
|
28.03.2013, 19:13
| #4 |
| | explorer.exe frisst sich mehr und mehr Speicher an Vielen Vielen Dank für deine Antwort und deine Hilfe! Ich hab deine Schritte befolgt und poste meine Ergebnisse: Schritt 1: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 28/03/2013 (xxx xxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-28 18:23:29
-----------------------------
18:23:29.749 OS Version: Windows 6.1.7601 Service Pack 1
18:23:29.749 Number of processors: 4 586 0x2A07
18:23:29.751 ComputerName: xxx-PC UserName:
18:23:30.907 Initialize success
18:41:09.988 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:41:09.997 Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3
18:41:10.141 Disk 0 MBR read successfully
18:41:10.146 Disk 0 MBR scan
18:41:10.152 Disk 0 unknown MBR code
18:41:10.165 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:41:10.176 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 251610 MB offset 206848
18:41:10.217 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15359 MB offset 593682432
18:41:10.224 Disk 0 Partition - 00 05 Extended 38172 MB offset 515506174
18:41:10.251 Disk 0 Partition 4 00 83 Linux 34192 MB offset 515506176
18:41:10.261 Disk 0 Partition - 00 05 Extended 3980 MB offset 585531392
18:41:10.300 Disk 0 scanning sectors +625137664
18:41:10.389 Disk 0 scanning C:\Windows\system32\drivers
18:41:25.045 Service scanning
18:41:43.904 Modules scanning
18:42:03.611 Disk 0 trace - called modules:
18:42:03.637 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
18:42:03.641 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88713568]
18:42:03.644 3 CLASSPNP.SYS[8cdd859e] -> nt!IofCallDriver -> [0x85aeb830]
18:42:03.648 5 ACPI.sys[8c4b73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x863f8028]
18:42:03.652 Scan finished successfully
18:42:27.017 Disk 0 MBR has been saved successfully to "C:\Users\Windows 7 User\Desktop\MBR.dat"
18:42:27.022 The log file has been saved successfully to "C:\Users\Windows 7 User\Desktop\aswMBR.txt"
Code:
ATTFilter 18:52:50.0020 7044 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:52:52.0048 7044 ============================================================
18:52:52.0048 7044 Current date / time: 2013/03/28 18:52:52.0048
18:52:52.0048 7044 SystemInfo:
18:52:52.0048 7044
18:52:52.0048 7044 OS Version: 6.1.7601 ServicePack: 1.0
18:52:52.0048 7044 Product type: Workstation
18:52:52.0048 7044 ComputerName: xxx-PC
18:52:52.0048 7044 UserName: Windows 7 User
18:52:52.0048 7044 Windows directory: C:\Windows
18:52:52.0048 7044 System windows directory: C:\Windows
18:52:52.0048 7044 Processor architecture: Intel x86
18:52:52.0048 7044 Number of processors: 4
18:52:52.0048 7044 Page size: 0x1000
18:52:52.0048 7044 Boot type: Normal boot
18:52:52.0048 7044 ============================================================
18:52:52.0641 7044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:52:52.0641 7044 ============================================================
18:52:52.0641 7044 \Device\Harddisk0\DR0:
18:52:52.0641 7044 MBR partitions:
18:52:52.0641 7044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:52:52.0641 7044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EB6D39E
18:52:52.0656 7044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2362E000, BlocksNum 0x1DFF800
18:52:52.0703 7044 ============================================================
18:52:52.0797 7044 C: <-> \Device\Harddisk0\DR0\Partition2
18:52:52.0906 7044 E: <-> \Device\Harddisk0\DR0\Partition3
18:52:52.0906 7044 ============================================================
18:52:52.0906 7044 Initialize success
18:52:52.0906 7044 ============================================================
18:53:24.0649 5232 ============================================================
18:53:24.0649 5232 Scan started
18:53:24.0649 5232 Mode: Manual; TDLFS;
18:53:24.0649 5232 ============================================================
18:53:25.0070 5232 ================ Scan system memory ========================
18:53:25.0070 5232 System memory - ok
18:53:25.0085 5232 ================ Scan services =============================
18:53:25.0226 5232 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:53:25.0241 5232 1394ohci - ok
18:53:25.0304 5232 [ 1875F492C399DB858E77C1B29366D54B ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
18:53:25.0304 5232 5U877 - ok
18:53:25.0335 5232 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:53:25.0335 5232 ACPI - ok
18:53:25.0351 5232 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:53:25.0366 5232 AcpiPmi - ok
18:53:25.0475 5232 [ 6A53AAEC52611285F32F1B71321F2604 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
18:53:25.0475 5232 AcPrfMgrSvc - ok
18:53:25.0522 5232 [ 04762CCCFBB3103E3567B582ECF561A6 ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
18:53:25.0538 5232 AcSvc - ok
18:53:25.0631 5232 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:25.0647 5232 AdobeARMservice - ok
18:53:25.0709 5232 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:53:25.0725 5232 adp94xx - ok
18:53:25.0725 5232 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:53:25.0741 5232 adpahci - ok
18:53:25.0772 5232 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:53:25.0772 5232 adpu320 - ok
18:53:25.0787 5232 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:53:25.0787 5232 AeLookupSvc - ok
18:53:25.0850 5232 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:53:25.0865 5232 AFD - ok
18:53:25.0897 5232 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:53:25.0897 5232 agp440 - ok
18:53:25.0928 5232 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:53:25.0928 5232 aic78xx - ok
18:53:25.0943 5232 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:53:25.0943 5232 ALG - ok
18:53:25.0959 5232 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:53:25.0959 5232 aliide - ok
18:53:25.0990 5232 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:53:25.0990 5232 amdagp - ok
18:53:25.0990 5232 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:53:25.0990 5232 amdide - ok
18:53:26.0021 5232 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:53:26.0021 5232 AmdK8 - ok
18:53:26.0021 5232 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:53:26.0021 5232 AmdPPM - ok
18:53:26.0053 5232 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:53:26.0053 5232 amdsata - ok
18:53:26.0068 5232 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:53:26.0068 5232 amdsbs - ok
18:53:26.0084 5232 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:53:26.0084 5232 amdxata - ok
18:53:26.0115 5232 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
18:53:26.0115 5232 androidusb - ok
18:53:26.0318 5232 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:53:26.0318 5232 AntiVirSchedulerService - ok
18:53:26.0380 5232 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:53:26.0380 5232 AntiVirService - ok
18:53:26.0427 5232 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:53:26.0443 5232 AppID - ok
18:53:26.0521 5232 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:53:26.0521 5232 AppIDSvc - ok
18:53:26.0567 5232 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:53:26.0567 5232 Appinfo - ok
18:53:26.0599 5232 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:53:26.0599 5232 AppMgmt - ok
18:53:26.0614 5232 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:53:26.0630 5232 arc - ok
18:53:26.0645 5232 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:53:26.0645 5232 arcsas - ok
18:53:26.0739 5232 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:53:26.0786 5232 aspnet_state - ok
18:53:26.0817 5232 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:26.0817 5232 AsyncMac - ok
18:53:26.0848 5232 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:53:26.0848 5232 atapi - ok
18:53:26.0895 5232 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:53:26.0911 5232 AudioEndpointBuilder - ok
18:53:26.0926 5232 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:53:26.0942 5232 Audiosrv - ok
18:53:27.0004 5232 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:53:27.0020 5232 avgntflt - ok
18:53:27.0067 5232 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:53:27.0067 5232 avipbb - ok
18:53:27.0098 5232 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:53:27.0113 5232 avkmgr - ok
18:53:27.0145 5232 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:53:27.0145 5232 AxInstSV - ok
18:53:27.0176 5232 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:53:27.0191 5232 b06bdrv - ok
18:53:27.0223 5232 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:53:27.0223 5232 b57nd60x - ok
18:53:27.0254 5232 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:53:27.0254 5232 BDESVC - ok
18:53:27.0285 5232 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:53:27.0285 5232 Beep - ok
18:53:27.0332 5232 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:53:27.0347 5232 BFE - ok
18:53:27.0363 5232 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:53:27.0379 5232 BITS - ok
18:53:27.0394 5232 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:53:27.0394 5232 blbdrive - ok
18:53:27.0425 5232 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:53:27.0425 5232 bowser - ok
18:53:27.0441 5232 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:53:27.0441 5232 BrFiltLo - ok
18:53:27.0457 5232 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:53:27.0457 5232 BrFiltUp - ok
18:53:27.0581 5232 [ A61D617F37456D9D32F98BF70EB5D414 ] BrlAPI C:\cygwin\bin\cygrunsrv.exe
18:53:27.0644 5232 BrlAPI - ok
18:53:27.0706 5232 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:53:27.0706 5232 Browser - ok
18:53:27.0769 5232 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:53:27.0769 5232 Brserid - ok
18:53:27.0784 5232 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:53:27.0800 5232 BrSerWdm - ok
18:53:27.0815 5232 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:53:27.0815 5232 BrUsbMdm - ok
18:53:27.0831 5232 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:53:27.0831 5232 BrUsbSer - ok
18:53:27.0878 5232 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:53:27.0878 5232 BthEnum - ok
18:53:27.0909 5232 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:53:27.0909 5232 BTHMODEM - ok
18:53:27.0925 5232 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:53:27.0925 5232 BthPan - ok
18:53:28.0018 5232 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:53:28.0018 5232 BTHPORT - ok
18:53:28.0096 5232 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:53:28.0112 5232 bthserv - ok
18:53:28.0143 5232 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:53:28.0143 5232 BTHUSB - ok
18:53:28.0174 5232 [ 390946C125C045BD548CD66354607EB6 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
18:53:28.0174 5232 BTWAMPFL - ok
18:53:28.0205 5232 [ 8B9CF1270A03571A16087E6C5DFA14EF ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:53:28.0205 5232 btwaudio - ok
18:53:28.0221 5232 [ A795563474129CFEB3D64988E68F8607 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:53:28.0221 5232 btwavdt - ok
18:53:28.0268 5232 [ 432D888EEF8DE36D4ED7005136021CF7 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
18:53:28.0283 5232 btwdins - ok
18:53:28.0283 5232 [ 53F0EDC6FAF9CE6C5E53EE7EF8D411C0 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:53:28.0299 5232 btwl2cap - ok
18:53:28.0299 5232 [ 772F7672F4C0BCC6085B2AC511CDC335 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:53:28.0299 5232 btwrchid - ok
18:53:28.0315 5232 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:53:28.0315 5232 cdfs - ok
18:53:28.0361 5232 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:53:28.0361 5232 cdrom - ok
18:53:28.0408 5232 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:53:28.0408 5232 CertPropSvc - ok
18:53:28.0424 5232 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:53:28.0424 5232 circlass - ok
18:53:28.0439 5232 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:53:28.0439 5232 CLFS - ok
18:53:28.0502 5232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:28.0502 5232 clr_optimization_v2.0.50727_32 - ok
18:53:28.0533 5232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:53:28.0580 5232 clr_optimization_v4.0.30319_32 - ok
18:53:28.0595 5232 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:28.0595 5232 CmBatt - ok
18:53:28.0627 5232 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:53:28.0627 5232 cmdide - ok
18:53:28.0658 5232 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:53:28.0658 5232 CNG - ok
18:53:28.0736 5232 [ C8603C5C58C6A0C6FEDFF6DCEF7E1E47 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
18:53:28.0767 5232 CnxtHdAudService - ok
18:53:28.0798 5232 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:53:28.0798 5232 Compbatt - ok
18:53:28.0829 5232 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:53:28.0829 5232 CompositeBus - ok
18:53:28.0845 5232 COMSysApp - ok
18:53:28.0861 5232 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:53:28.0861 5232 crcdisk - ok
18:53:28.0892 5232 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:53:28.0892 5232 CryptSvc - ok
18:53:28.0907 5232 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:53:28.0923 5232 CSC - ok
18:53:28.0954 5232 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:53:28.0954 5232 CscService - ok
18:53:28.0985 5232 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
18:53:28.0985 5232 CVirtA - ok
18:53:29.0079 5232 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
18:53:29.0126 5232 CVPND - ok
18:53:29.0157 5232 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
18:53:29.0157 5232 CVPNDRVA - ok
18:53:29.0188 5232 [ A4E503CE89CD1287892CB6AB58BBE75C ] CxAudMsg C:\Windows\system32\CxAudMsg32.exe
18:53:29.0188 5232 CxAudMsg - ok
18:53:29.0235 5232 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:53:29.0266 5232 DcomLaunch - ok
18:53:29.0297 5232 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:53:29.0297 5232 defragsvc - ok
18:53:29.0329 5232 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:53:29.0344 5232 DfsC - ok
18:53:29.0375 5232 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:53:29.0391 5232 Dhcp - ok
18:53:29.0407 5232 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:53:29.0407 5232 discache - ok
18:53:29.0422 5232 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:53:29.0438 5232 Disk - ok
18:53:29.0469 5232 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
18:53:29.0469 5232 DNE - ok
18:53:29.0500 5232 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:53:29.0500 5232 Dnscache - ok
18:53:29.0547 5232 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:53:29.0547 5232 dot3svc - ok
18:53:29.0625 5232 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
18:53:29.0625 5232 DozeHDD - ok
18:53:29.0750 5232 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
18:53:29.0781 5232 DozeSvc - ok
18:53:29.0828 5232 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:53:29.0828 5232 DPS - ok
18:53:29.0859 5232 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:53:29.0875 5232 drmkaud - ok
18:53:29.0906 5232 dtpd - ok
18:53:29.0968 5232 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:53:29.0984 5232 DXGKrnl - ok
18:53:30.0031 5232 [ 1BD726A72DF3EAB9CB0FD396304EC1FB ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
18:53:30.0046 5232 e1cexpress - ok
18:53:30.0077 5232 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:53:30.0077 5232 EapHost - ok
18:53:30.0187 5232 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:53:30.0249 5232 ebdrv - ok
18:53:30.0280 5232 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:53:30.0280 5232 EFS - ok
18:53:30.0327 5232 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:53:30.0343 5232 ehRecvr - ok
18:53:30.0374 5232 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:53:30.0374 5232 ehSched - ok
18:53:30.0405 5232 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:53:30.0421 5232 elxstor - ok
18:53:30.0436 5232 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:53:30.0436 5232 ErrDev - ok
18:53:30.0483 5232 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:53:30.0483 5232 EventSystem - ok
18:53:30.0592 5232 [ AD9B189D46215CF5321846356440218C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:53:30.0608 5232 EvtEng - ok
18:53:30.0655 5232 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:53:30.0670 5232 exfat - ok
18:53:30.0686 5232 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:53:30.0686 5232 fastfat - ok
18:53:30.0733 5232 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:53:30.0733 5232 Fax - ok
18:53:30.0748 5232 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:53:30.0748 5232 fdc - ok
18:53:30.0779 5232 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:53:30.0779 5232 fdPHost - ok
18:53:30.0795 5232 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:53:30.0795 5232 FDResPub - ok
18:53:30.0811 5232 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:53:30.0811 5232 FileInfo - ok
18:53:30.0811 5232 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:53:30.0826 5232 Filetrace - ok
18:53:30.0842 5232 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:30.0842 5232 flpydisk - ok
18:53:30.0857 5232 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:53:30.0857 5232 FltMgr - ok
18:53:30.0904 5232 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
18:53:30.0935 5232 FontCache - ok
18:53:30.0982 5232 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:53:30.0998 5232 FontCache3.0.0.0 - ok
18:53:31.0013 5232 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:53:31.0013 5232 FsDepends - ok
18:53:31.0045 5232 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:53:31.0045 5232 Fs_Rec - ok
18:53:31.0091 5232 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:53:31.0091 5232 fvevol - ok
18:53:31.0123 5232 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:53:31.0123 5232 gagp30kx - ok
18:53:31.0154 5232 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:53:31.0169 5232 gpsvc - ok
18:53:31.0185 5232 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:53:31.0185 5232 hcw85cir - ok
18:53:31.0216 5232 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:31.0216 5232 HdAudAddService - ok
18:53:31.0247 5232 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:53:31.0247 5232 HDAudBus - ok
18:53:31.0263 5232 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:53:31.0263 5232 HidBatt - ok
18:53:31.0279 5232 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:53:31.0279 5232 HidBth - ok
18:53:31.0310 5232 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:53:31.0310 5232 HidIr - ok
18:53:31.0341 5232 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:53:31.0341 5232 hidserv - ok
18:53:31.0357 5232 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:53:31.0357 5232 HidUsb - ok
18:53:31.0388 5232 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:53:31.0388 5232 hkmsvc - ok
18:53:31.0403 5232 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:53:31.0419 5232 HomeGroupListener - ok
18:53:31.0466 5232 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:53:31.0466 5232 HomeGroupProvider - ok
18:53:31.0481 5232 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:53:31.0481 5232 HpSAMD - ok
18:53:31.0528 5232 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:53:31.0544 5232 HTTP - ok
18:53:31.0559 5232 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:53:31.0559 5232 hwpolicy - ok
18:53:31.0637 5232 [ AC6664CFC1E1433ACC5D17477F9A71C5 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
18:53:31.0669 5232 HyperW7Svc - ok
18:53:31.0684 5232 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:31.0684 5232 i8042prt - ok
18:53:31.0731 5232 [ 287FD6BE9A9938F103789CE0267B7980 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:53:31.0747 5232 iaStor - ok
18:53:31.0778 5232 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:53:31.0778 5232 iaStorV - ok
18:53:31.0809 5232 [ C693794F0EA5834870376C102EB1553D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:53:31.0809 5232 IBMPMDRV - ok
18:53:31.0840 5232 [ 2895C7C082446BA833CAD0ADDE06EAED ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
18:53:31.0840 5232 IBMPMSVC - ok
18:53:31.0887 5232 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:53:31.0965 5232 idsvc - ok
18:53:32.0230 5232 [ 7FE349CB01FCC68193DFC305A6772F77 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:53:32.0449 5232 igfx - ok
18:53:32.0480 5232 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:53:32.0480 5232 iirsp - ok
18:53:32.0495 5232 iked - ok
18:53:32.0542 5232 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:53:32.0542 5232 IKEEXT - ok
18:53:32.0589 5232 [ FD41DAA6063DD7F292A943AA92ACFEA6 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:53:32.0589 5232 intaud_WaveExtensible - ok
18:53:32.0651 5232 [ C4FA261B9B5C9822D26020949605AC43 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:53:32.0651 5232 IntcDAud - ok
18:53:32.0683 5232 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:53:32.0683 5232 intelide - ok
18:53:32.0698 5232 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:53:32.0714 5232 intelppm - ok
18:53:32.0729 5232 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:53:32.0729 5232 IPBusEnum - ok
18:53:32.0745 5232 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:32.0745 5232 IpFilterDriver - ok
18:53:32.0807 5232 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:53:32.0823 5232 iphlpsvc - ok
18:53:32.0870 5232 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:53:32.0870 5232 IPMIDRV - ok
18:53:32.0901 5232 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:53:32.0901 5232 IPNAT - ok
18:53:32.0917 5232 ipsecd - ok
18:53:32.0948 5232 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:53:32.0948 5232 IRENUM - ok
18:53:32.0963 5232 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:53:32.0963 5232 isapnp - ok
18:53:32.0979 5232 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:53:32.0995 5232 iScsiPrt - ok
18:53:33.0026 5232 [ 7BBEEE55C44955616EB6AFB398F39DAA ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
18:53:33.0041 5232 iwdbus - ok
18:53:33.0088 5232 [ 6FAF199FDFFDD2376973143C3E012765 ] jhi_service C:\Program Files\Intel\Services\IPT\jhi_service.exe
18:53:33.0088 5232 jhi_service - ok
18:53:33.0119 5232 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:33.0119 5232 kbdclass - ok
18:53:33.0151 5232 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:33.0151 5232 kbdhid - ok
18:53:33.0166 5232 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:53:33.0182 5232 KeyIso - ok
18:53:33.0213 5232 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:53:33.0213 5232 KSecDD - ok
18:53:33.0260 5232 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:53:33.0260 5232 KSecPkg - ok
18:53:33.0291 5232 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:53:33.0307 5232 KtmRm - ok
18:53:33.0322 5232 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:53:33.0322 5232 LanmanServer - ok
18:53:33.0369 5232 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:33.0369 5232 LanmanWorkstation - ok
18:53:33.0431 5232 [ A4973DF3264791952D6D7AB56565DD55 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
18:53:33.0431 5232 LENOVO.CAMMUTE - ok
18:53:33.0494 5232 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
18:53:33.0494 5232 LENOVO.MICMUTE - ok
18:53:33.0509 5232 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
18:53:33.0509 5232 lenovo.smi - ok
18:53:33.0556 5232 [ 05D72DE005BE625CE60CE3BE4FAB9714 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
18:53:33.0572 5232 LENOVO.TPKNRSVC - ok
18:53:33.0603 5232 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
18:53:33.0603 5232 Lenovo.VIRTSCRLSVC - ok
18:53:33.0650 5232 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:53:33.0650 5232 lltdio - ok
18:53:33.0665 5232 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:53:33.0681 5232 lltdsvc - ok
18:53:33.0697 5232 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:53:33.0697 5232 lmhosts - ok
18:53:33.0759 5232 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:53:33.0759 5232 LMS - ok
18:53:33.0775 5232 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:53:33.0775 5232 LSI_FC - ok
18:53:33.0806 5232 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:53:33.0806 5232 LSI_SAS - ok
18:53:33.0806 5232 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:53:33.0806 5232 LSI_SAS2 - ok
18:53:33.0821 5232 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:53:33.0821 5232 LSI_SCSI - ok
18:53:33.0853 5232 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:53:33.0853 5232 luafv - ok
18:53:33.0884 5232 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:53:33.0884 5232 MBAMProtector - ok
18:53:33.0946 5232 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:53:33.0946 5232 MBAMScheduler - ok
18:53:33.0993 5232 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:53:34.0009 5232 MBAMService - ok
18:53:34.0024 5232 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:53:34.0040 5232 Mcx2Svc - ok
18:53:34.0071 5232 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:53:34.0071 5232 megasas - ok
18:53:34.0087 5232 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:53:34.0087 5232 MegaSR - ok
18:53:34.0118 5232 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
18:53:34.0118 5232 MEI - ok
18:53:34.0149 5232 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:53:34.0149 5232 MMCSS - ok
18:53:34.0149 5232 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:53:34.0149 5232 Modem - ok
18:53:34.0180 5232 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:53:34.0180 5232 monitor - ok
18:53:34.0196 5232 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:53:34.0196 5232 mouclass - ok
18:53:34.0211 5232 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:53:34.0211 5232 mouhid - ok
18:53:34.0243 5232 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:53:34.0243 5232 mountmgr - ok
18:53:34.0321 5232 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:53:34.0352 5232 MozillaMaintenance - ok
18:53:34.0367 5232 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:53:34.0367 5232 mpio - ok
18:53:34.0399 5232 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:53:34.0399 5232 mpsdrv - ok
18:53:34.0445 5232 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:53:34.0445 5232 MpsSvc - ok
18:53:34.0461 5232 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:53:34.0461 5232 MRxDAV - ok
18:53:34.0492 5232 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:34.0492 5232 mrxsmb - ok
18:53:34.0508 5232 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:34.0508 5232 mrxsmb10 - ok
18:53:34.0523 5232 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:34.0523 5232 mrxsmb20 - ok
18:53:34.0555 5232 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:53:34.0555 5232 msahci - ok
18:53:34.0617 5232 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:53:34.0617 5232 msdsm - ok
18:53:34.0648 5232 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:53:34.0664 5232 MSDTC - ok
18:53:34.0695 5232 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:53:34.0695 5232 Msfs - ok
18:53:34.0711 5232 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:53:34.0711 5232 mshidkmdf - ok
18:53:34.0742 5232 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:53:34.0742 5232 msisadrv - ok
18:53:34.0773 5232 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:53:34.0789 5232 MSiSCSI - ok
18:53:34.0789 5232 msiserver - ok
18:53:34.0804 5232 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:53:34.0804 5232 MSKSSRV - ok
18:53:34.0835 5232 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:34.0835 5232 MSPCLOCK - ok
18:53:34.0851 5232 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:53:34.0851 5232 MSPQM - ok
18:53:34.0867 5232 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:53:34.0867 5232 MsRPC - ok
18:53:34.0898 5232 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:53:34.0898 5232 mssmbios - ok
18:53:34.0991 5232 MSSQL$SQLEXPRESS - ok
18:53:35.0116 5232 [ CC609B669A9FA7176A3CB7222A4047F3 ] MSSQLSERVER c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
18:53:35.0132 5232 MSSQLSERVER - ok
18:53:35.0225 5232 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:53:35.0241 5232 MSSQLServerADHelper100 - ok
18:53:35.0319 5232 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:53:35.0319 5232 MSTEE - ok
18:53:35.0319 5232 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:53:35.0319 5232 MTConfig - ok
18:53:35.0350 5232 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:53:35.0350 5232 Mup - ok
18:53:35.0413 5232 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:53:35.0413 5232 napagent - ok
18:53:35.0459 5232 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:53:35.0459 5232 NativeWifiP - ok
18:53:35.0522 5232 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:53:35.0553 5232 NDIS - ok
18:53:35.0569 5232 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:53:35.0569 5232 NdisCap - ok
18:53:35.0584 5232 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:35.0600 5232 NdisTapi - ok
18:53:35.0631 5232 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:35.0631 5232 Ndisuio - ok
18:53:35.0662 5232 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:35.0678 5232 NdisWan - ok
18:53:35.0709 5232 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:53:35.0709 5232 NDProxy - ok
18:53:35.0725 5232 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:53:35.0725 5232 NetBIOS - ok
18:53:35.0740 5232 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:53:35.0740 5232 NetBT - ok
18:53:35.0740 5232 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:53:35.0756 5232 Netlogon - ok
18:53:35.0787 5232 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:53:35.0787 5232 Netman - ok
18:53:35.0834 5232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:35.0834 5232 NetMsmqActivator - ok
18:53:35.0849 5232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:35.0849 5232 NetPipeActivator - ok
18:53:35.0849 5232 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:53:35.0865 5232 netprofm - ok
18:53:35.0865 5232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:35.0865 5232 NetTcpActivator - ok
18:53:35.0865 5232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:35.0865 5232 NetTcpPortSharing - ok
18:53:36.0083 5232 [ EC869943D3CC4DD0C2A18FE46E369C06 ] NETwNs32 C:\Windows\system32\DRIVERS\Netwsn00.sys
18:53:36.0317 5232 NETwNs32 - ok
18:53:36.0349 5232 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:53:36.0364 5232 nfrd960 - ok
18:53:36.0395 5232 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:53:36.0411 5232 NlaSvc - ok
18:53:36.0427 5232 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:53:36.0427 5232 Npfs - ok
18:53:36.0442 5232 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:53:36.0442 5232 nsi - ok
18:53:36.0442 5232 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:53:36.0442 5232 nsiproxy - ok
18:53:36.0505 5232 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:53:36.0520 5232 Ntfs - ok
18:53:36.0536 5232 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:53:36.0536 5232 Null - ok
18:53:36.0567 5232 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:53:36.0583 5232 nvraid - ok
18:53:36.0598 5232 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:53:36.0598 5232 nvstor - ok
18:53:36.0614 5232 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:53:36.0614 5232 nv_agp - ok
18:53:36.0645 5232 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:53:36.0645 5232 ohci1394 - ok
18:53:36.0676 5232 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:53:36.0676 5232 p2pimsvc - ok
18:53:36.0707 5232 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:53:36.0707 5232 p2psvc - ok
18:53:36.0723 5232 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:53:36.0723 5232 Parport - ok
18:53:36.0754 5232 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:53:36.0754 5232 partmgr - ok
18:53:36.0785 5232 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:53:36.0785 5232 Parvdm - ok
18:53:36.0785 5232 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:53:36.0801 5232 PcaSvc - ok
18:53:36.0832 5232 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:53:36.0832 5232 pci - ok
18:53:36.0848 5232 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:53:36.0863 5232 pciide - ok
18:53:36.0879 5232 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:53:36.0879 5232 pcmcia - ok
18:53:36.0895 5232 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:53:36.0895 5232 pcw - ok
18:53:36.0926 5232 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:53:36.0941 5232 PEAUTH - ok
18:53:36.0988 5232 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:53:36.0988 5232 PeerDistSvc - ok
18:53:37.0019 5232 [ D9689E676B1FC3DBB47B04958A66B7BC ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE.SYS
18:53:37.0019 5232 PHCORE - ok
18:53:37.0051 5232 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:53:37.0066 5232 pla - ok
18:53:37.0113 5232 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:53:37.0113 5232 PlugPlay - ok
18:53:37.0129 5232 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:53:37.0129 5232 PNRPAutoReg - ok
18:53:37.0144 5232 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:53:37.0144 5232 PNRPsvc - ok
18:53:37.0175 5232 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:53:37.0191 5232 PolicyAgent - ok
18:53:37.0207 5232 [ AC42F771CC29727BD1663F211E9AC507 ] Power C:\Windows\system32\umpo.dll
18:53:37.0207 5232 Power - ok
18:53:37.0331 5232 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
18:53:37.0394 5232 Power Manager DBC Service - ok
18:53:37.0441 5232 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:53:37.0441 5232 PptpMiniport - ok
18:53:37.0441 5232 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:53:37.0441 5232 Processor - ok
18:53:37.0487 5232 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:53:37.0487 5232 ProfSvc - ok
18:53:37.0519 5232 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:53:37.0519 5232 ProtectedStorage - ok
18:53:37.0550 5232 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
18:53:37.0550 5232 psadd - ok
18:53:37.0581 5232 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:53:37.0581 5232 Psched - ok
18:53:37.0690 5232 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
18:53:37.0815 5232 PwmEWSvc - ok
18:53:37.0877 5232 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:53:37.0909 5232 ql2300 - ok
18:53:37.0924 5232 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:53:37.0924 5232 ql40xx - ok
18:53:37.0955 5232 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:53:37.0971 5232 QWAVE - ok
18:53:37.0987 5232 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:53:37.0987 5232 QWAVEdrv - ok
18:53:38.0002 5232 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:53:38.0002 5232 RasAcd - ok
18:53:38.0018 5232 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:53:38.0018 5232 RasAgileVpn - ok
18:53:38.0049 5232 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:53:38.0049 5232 RasAuto - ok
18:53:38.0065 5232 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:38.0065 5232 Rasl2tp - ok
18:53:38.0111 5232 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:53:38.0127 5232 RasMan - ok
18:53:38.0143 5232 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:38.0143 5232 RasPppoe - ok
18:53:38.0158 5232 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:53:38.0158 5232 RasSstp - ok
18:53:38.0189 5232 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:53:38.0189 5232 rdbss - ok
18:53:38.0205 5232 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:53:38.0205 5232 rdpbus - ok
18:53:38.0236 5232 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:38.0236 5232 RDPCDD - ok
18:53:38.0252 5232 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:53:38.0252 5232 RDPDR - ok
18:53:38.0283 5232 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:53:38.0283 5232 RDPENCDD - ok
18:53:38.0299 5232 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:53:38.0299 5232 RDPREFMP - ok
18:53:38.0361 5232 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:53:38.0361 5232 RdpVideoMiniport - ok
18:53:38.0392 5232 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:53:38.0392 5232 RDPWD - ok
18:53:38.0439 5232 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:53:38.0439 5232 rdyboost - ok
18:53:38.0501 5232 [ DC962F9A8AB4F36086A18FE2CDA4AC1C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:53:38.0501 5232 RegSrvc - ok
18:53:38.0533 5232 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:53:38.0533 5232 RemoteAccess - ok
18:53:38.0564 5232 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:53:38.0564 5232 RemoteRegistry - ok
18:53:38.0626 5232 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:53:38.0626 5232 RFCOMM - ok
18:53:38.0657 5232 [ D6481828C5E6296942C6B441C481D60E ] risdxc C:\Windows\system32\DRIVERS\risdxc86.sys
18:53:38.0657 5232 risdxc - ok
18:53:38.0673 5232 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:53:38.0673 5232 RpcEptMapper - ok
18:53:38.0673 5232 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:53:38.0673 5232 RpcLocator - ok
18:53:38.0704 5232 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:53:38.0720 5232 RpcSs - ok
18:53:38.0767 5232 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
18:53:38.0767 5232 RsFx0103 - ok
18:53:38.0845 5232 [ AEB55A35DF1ACBE5634F1BA592BF7CF4 ] RsFx0200 C:\Windows\system32\DRIVERS\RsFx0200.sys
18:53:38.0845 5232 RsFx0200 - ok
18:53:38.0891 5232 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:53:38.0891 5232 rspndr - ok
18:53:38.0907 5232 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:53:38.0907 5232 s3cap - ok
18:53:38.0923 5232 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:53:38.0923 5232 SamSs - ok
18:53:38.0954 5232 [ 1E5D06F915260E9270287A1839A98671 ] SAService C:\Windows\system32\SAsrv.exe
18:53:38.0954 5232 SAService - ok
18:53:38.0985 5232 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:53:38.0985 5232 sbp2port - ok
18:53:39.0016 5232 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:53:39.0032 5232 SCardSvr - ok
18:53:39.0047 5232 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:53:39.0047 5232 scfilter - ok
18:53:39.0079 5232 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:53:39.0110 5232 Schedule - ok
18:53:39.0141 5232 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:53:39.0141 5232 SCPolicySvc - ok
18:53:39.0172 5232 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:53:39.0172 5232 SDRSVC - ok
18:53:39.0203 5232 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:53:39.0203 5232 secdrv - ok
18:53:39.0219 5232 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:53:39.0219 5232 seclogon - ok
18:53:39.0235 5232 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:53:39.0235 5232 SENS - ok
18:53:39.0250 5232 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:53:39.0250 5232 SensrSvc - ok
18:53:39.0266 5232 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:53:39.0266 5232 Serenum - ok
18:53:39.0281 5232 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:53:39.0281 5232 Serial - ok
18:53:39.0297 5232 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:53:39.0297 5232 sermouse - ok
18:53:39.0344 5232 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:53:39.0344 5232 SessionEnv - ok
18:53:39.0375 5232 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:53:39.0375 5232 sffdisk - ok
18:53:39.0391 5232 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:53:39.0391 5232 sffp_mmc - ok
18:53:39.0391 5232 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:53:39.0406 5232 sffp_sd - ok
18:53:39.0422 5232 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:53:39.0422 5232 sfloppy - ok
18:53:39.0437 5232 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:53:39.0453 5232 SharedAccess - ok
18:53:39.0484 5232 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:53:39.0484 5232 ShellHWDetection - ok
18:53:39.0547 5232 [ E91FA3B0F15FADB90B1346A0FAABFFFB ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
18:53:39.0547 5232 Shockprf - ok
18:53:39.0593 5232 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:53:39.0593 5232 sisagp - ok
18:53:39.0640 5232 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:53:39.0640 5232 SiSRaid2 - ok
18:53:39.0656 5232 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:53:39.0656 5232 SiSRaid4 - ok
18:53:39.0718 5232 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:53:39.0718 5232 SkypeUpdate - ok
18:53:39.0749 5232 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:53:39.0749 5232 Smb - ok
18:53:39.0796 5232 [ 944AB0BE19EAB08A9FCDA6F5BD99F62E ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
18:53:39.0796 5232 SmbDrvI - ok
18:53:39.0827 5232 smihlp2 - ok
18:53:39.0874 5232 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:53:39.0890 5232 SNMPTRAP - ok
18:53:39.0905 5232 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:53:39.0905 5232 spldr - ok
18:53:39.0968 5232 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:53:39.0968 5232 Spooler - ok
18:53:40.0061 5232 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:53:40.0124 5232 sppsvc - ok
18:53:40.0139 5232 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:53:40.0155 5232 sppuinotify - ok
18:53:40.0217 5232 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\System32\Drivers\sptd.sys
18:53:40.0233 5232 sptd - ok
18:53:40.0311 5232 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:53:40.0342 5232 SQLAgent$SQLEXPRESS - ok
18:53:40.0451 5232 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:53:40.0514 5232 SQLBrowser - ok
18:53:40.0592 5232 [ EAE151AFDB0B58736C01DAD5AD4A18DF ] SQLSERVERAGENT c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
18:53:40.0654 5232 SQLSERVERAGENT - ok
18:53:40.0717 5232 [ 90A07229992B24FC4C419D56E58CF075 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:53:40.0717 5232 SQLWriter - ok
18:53:40.0841 5232 [ C8832DEA7AF7AD005548F1F5C7C086EB ] SROSVC C:\Program Files\Lenovo\Screen Reading Optimizer\SROSVC.exe
18:53:40.0841 5232 SROSVC - ok
18:53:40.0904 5232 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:53:40.0919 5232 srv - ok
18:53:40.0951 5232 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:53:40.0951 5232 srv2 - ok
18:53:40.0966 5232 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:53:40.0966 5232 srvnet - ok
18:53:40.0997 5232 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:53:40.0997 5232 ssadbus - ok
18:53:41.0029 5232 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:53:41.0029 5232 ssadmdfl - ok
18:53:41.0044 5232 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:53:41.0044 5232 ssadmdm - ok
18:53:41.0075 5232 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
18:53:41.0075 5232 ssadserd - ok
18:53:41.0122 5232 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:53:41.0138 5232 SSDPSRV - ok
18:53:41.0169 5232 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:53:41.0169 5232 ssmdrv - ok
18:53:41.0247 5232 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:53:41.0247 5232 SstpSvc - ok
18:53:41.0419 5232 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
18:53:41.0419 5232 StarWindServiceAE - ok
18:53:41.0465 5232 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:53:41.0465 5232 stexstor - ok
18:53:41.0528 5232 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:53:41.0559 5232 StiSvc - ok
18:53:41.0575 5232 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:53:41.0575 5232 storflt - ok
18:53:41.0606 5232 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:53:41.0606 5232 storvsc - ok
18:53:41.0699 5232 [ 3FB1D84D673B4A9AF3856C8843C7A464 ] StumbleUponUpdater C:\Users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
18:53:41.0699 5232 StumbleUponUpdater - ok
18:53:41.0809 5232 [ 787D181332401B04DA4EDC422193C47B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
18:53:41.0824 5232 SUService - ok
18:53:41.0855 5232 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:53:41.0855 5232 swenum - ok
18:53:41.0887 5232 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:53:41.0902 5232 swprv - ok
18:53:41.0918 5232 Synth3dVsc - ok
18:53:41.0965 5232 [ 6C28E9ECEC1081FA056E62F27678A0C5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:53:41.0980 5232 SynTP - ok
18:53:42.0043 5232 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:53:42.0074 5232 SysMain - ok
18:53:42.0105 5232 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:53:42.0105 5232 TabletInputService - ok
18:53:42.0136 5232 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:53:42.0152 5232 TapiSrv - ok
18:53:42.0183 5232 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:53:42.0183 5232 TBS - ok
18:53:42.0245 5232 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:53:42.0277 5232 Tcpip - ok
18:53:42.0355 5232 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:53:42.0370 5232 TCPIP6 - ok
18:53:42.0417 5232 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:53:42.0417 5232 tcpipreg - ok
18:53:42.0448 5232 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:53:42.0448 5232 TDPIPE - ok
18:53:42.0479 5232 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:53:42.0479 5232 TDTCP - ok
18:53:42.0511 5232 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:53:42.0511 5232 tdx - ok
18:53:42.0526 5232 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:53:42.0526 5232 TermDD - ok
18:53:42.0557 5232 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:53:42.0573 5232 TermService - ok
18:53:42.0589 5232 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:53:42.0589 5232 Themes - ok
18:53:42.0589 5232 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:53:42.0604 5232 THREADORDER - ok
18:53:42.0667 5232 [ 8F58C4FBF3F6E5B816C47201EDE90DCE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
18:53:42.0667 5232 TPDIGIMN - ok
18:53:42.0729 5232 [ 116156A5835224407A6DC8C44B6EF4EE ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
18:53:42.0745 5232 TPHDEXLGSVC - ok
18:53:42.0807 5232 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
18:53:42.0807 5232 TPHKLOAD - ok
18:53:42.0823 5232 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
18:53:42.0838 5232 TPHKSVC - ok
18:53:42.0854 5232 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
18:53:42.0854 5232 TPM - ok
18:53:42.0901 5232 [ C9DA1FEF94EF44D7BD0CA0CBDAD5C44C ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
18:53:42.0901 5232 TPPWRIF - ok
18:53:42.0932 5232 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:53:42.0932 5232 TrkWks - ok
18:53:42.0979 5232 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:53:42.0979 5232 TrustedInstaller - ok
18:53:42.0994 5232 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:42.0994 5232 tssecsrv - ok
18:53:43.0041 5232 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:53:43.0041 5232 TsUsbFlt - ok
18:53:43.0041 5232 tsusbhub - ok
18:53:43.0072 5232 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:53:43.0072 5232 tunnel - ok
18:53:43.0103 5232 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:53:43.0103 5232 uagp35 - ok
18:53:43.0135 5232 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:53:43.0135 5232 udfs - ok
18:53:43.0166 5232 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:53:43.0166 5232 UI0Detect - ok
18:53:43.0181 5232 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:53:43.0181 5232 uliagpkx - ok
18:53:43.0228 5232 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:53:43.0228 5232 umbus - ok
18:53:43.0244 5232 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:53:43.0244 5232 UmPass - ok
18:53:43.0275 5232 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:53:43.0275 5232 UmRdpService - ok
18:53:43.0415 5232 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:53:43.0431 5232 UNS - ok
18:53:43.0447 5232 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:53:43.0462 5232 upnphost - ok
18:53:43.0493 5232 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:53:43.0493 5232 usbaudio - ok
18:53:43.0540 5232 [ E0BA64075CD896EEDF7700A0ED8A51FF ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:43.0540 5232 usbccgp - ok
18:53:43.0571 5232 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:53:43.0571 5232 usbcir - ok
18:53:43.0587 5232 [ 600B15106C0AE72D8583C5B710315AC6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:53:43.0587 5232 usbehci - ok
18:53:43.0618 5232 [ 7225956FD6F139B0FB0381127A8B1CBD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:53:43.0634 5232 usbhub - ok
18:53:43.0649 5232 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:53:43.0665 5232 usbohci - ok
18:53:43.0696 5232 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:53:43.0696 5232 usbprint - ok
18:53:43.0727 5232 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:53:43.0727 5232 usbscan - ok
18:53:43.0759 5232 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:43.0759 5232 USBSTOR - ok
18:53:43.0774 5232 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:53:43.0774 5232 usbuhci - ok
18:53:43.0790 5232 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:53:43.0790 5232 usbvideo - ok
18:53:43.0821 5232 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:53:43.0821 5232 UxSms - ok
18:53:43.0821 5232 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:53:43.0837 5232 VaultSvc - ok
18:53:43.0852 5232 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:53:43.0852 5232 vdrvroot - ok
18:53:43.0883 5232 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:53:43.0899 5232 vds - ok
18:53:43.0930 5232 [ B149FC750A51D272A25E0ADC7F52DBFD ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
18:53:43.0930 5232 vflt - ok
18:53:43.0961 5232 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:43.0961 5232 vga - ok
18:53:43.0977 5232 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:53:43.0977 5232 VgaSave - ok
18:53:44.0008 5232 VGPU - ok
18:53:44.0024 5232 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:53:44.0024 5232 vhdmp - ok
18:53:44.0039 5232 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:53:44.0055 5232 viaagp - ok
18:53:44.0055 5232 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:53:44.0055 5232 ViaC7 - ok
18:53:44.0071 5232 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:53:44.0086 5232 viaide - ok
18:53:44.0102 5232 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:53:44.0102 5232 vmbus - ok
18:53:44.0117 5232 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:53:44.0117 5232 VMBusHID - ok
18:53:44.0149 5232 [ 1B13A6A5253E7F046728980CCB59C0B7 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
18:53:44.0149 5232 vnet - ok
18:53:44.0164 5232 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:53:44.0164 5232 volmgr - ok
18:53:44.0180 5232 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:53:44.0195 5232 volmgrx - ok
18:53:44.0211 5232 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:53:44.0211 5232 volsnap - ok
18:53:44.0227 5232 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:53:44.0227 5232 vsmraid - ok
18:53:44.0258 5232 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:53:44.0273 5232 VSS - ok
18:53:44.0273 5232 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:53:44.0289 5232 vwifibus - ok
18:53:44.0289 5232 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:53:44.0289 5232 vwififlt - ok
18:53:44.0336 5232 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:53:44.0336 5232 W32Time - ok
18:53:44.0351 5232 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:53:44.0351 5232 WacomPen - ok
18:53:44.0383 5232 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:53:44.0383 5232 WANARP - ok
18:53:44.0398 5232 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:53:44.0414 5232 Wanarpv6 - ok
18:53:44.0492 5232 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:53:44.0679 5232 WatAdminSvc - ok
18:53:44.0741 5232 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:53:44.0788 5232 wbengine - ok
18:53:44.0804 5232 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:53:44.0819 5232 WbioSrvc - ok
18:53:44.0851 5232 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:53:44.0851 5232 wcncsvc - ok
18:53:44.0866 5232 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:53:44.0866 5232 WcsPlugInService - ok
18:53:44.0882 5232 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:53:44.0882 5232 Wd - ok
18:53:44.0913 5232 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:53:44.0929 5232 Wdf01000 - ok
18:53:44.0960 5232 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:53:44.0960 5232 WdiServiceHost - ok
18:53:44.0960 5232 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:53:44.0975 5232 WdiSystemHost - ok
18:53:45.0007 5232 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:53:45.0022 5232 WebClient - ok
18:53:45.0022 5232 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:53:45.0022 5232 Wecsvc - ok
18:53:45.0038 5232 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:53:45.0053 5232 wercplsupport - ok
18:53:45.0069 5232 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:53:45.0085 5232 WerSvc - ok
18:53:45.0116 5232 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:53:45.0116 5232 WfpLwf - ok
18:53:45.0131 5232 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:53:45.0131 5232 WIMMount - ok
18:53:45.0163 5232 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:53:45.0163 5232 WinDefend - ok
18:53:45.0178 5232 WinHttpAutoProxySvc - ok
18:53:45.0209 5232 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:53:45.0209 5232 Winmgmt - ok
18:53:45.0256 5232 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:53:45.0272 5232 WinRM - ok
18:53:45.0319 5232 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:53:45.0319 5232 WinUsb - ok
18:53:45.0350 5232 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:53:45.0365 5232 Wlansvc - ok
18:53:45.0381 5232 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:53:45.0381 5232 WmiAcpi - ok
18:53:45.0397 5232 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:53:45.0397 5232 wmiApSrv - ok
18:53:45.0443 5232 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:53:45.0475 5232 WMPNetworkSvc - ok
18:53:45.0475 5232 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:53:45.0490 5232 WPCSvc - ok
18:53:45.0506 5232 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:53:45.0506 5232 WPDBusEnum - ok
18:53:45.0553 5232 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:53:45.0553 5232 ws2ifsl - ok
18:53:45.0568 5232 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:53:45.0568 5232 wscsvc - ok
18:53:45.0568 5232 WSearch - ok
18:53:45.0662 5232 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:53:45.0740 5232 wuauserv - ok
18:53:45.0771 5232 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:53:45.0771 5232 WudfPf - ok
18:53:45.0802 5232 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:45.0802 5232 WUDFRd - ok
18:53:45.0833 5232 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:53:45.0833 5232 wudfsvc - ok
18:53:45.0865 5232 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:53:45.0880 5232 WwanSvc - ok
18:53:46.0036 5232 [ BABDFC32B2E29718ECFA7BB756C536C8 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:53:46.0099 5232 ZeroConfigService - ok
18:53:46.0145 5232 ================ Scan global ===============================
18:53:46.0177 5232 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:53:46.0208 5232 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:53:46.0239 5232 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:53:46.0255 5232 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:53:46.0270 5232 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:53:46.0286 5232 [Global] - ok
18:53:46.0286 5232 ================ Scan MBR ==================================
18:53:46.0286 5232 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
18:53:46.0816 5232 \Device\Harddisk0\DR0 - ok
18:53:46.0816 5232 ================ Scan VBR ==================================
18:53:46.0816 5232 [ 0B5A1C264BB39E1735304047E28A2E2B ] \Device\Harddisk0\DR0\Partition1
18:53:46.0816 5232 \Device\Harddisk0\DR0\Partition1 - ok
18:53:46.0863 5232 [ 1E4E5B92274CF7075A9F68BC89764372 ] \Device\Harddisk0\DR0\Partition2
18:53:46.0863 5232 \Device\Harddisk0\DR0\Partition2 - ok
18:53:46.0910 5232 [ A7BD53AD6AF7553BBF5691305A007094 ] \Device\Harddisk0\DR0\Partition3
18:53:46.0910 5232 \Device\Harddisk0\DR0\Partition3 - ok
18:53:46.0910 5232 ============================================================
18:53:46.0910 5232 Scan finished
18:53:46.0910 5232 ============================================================
18:53:46.0925 2612 Detected object count: 0
18:53:46.0925 2612 Actual detected object count: 0
dds.txt DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Windows 7 User at 18:57:45 on 2013-03-28
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3493.1831 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\CxAudMsg32.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\SAsrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Windows\system32\igfxext.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\system32\rundll32.exe
C:\Users\Windows 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: StumbleUpon: {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - c:\users\Windows 7 User\appdata\locallow\stumbleupon\ie\StumbleUpon.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ForteConfig] c:\program files\conexant\forteconfig\fmapp.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ALCKRESI.EXE] c:\program files\lenovo\autolock\ALCKRESI.EXE
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [TpShocks] TpShocks.exe
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\tobias~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\Windows 7 User\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\tobias~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.37.17.56 85.38.28.98
TCP: Interfaces\{9B1AF4DB-CF9F-435B-8B4D-C0447DE8394E} : DHCPNameServer = 85.37.17.56 85.38.28.98
TCP: Interfaces\{9B1AF4DB-CF9F-435B-8B4D-C0447DE8394E}\550534031333134383 : DHCPNameServer = 212.186.211.21 195.34.133.21
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Windows 7 User\appdata\roaming\mozilla\firefox\profiles\qc31l01s.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\Windows 7 User\appdata\roaming\mozilla\firefox\profiles\qc31l01s.default\extensions\greenwebplayer@greentube.com\plugins\npgreenwebplayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-11-1 25416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-27 37352]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-11-14 13680]
R1 PHCORE;PHCORE;c:\program files\lenovo\rapidboot\PHCORE.sys [2011-7-8 35176]
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 17920]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-3-27 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-3-27 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-27 84744]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-11-1 190592]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\shrewsoft\vpn client\dtpd.exe -service --> c:\program files\shrewsoft\vpn client\dtpd.exe -service [?]
R2 iked;ShrewSoft IKE Daemon;c:\program files\shrewsoft\vpn client\iked.exe -service --> c:\program files\shrewsoft\vpn client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\shrewsoft\vpn client\ipsecd.exe -service --> c:\program files\shrewsoft\vpn client\ipsecd.exe -service [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-7-25 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-11-14 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-7-25 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-11-14 127336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-28 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-28 682344]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-11-1 76288]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2011-11-1 446592]
R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\lenovo\screen reading optimizer\SROSVC.exe [2012-2-8 446800]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Windows 7 User\appdata\locallow\stumbleupon\ie\StumbleUponUpdater.exe [2011-11-22 18432]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-11-14 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-11-14 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-11-14 2656280]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-6-25 2759984]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-11-14 132096]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-11-14 270336]
R3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2012-4-19 22456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-28 21104]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-11-14 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-6-3 10364416]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2012-10-14 23608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HyperW7Svc;HyperW7 Service;c:\program files\lenovo\rapidboot\HyperW7Svc.exe [2011-7-8 139112]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-4-2 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2011-11-16 68096]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-11-1 377896]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-11-1 33832]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-11-1 280640]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-4-19 30136]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-11-1 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-11-1 1665120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-7 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-2 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-2 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-2 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-4-2 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-7 52224]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-9-2 13824]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-5 1343400]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-21 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 RsFx0200;RsFx0200 Driver;c:\windows\system32\drivers\RsFx0200.sys [2012-2-11 268888]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2013-03-28 09:13:34 -------- d-----w- c:\users\Windows 7 User\appdata\roaming\Malwarebytes
2013-03-28 09:13:22 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 09:13:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 09:13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-28 09:12:42 -------- d-----w- c:\users\Windows 7 User\appdata\local\Programs
2013-03-28 09:05:22 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-28 09:05:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 19:05:17 -------- d-----w- c:\users\Windows 7 User\appdata\local\Opera
2013-03-27 18:47:16 -------- d-----w- c:\windows\system32\appmgmt
2013-03-27 17:59:49 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a43ea95c-c6d2-4b87-81ad-d911658f422f}\mpengine.dll
2013-03-27 17:13:35 -------- d-----w- c:\users\Windows 7 User\appdata\roaming\Avira
2013-03-27 16:58:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-27 16:58:40 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-27 16:58:40 -------- d-----w- c:\program files\Avira
2013-03-26 15:32:40 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 13:44:56 -------- d-----w- c:\programdata\BlueStacksSetup
2013-03-06 20:57:26 -------- d-----w- c:\users\Windows 7 User\appdata\roaming\0ad
2013-03-06 20:57:26 -------- d-----w- c:\users\Windows 7 User\appdata\local\0ad
2013-03-06 20:54:31 -------- d-----w- C:\0 A.D. alpha
2013-03-06 20:54:07 -------- d-----w- C:\0AD
.
==================== Find3M ====================
.
2013-03-28 09:05:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 20:42:51 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-05 20:42:51 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-10-31 22:28:10 84419032 ----a-w- c:\program files\avira_free_antivirus_de1200861.exe
.
============= FINISH: 18:58:48,97 ===============
attach.txt Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 31.10.2011 22:35:34
System Uptime: 28.03.2013 18:17:32 (0 hours ago)
.
Motherboard: LENOVO | | 4291QS0
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 246 GiB total, 164,237 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 14,748 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP174: 27.03.2013 16:15:20 - Windows Update
RP175: 27.03.2013 17:55:14 - Removed AVG 2013
RP176: 27.03.2013 17:57:00 - Removed AVG 2013
RP177: 27.03.2013 22:36:52 - Removed BlueStacks Notification Center
RP178: 28.03.2013 10:04:19 - Installed Java 7 Update 17
RP179: 28.03.2013 10:06:10 - Removed Java(TM) 6 Update 29
RP180: 28.03.2013 10:06:59 - Removed Java(TM) SE Development Kit 7 Update 1
RP181: 28.03.2013 10:07:13 - Removed Java(TM) SE Development Kit 7 Update 1
RP182: 28.03.2013 10:08:23 - Removed Java(TM) SE Development Kit 6 Update 20
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 hoffe es hilft weiter. |
|
28.03.2013, 21:49
| #5 |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Bei dem vielen Zeug das da bei dir läuft wundert mich, dass die Maschine überhaupt noch was macht. Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.03.2013, 23:07
| #6 |
| | explorer.exe frisst sich mehr und mehr Speicher an glaubst du es wär sinnvoller das ganze doch zu formatieren und alles neu aufzusetzen? Das Problem ist leider dass ich nur vom halben Notebook die Daten gesichert hab...und bei einem Virus die Daten wiederherzustellen ist halt doch nicht so einfach, da muss man gut aufpassen dass man sich den Virus nicht mitnimmt. Ich hab das jetzt ausgeführt was du gesagt hast: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-03-28.01 - Windows 7 User 28.03.2013 22:25:00.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3493.1955 [GMT 1:00]
ausgeführt von:: c:\users\Windows 7 User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\avira_free_antivirus_de1200861.exe
c:\programdata\Roaming
c:\users\Windows 7 User\AppData\Roaming\0ad
c:\users\Windows 7 User\AppData\Roaming\0ad\config\user.cfg
c:\users\Windows 7 User\AppData\Roaming\JomCap.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\muzapp.exe
c:\windows\system32\SET9BA5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-28 bis 2013-03-28 ))))))))))))))))))))))))))))))
.
.
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\users\Windows 7 User\AppData\Roaming\Malwarebytes
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 09:13 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 09:12 . 2013-03-28 09:12 -------- d-----w- c:\users\Windows 7 User\AppData\Local\Programs
2013-03-28 09:05 . 2013-03-28 09:05 -------- d-----w- c:\program files\Common Files\Java
2013-03-28 09:05 . 2013-03-28 09:05 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-28 09:05 . 2013-03-28 09:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 19:05 . 2013-03-27 19:19 -------- d-----w- c:\users\Windows 7 User\AppData\Local\Opera
2013-03-27 19:05 . 2013-03-27 19:19 -------- d-----w- c:\program files\Opera
2013-03-27 17:59 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A43EA95C-C6D2-4B87-81AD-D911658F422F}\mpengine.dll
2013-03-27 17:13 . 2013-03-27 17:13 -------- d-----w- c:\users\Windows 7 User\AppData\Roaming\Avira
2013-03-27 16:58 . 2013-03-27 17:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-27 16:58 . 2013-03-27 17:37 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-27 16:58 . 2013-03-27 17:37 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-27 16:58 . 2013-03-27 16:58 -------- d-----w- c:\program files\Avira
2013-03-26 15:32 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 13:44 . 2013-03-25 14:19 -------- d-----w- c:\programdata\BlueStacksSetup
2013-03-06 20:57 . 2013-03-06 20:57 -------- d-----w- c:\users\Windows 7 User\AppData\Local\0ad
2013-03-06 20:54 . 2013-03-06 20:56 -------- d-----w- C:\0 A.D. alpha
2013-03-06 20:54 . 2013-03-06 20:54 -------- d-----w- C:\0AD
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 09:05 . 2011-11-01 12:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 20:42 . 2012-04-03 13:18 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 20:42 . 2011-11-01 11:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-14 10:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 10:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-11-01 11:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 12:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 12:39 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 12:39 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 12:39 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 12:39 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 12:39 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-10 12:43 . 2013-02-06 11:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-03 21392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49568]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 55656]
"TpShocks"="TpShocks.exe" [2012-02-24 339008]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-13 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-13 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-13 177984]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-07-05 2342200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
.
c:\users\Windows 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 898336]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-11-2 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 11:48 100712 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE.SYS [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 85.37.17.56 85.38.28.98
FF - ProfilePath - c:\users\Windows 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\qc31l01s.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(11100)
c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\windows\system32\igfxexps.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\Screen Reading Optimizer\SRORest.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxext.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\TpShocks.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
c:\program files\ThinkPad\Bluetooth Software\BtStackServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-28 23:00:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-28 22:00
.
Vor Suchlauf: 21 Verzeichnis(se), 175.887.601.664 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 181.274.132.480 Bytes frei
.
- - End Of File - - 955242781FDF54C21816151BE9B7EFF5
|
|
29.03.2013, 11:11
| #7 |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Bei der Menge hätte man es sich fast überlegen können. Bleibt deine Entscheidung. Wir haben aber fast alles erwischt wie ich das sehe. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Brauchst du das Samsung Android Zeugs noch? Wenn nein jetzt deinstallieren. Schritt 2: Deinstallation von Programmen
Schritt 3: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.03.2013, 13:03
| #8 |
| | explorer.exe frisst sich mehr und mehr Speicher an ok hab jetzt alles durchgeführt. Leider wächst der explorer.exe immer noch an. Ich glaube es hilft wirklich nur mehr eine Neuinstallation. Aber ich würde gerne noch dein Urteil hören. Im Falle einer Datensicherung wäre es besser dies mit einer Live-CD zu machen oder kann ich dies ohne bedenken direkt vom Notebook aus sichern? Hier die Logfiles: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 29/03/2013 um 11:49:30 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Windows 7 User - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Windows 7 User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\qc31l01s.default\Smartbar
Ordner Gelöscht : C:\Users\Windows 7 User\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Windows 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\qc31l01s.default\prefs.js
Gelöscht : user_pref("CT2319825.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "VIENNA");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "AT");
Gelöscht : user_pref("CT2319825.1000234.TWC_locId", "USGA0594");
Gelöscht : user_pref("CT2319825.1000234.TWC_location", "Vienna, GA");
Gelöscht : user_pref("CT2319825.1000234.TWC_region", "OT");
Gelöscht : user_pref("CT2319825.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT2319825.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT2319825.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"11°C\",\"temperat[...]
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.LoginRevertSettingsEnabled", false);
Gelöscht : user_pref("CT2319825.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN47978199294550145");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "conduitnsisintegration");
Gelöscht : user_pref("CT2319825.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT2319825.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", false);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352814716037");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1352814715901");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352814716313");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.13.40.15_lastUpdate", "1352814716054");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352814716447");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1352814715315");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1352814714476");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352814716287");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1352814715155");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1352814715931");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.startPage", "userChanged");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "13-11-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "13-11-2012");
Gelöscht : user_pref("CT2319825.toolbarDisabled", "true");
Gelöscht : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("extensions.enabledAddons", "greenwebplayer%40greentube.com:1.0,%7B972ce4c6-7e08-4474-a285[...]
Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "");
Gelöscht : user_pref("smartbar.originalSearchEngine", false);
*************************
AdwCleaner[S1].txt - [13708 octets] - [29/03/2013 11:49:30]
########## EOF - C:\AdwCleaner[S1].txt - [13769 octets] ##########
[CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-03-28.01 - Windows 7 User 29.03.2013 12:02:45.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3493.2149 [GMT 1:00]
ausgeführt von:: c:\users\Windows 7 User\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Windows 7 User\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0 A.D. alpha
c:\0 a.d. alpha\OpenLogsFolder.vbs
C:\0AD
c:\users\Windows 7 User\AppData\Local\0ad
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-28 bis 2013-03-29 ))))))))))))))))))))))))))))))
.
.
2013-03-29 11:17 . 2013-03-29 11:17 -------- d-----w- c:\users\MSSQLSERVER\AppData\Local\temp
2013-03-29 11:17 . 2013-03-29 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-29 10:48 . 2013-03-19 04:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37B41DE7-27FE-451C-A03F-B8D60A862DBB}\mpengine.dll
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\users\Windows 7 User\AppData\Roaming\Malwarebytes
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-28 09:13 . 2013-03-28 09:13 -------- d-----w- c:\programdata\Malwarebytes
2013-03-28 09:13 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 09:12 . 2013-03-28 09:12 -------- d-----w- c:\users\Windows 7 User\AppData\Local\Programs
2013-03-28 09:05 . 2013-03-28 09:05 -------- d-----w- c:\program files\Common Files\Java
2013-03-28 09:05 . 2013-03-28 09:05 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-28 09:05 . 2013-03-28 09:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 19:05 . 2013-03-27 19:19 -------- d-----w- c:\users\Windows 7 User\AppData\Local\Opera
2013-03-27 19:05 . 2013-03-27 19:19 -------- d-----w- c:\program files\Opera
2013-03-27 17:13 . 2013-03-27 17:13 -------- d-----w- c:\users\Windows 7 User\AppData\Roaming\Avira
2013-03-27 16:58 . 2013-03-27 17:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-27 16:58 . 2013-03-27 17:37 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-27 16:58 . 2013-03-27 17:37 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-27 16:58 . 2013-03-27 16:58 -------- d-----w- c:\program files\Avira
2013-03-26 15:32 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 13:44 . 2013-03-25 14:19 -------- d-----w- c:\programdata\BlueStacksSetup
2013-02-28 12:59 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 09:05 . 2011-11-01 12:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-05 20:42 . 2012-04-03 13:18 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 20:42 . 2011-11-01 11:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-14 10:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 10:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-11-01 11:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 12:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 12:39 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 12:39 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 12:39 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 12:39 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 12:39 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-10 12:43 . 2013-02-06 11:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49568]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-05-16 4395104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 55656]
"TpShocks"="TpShocks.exe" [2012-02-24 339008]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-13 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-13 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-13 177984]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-07-05 2342200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
.
c:\users\Windows 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Windows 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 898336]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-11-2 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 11:48 100712 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Windows 7 User\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE.SYS [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 85.37.17.56 85.38.28.98
FF - ProfilePath - c:\users\Windows 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\qc31l01s.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Zeit der Fertigstellung: 2013-03-29 12:34:27
ComboFix-quarantined-files.txt 2013-03-29 11:34
ComboFix2.txt 2013-03-28 22:00
.
Vor Suchlauf: 25 Verzeichnis(se), 182.386.438.144 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 182.331.342.848 Bytes frei
.
- - End Of File - - E749CE14E23AF47F02FBD065EA4DA753
|
|
29.03.2013, 13:15
| #9 |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Immer mit der Ruhe. Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.03.2013, 14:02
| #10 |
| | explorer.exe frisst sich mehr und mehr Speicher an ok hab den Scan und den Restart ausgeführt, auch den erneuten scan. Beim zweiten Scan wurde nichts mehr gefunden. Hier das Logfile vom ersten Scan: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.29.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx xxx :: xxx-PC [administrator]
29.03.2013 13:35:10
mbar-log-2013-03-29 (13-35-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30199
Time elapsed: 12 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Windows 7 User\Downloads\SoftonicDownloader_fuer_java-se-development-kit-jdk.exe (PUP.OfferBundler.ST) -> Delete on reboot.
(end)
Der explorer.exe hält sich nun konstant, zwar generell hoch (32K) aber seit 30 min war nur ein Anstieg von 3K, ich glaub das sollte unter den Bereich "normal" fallen Vielen Vielen Dank!  |
|
29.03.2013, 14:14
| #11 | |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Wenn du noch nicht sicher bist, kannst du eine explorer.exe auch checken lassen: Dateien überprüfen lassen Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.03.2013, 16:03
| #12 |
| | explorer.exe frisst sich mehr und mehr Speicher an hmm anscheinend ist explorer.exe immer noch böse...hier der Link: https://www.virustotal.com/de/file/9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad/analysis/1364568977/ |
|
29.03.2013, 16:06
| #13 |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Nur ist diese Datei sauber. Schauen wir noch anders: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.03.2013, 16:41
| #14 |
| | explorer.exe frisst sich mehr und mehr Speicher an ok wurde ausgeführt. Hier das Logfile: GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-29 16:38:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST320LT0 rev.0004 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\xxx~1\AppData\Local\Temp\kxldipod.sys
---- System - GMER 2.1 ----
SSDT 91CA84DE ZwCreateSection
SSDT 91CA84E8 ZwRequestWaitReplyPort
SSDT 91CA84E3 ZwSetContextThread
SSDT 91CA84ED ZwSetSecurityObject
SSDT 91CA84F2 ZwSystemDebugControl
SSDT 91CA847F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4B9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E851C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8C30C 4 Bytes [DE, 84, CA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E8C668 4 Bytes [E8, 84, CA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E8C6AC 4 Bytes [E3, 84, CA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E8C728 4 Bytes [ED, 84, CA, 91] {IN EAX, DX; TEST DL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82E8C77C 4 Bytes [F2, 84, CA, 91] {TEST DL, CL; XCHG ECX, EAX}
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Tppwr32v.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Tppwr32v.sys
Device \Driver\SynTP \Device\00000081 Tppwr32v.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e591047d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e591047d@184617d87d24 0x2B 0x99 0x61 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x30 0x44 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x4F 0x2B 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDF 0x5C 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e591047d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e591047d@184617d87d24 0x2B 0x99 0x61 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x30 0x44 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x4F 0x2B 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xDF 0x5C 0x49 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{20039F6A-0407-11E1-95BC-806E6F6E6963} 2835455896
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
29.03.2013, 17:01
| #15 |
| /// TB-Ausbilder | explorer.exe frisst sich mehr und mehr Speicher an Also auch hier gibt es kein Anzeichen, dass die explorer.exe in irgendeiner weise etwas seltsam macht. Wir machen weiter. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 2: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu explorer.exe frisst sich mehr und mehr Speicher an |
| administrator, aktion, angemeldet, anti-malware, autostart, beenden, blockiert, code, datei, dateien, explorer.exe, funktioniert, gelöscht, infizierte, neu, nichts, problem, programm, prozess, service, speicher, starten, taskleiste, test, version |
Linear-Darstellung
