| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungs TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2012, 11:46
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows Verschlüsselungs TrojanerZitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten! Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2012, 19:40
| #17 |
 | Windows Verschlüsselungs Trojaner Hab mir mal vor längerem einen Film angeschaut. Bin aber allgemein nicht so der Filme-Gucker.
__________________ |
|
05.06.2012, 20:11
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ADD7D21-A972-496F-B301-2142697D8F22}
IE:64bit: - HKLM\..\SearchScopes\{9ADD7D21-A972-496F-B301-2142697D8F22}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{56ACE6FD-822B-4B40-A983-6FABA901FE08}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes,DefaultScope = {56ACE6FD-822B-4B40-A983-6FABA901FE08}
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{EC9B9EA9-3578-40F5-891B-BEE218CCE491}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
[2012.04.20 15:47:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- D:\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\zni354nt.default\extensions\toolbar@ask.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:04ADB7A6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD36C4B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:349E5B74
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\pdfforge Toolbar
C:\Windows\SysWow64\winsh32?
C:\Program Files\col18696.exe
D:\Nicole\AppData\Roaming\Mmfwcyypw
C:\Program Files (x86)\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
05.06.2012, 20:48
| #19 |
| | Windows Verschlüsselungs Trojaner Irgendwie funktioniert das nicht und leider bleibt das Programm zwischendrin hängen  |
|
06.06.2012, 16:00
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Wiederhol den Fix im abgesicherten Modus bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 17:10
| #21 |
| | Windows Verschlüsselungs Trojaner Ich habe es jetzt noch ein paar Mal versucht. Leider bleibt das Programm auch im abgesicherten Modus hängen :-/ |
|
08.06.2012, 17:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Kannst du sehen bei welcher Zeile im Skript OTL hängen bleibt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 20:53
| #23 |
| | Windows Verschlüsselungs Trojaner O3 - HKLM\ Toolbar: (Search Results Toolbar) - {D4027C7F-154A-4066-A1AD-42430817440} - C:Program Files (x86)\Ask. Mehr kann ich leider nicht lesen, da das Programm dann hängt und ich nichts anklicken kann... |
|
08.06.2012, 21:21
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Probier es bitte mal mit dem hier als Fixscript: Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ADD7D21-A972-496F-B301-2142697D8F22}
IE:64bit: - HKLM\..\SearchScopes\{9ADD7D21-A972-496F-B301-2142697D8F22}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{56ACE6FD-822B-4B40-A983-6FABA901FE08}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes,DefaultScope = {56ACE6FD-822B-4B40-A983-6FABA901FE08}
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{EC9B9EA9-3578-40F5-891B-BEE218CCE491}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
[2012.04.20 15:47:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- D:\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\zni354nt.default\extensions\toolbar@ask.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:04ADB7A6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD36C4B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:349E5B74
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\pdfforge Toolbar
C:\Windows\SysWow64\winsh32?
C:\Program Files\col18696.exe
D:\Nicole\AppData\Roaming\Mmfwcyypw
C:\Program Files (x86)\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 21:34
| #25 |
| | Windows Verschlüsselungs Trojaner Jetzt hängt wieder: O3 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\...\Toolbar\WebBrowser: (Search Results Toolbar) Weiter kann ich wieder net, weil es hängt... |
|
08.06.2012, 21:58
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Dann probier es damit (alle O3-Zeilen weg, die sind eh nur nice2have zu löschen aber nicht wirklich schlimm oder wichtig) Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ADD7D21-A972-496F-B301-2142697D8F22}
IE:64bit: - HKLM\..\SearchScopes\{9ADD7D21-A972-496F-B301-2142697D8F22}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{56ACE6FD-822B-4B40-A983-6FABA901FE08}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=LEN2&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes,DefaultScope = {56ACE6FD-822B-4B40-A983-6FABA901FE08}
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\..\SearchScopes\{EC9B9EA9-3578-40F5-891B-BEE218CCE491}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
[2012.04.20 15:47:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- D:\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\zni354nt.default\extensions\toolbar@ask.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D8134D8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:04ADB7A6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD36C4B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:349E5B74
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\pdfforge Toolbar
C:\Windows\SysWow64\winsh32?
C:\Program Files\col18696.exe
D:\Nicole\AppData\Roaming\Mmfwcyypw
C:\Program Files (x86)\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2012, 09:53
| #27 |
| | Windows Verschlüsselungs TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9ADD7D21-A972-496F-B301-2142697D8F22}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ADD7D21-A972-496F-B301-2142697D8F22}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56ACE6FD-822B-4B40-A983-6FABA901FE08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56ACE6FD-822B-4B40-A983-6FABA901FE08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EC9B9EA9-3578-40F5-891B-BEE218CCE491}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC9B9EA9-3578-40F5-891B-BEE218CCE491}\ not found.
Folder D:\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\zni354nt.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivX Download Manager deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3728700144-1891460459-2374237516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Q:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb550bba-bf17-11df-ba96-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb550bba-bf17-11df-ba96-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb550bba-bf17-11df-ba96-806e6f6e6963}\ not found.
File Q:\LenovoQDrive.exe not found.
ADS C:\ProgramData\TEMP:908A1B53 deleted successfully.
ADS C:\ProgramData\TEMP:A26AFC00 deleted successfully.
ADS C:\ProgramData\TEMP:0988A428 deleted successfully.
ADS C:\ProgramData\TEMP:56C66609 deleted successfully.
ADS C:\ProgramData\TEMP:BAC2F271 deleted successfully.
ADS C:\ProgramData\TEMP:1B3549F2 deleted successfully.
ADS C:\ProgramData\TEMP:BD8010FE deleted successfully.
ADS C:\ProgramData\TEMP:4B244549 deleted successfully.
ADS C:\ProgramData\TEMP:3B07E6F4 deleted successfully.
ADS C:\ProgramData\TEMP:C43C957E deleted successfully.
ADS C:\ProgramData\TEMP:014BC3B4 deleted successfully.
ADS C:\ProgramData\TEMP:D8134D8F deleted successfully.
ADS C:\ProgramData\TEMP:10D45FC3 deleted successfully.
ADS C:\ProgramData\TEMP:9B2BD056 deleted successfully.
ADS C:\ProgramData\TEMP:38D2EA83 deleted successfully.
ADS C:\ProgramData\TEMP:04ADB7A6 deleted successfully.
ADS C:\ProgramData\TEMP:8140CB50 deleted successfully.
ADS C:\ProgramData\TEMP:6FD36C4B deleted successfully.
ADS C:\ProgramData\TEMP:3C0887BF deleted successfully.
ADS C:\ProgramData\TEMP:CFF6B3FF deleted successfully.
ADS C:\ProgramData\TEMP:ED9B661E deleted successfully.
ADS C:\ProgramData\TEMP:349E5B74 deleted successfully.
ADS C:\ProgramData\TEMP:EA701346 deleted successfully.
ADS C:\ProgramData\TEMP:D7DA89B1 deleted successfully.
ADS C:\ProgramData\TEMP:67BA17B9 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.8 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Windows\SysWow64\winsh320 moved successfully.
C:\Windows\SysWow64\winsh321 moved successfully.
C:\Windows\SysWow64\winsh322 moved successfully.
C:\Windows\SysWow64\winsh323 moved successfully.
C:\Windows\SysWow64\winsh324 moved successfully.
C:\Windows\SysWow64\winsh325 moved successfully.
C:\Program Files\col18696.exe moved successfully.
D:\Nicole\AppData\Roaming\Mmfwcyypw folder moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: $RECYCLE.BIN
User: AppData
User: MSOCache
User: Nicole
->Temp folder emptied: 4783220124 bytes
->Temporary Internet Files folder emptied: 86717351 bytes
->Java cache emptied: 3886116 bytes
->FireFox cache emptied: 99204150 bytes
->Flash cache emptied: 195471 bytes
User: Program Files
User: System Volume Information
User: _OTL
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 841270 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60299877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102494 bytes
RecycleBin emptied: 597436185 bytes
Total Files Cleaned = 5.371,00 mb
[EMPTYFLASH]
User: $RECYCLE.BIN
User: AppData
User: MSOCache
User: Nicole
->Flash cache emptied: 0 bytes
User: Program Files
User: System Volume Information
User: _OTL
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.46.0 log created on 06092012_103150
Files\Folders moved on Reboot...
File move failed. D:\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
09.06.2012, 23:57
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 08:42
| #29 |
| | Windows Verschlüsselungs TrojanerCode:
ATTFilter 09:35:29.0892 5396 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:35:29.0980 5396 ============================================================
09:35:29.0980 5396 Current date / time: 2012/06/10 09:35:29.0980
09:35:29.0980 5396 SystemInfo:
09:35:29.0980 5396
09:35:29.0980 5396 OS Version: 6.1.7600 ServicePack: 0.0
09:35:29.0980 5396 Product type: Workstation
09:35:29.0981 5396 ComputerName: NICOLES_ZWERG
09:35:29.0981 5396 UserName: Nicole
09:35:29.0981 5396 Windows directory: C:\Windows
09:35:29.0981 5396 System windows directory: C:\Windows
09:35:29.0981 5396 Running under WOW64
09:35:29.0981 5396 Processor architecture: Intel x64
09:35:29.0981 5396 Number of processors: 4
09:35:29.0981 5396 Page size: 0x1000
09:35:29.0981 5396 Boot type: Normal boot
09:35:29.0981 5396 ============================================================
09:35:31.0164 5396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:35:31.0174 5396 ============================================================
09:35:31.0174 5396 \Device\Harddisk0\DR0:
09:35:31.0174 5396 MBR partitions:
09:35:31.0174 5396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:35:31.0174 5396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x3AA3800
09:35:31.0189 5396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3CFC800, BlocksNum 0x203A9000
09:35:31.0189 5396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
09:35:31.0189 5396 ============================================================
09:35:31.0230 5396 C: <-> \Device\Harddisk0\DR0\Partition1
09:35:31.0274 5396 Q: <-> \Device\Harddisk0\DR0\Partition3
09:35:31.0327 5396 D: <-> \Device\Harddisk0\DR0\Partition2
09:35:31.0368 5396 ============================================================
09:35:31.0368 5396 Initialize success
09:35:31.0368 5396 ============================================================
09:38:35.0573 2728 ============================================================
09:38:35.0573 2728 Scan started
09:38:35.0573 2728 Mode: Manual; SigCheck; TDLFS;
09:38:35.0573 2728 ============================================================
09:38:37.0141 2728 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:38:38.0437 2728 1394ohci - ok
09:38:39.0533 2728 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
09:38:39.0578 2728 ACPI - ok
09:38:39.0697 2728 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:38:39.0862 2728 AcpiPmi - ok
09:38:40.0039 2728 AcPrfMgrSvc (1f8b13196f7a45019d9dec9fdd473c71) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:38:40.0053 2728 AcPrfMgrSvc - ok
09:38:40.0161 2728 AcSvc (f541512b2bba14aaab8140021d75a83c) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
09:38:40.0177 2728 AcSvc - ok
09:38:40.0457 2728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:38:40.0488 2728 AdobeARMservice - ok
09:38:41.0018 2728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:38:41.0081 2728 adp94xx - ok
09:38:41.0128 2728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:38:41.0159 2728 adpahci - ok
09:38:41.0206 2728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:38:41.0221 2728 adpu320 - ok
09:38:41.0268 2728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:38:41.0440 2728 AeLookupSvc - ok
09:38:41.0533 2728 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
09:38:41.0642 2728 AFD - ok
09:38:41.0705 2728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:38:41.0720 2728 agp440 - ok
09:38:41.0767 2728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:38:41.0830 2728 ALG - ok
09:38:41.0861 2728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:38:41.0876 2728 aliide - ok
09:38:41.0892 2728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:38:41.0892 2728 amdide - ok
09:38:41.0923 2728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:38:41.0970 2728 AmdK8 - ok
09:38:41.0970 2728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:38:42.0001 2728 AmdPPM - ok
09:38:42.0032 2728 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
09:38:42.0048 2728 amdsata - ok
09:38:42.0079 2728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:38:42.0095 2728 amdsbs - ok
09:38:42.0110 2728 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
09:38:42.0126 2728 amdxata - ok
09:38:42.0142 2728 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:38:42.0235 2728 AppID - ok
09:38:42.0251 2728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:38:42.0329 2728 AppIDSvc - ok
09:38:42.0376 2728 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
09:38:42.0454 2728 Appinfo - ok
09:38:42.0563 2728 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:38:42.0578 2728 Apple Mobile Device - ok
09:38:42.0610 2728 Application Updater - ok
09:38:42.0656 2728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:38:42.0672 2728 arc - ok
09:38:42.0688 2728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:38:42.0703 2728 arcsas - ok
09:38:42.0719 2728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:42.0797 2728 AsyncMac - ok
09:38:42.0812 2728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:38:42.0828 2728 atapi - ok
09:38:42.0922 2728 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:38:43.0015 2728 AudioEndpointBuilder - ok
09:38:43.0031 2728 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:38:43.0093 2728 AudioSrv - ok
09:38:43.0140 2728 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
09:38:43.0171 2728 AxInstSV - ok
09:38:43.0249 2728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:38:43.0280 2728 b06bdrv - ok
09:38:43.0343 2728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:43.0390 2728 b57nd60a - ok
09:38:43.0421 2728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:38:43.0468 2728 BDESVC - ok
09:38:43.0483 2728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:38:43.0577 2728 Beep - ok
09:38:43.0655 2728 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
09:38:43.0748 2728 BFE - ok
09:38:43.0842 2728 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
09:38:43.0967 2728 BITS - ok
09:38:44.0045 2728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:44.0076 2728 blbdrive - ok
09:38:44.0154 2728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:38:44.0170 2728 Bonjour Service - ok
09:38:44.0216 2728 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
09:38:44.0294 2728 bowser - ok
09:38:44.0326 2728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:38:44.0357 2728 BrFiltLo - ok
09:38:44.0357 2728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:38:44.0388 2728 BrFiltUp - ok
09:38:44.0435 2728 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
09:38:44.0528 2728 Browser - ok
09:38:44.0544 2728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:38:44.0575 2728 Brserid - ok
09:38:44.0591 2728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:44.0622 2728 BrSerWdm - ok
09:38:44.0638 2728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:44.0669 2728 BrUsbMdm - ok
09:38:44.0684 2728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:44.0716 2728 BrUsbSer - ok
09:38:44.0747 2728 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
09:38:44.0794 2728 BthEnum - ok
09:38:44.0825 2728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:38:44.0856 2728 BTHMODEM - ok
09:38:44.0872 2728 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:38:44.0918 2728 BthPan - ok
09:38:44.0981 2728 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
09:38:45.0028 2728 BTHPORT - ok
09:38:45.0090 2728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:38:45.0152 2728 bthserv - ok
09:38:45.0168 2728 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
09:38:45.0199 2728 BTHUSB - ok
09:38:45.0230 2728 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
09:38:45.0308 2728 btusbflt - ok
09:38:45.0355 2728 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
09:38:45.0371 2728 btwaudio - ok
09:38:45.0418 2728 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
09:38:45.0418 2728 btwavdt - ok
09:38:45.0574 2728 btwdins (1d2a95842f8dddedd9b600a9cc7936b5) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
09:38:45.0620 2728 btwdins - ok
09:38:45.0667 2728 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:38:45.0667 2728 btwl2cap - ok
09:38:45.0698 2728 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
09:38:45.0698 2728 btwrchid - ok
09:38:45.0745 2728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:38:45.0823 2728 cdfs - ok
09:38:45.0854 2728 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:38:45.0886 2728 cdrom - ok
09:38:45.0917 2728 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:38:45.0995 2728 CertPropSvc - ok
09:38:46.0042 2728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:38:46.0073 2728 circlass - ok
09:38:46.0120 2728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:38:46.0151 2728 CLFS - ok
09:38:46.0213 2728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:46.0229 2728 clr_optimization_v2.0.50727_32 - ok
09:38:46.0276 2728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:46.0291 2728 clr_optimization_v2.0.50727_64 - ok
09:38:46.0385 2728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:46.0400 2728 clr_optimization_v4.0.30319_32 - ok
09:38:46.0432 2728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:46.0447 2728 clr_optimization_v4.0.30319_64 - ok
09:38:46.0478 2728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:38:46.0510 2728 CmBatt - ok
09:38:46.0525 2728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:38:46.0541 2728 cmdide - ok
09:38:46.0588 2728 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:38:46.0666 2728 CNG - ok
09:38:46.0759 2728 CnxtHdAudService (a7d943bcfb70f1f053c274b348267b55) C:\Windows\system32\drivers\CHDRT64.sys
09:38:46.0806 2728 CnxtHdAudService - ok
09:38:46.0853 2728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:38:46.0868 2728 Compbatt - ok
09:38:46.0915 2728 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:38:46.0962 2728 CompositeBus - ok
09:38:46.0978 2728 COMSysApp - ok
09:38:46.0993 2728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:38:47.0009 2728 crcdisk - ok
09:38:47.0056 2728 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
09:38:47.0134 2728 CryptSvc - ok
09:38:47.0196 2728 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:38:47.0290 2728 DcomLaunch - ok
09:38:47.0352 2728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:38:47.0446 2728 defragsvc - ok
09:38:47.0492 2728 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
09:38:47.0570 2728 DfsC - ok
09:38:47.0633 2728 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
09:38:47.0726 2728 Dhcp - ok
09:38:47.0773 2728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:38:47.0836 2728 discache - ok
09:38:47.0898 2728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:38:47.0898 2728 Disk - ok
09:38:47.0945 2728 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
09:38:48.0054 2728 Dnscache - ok
09:38:48.0101 2728 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
09:38:48.0179 2728 dot3svc - ok
09:38:48.0257 2728 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:38:48.0288 2728 Dot4 - ok
09:38:48.0319 2728 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:38:48.0350 2728 Dot4Print - ok
09:38:48.0366 2728 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:38:48.0382 2728 dot4usb - ok
09:38:48.0413 2728 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
09:38:48.0475 2728 DPS - ok
09:38:48.0522 2728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:38:48.0553 2728 drmkaud - ok
09:38:48.0647 2728 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
09:38:48.0694 2728 DXGKrnl - ok
09:38:48.0756 2728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:38:48.0834 2728 EapHost - ok
09:38:49.0130 2728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:38:49.0240 2728 ebdrv - ok
09:38:49.0349 2728 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
09:38:49.0380 2728 EFS - ok
09:38:49.0474 2728 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
09:38:49.0536 2728 ehRecvr - ok
09:38:49.0567 2728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:38:49.0614 2728 ehSched - ok
09:38:49.0739 2728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:38:49.0770 2728 elxstor - ok
09:38:49.0770 2728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:38:49.0817 2728 ErrDev - ok
09:38:49.0879 2728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:38:49.0957 2728 EventSystem - ok
09:38:49.0988 2728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:38:50.0066 2728 exfat - ok
09:38:50.0113 2728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:38:50.0207 2728 fastfat - ok
09:38:50.0285 2728 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
09:38:50.0332 2728 Fax - ok
09:38:50.0363 2728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:38:50.0378 2728 fdc - ok
09:38:50.0410 2728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:38:50.0472 2728 fdPHost - ok
09:38:50.0503 2728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:38:50.0566 2728 FDResPub - ok
09:38:50.0581 2728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:38:50.0597 2728 FileInfo - ok
09:38:50.0612 2728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:38:50.0690 2728 Filetrace - ok
09:38:50.0784 2728 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:38:50.0831 2728 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:38:50.0831 2728 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:38:50.0862 2728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:38:50.0893 2728 flpydisk - ok
09:38:50.0924 2728 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:38:50.0940 2728 FltMgr - ok
09:38:51.0049 2728 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
09:38:51.0158 2728 FontCache - ok
09:38:51.0236 2728 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:51.0252 2728 FontCache3.0.0.0 - ok
09:38:51.0283 2728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:38:51.0299 2728 FsDepends - ok
09:38:51.0314 2728 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:38:51.0330 2728 Fs_Rec - ok
09:38:51.0377 2728 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:38:51.0392 2728 fvevol - ok
09:38:51.0424 2728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:38:51.0439 2728 gagp30kx - ok
09:38:51.0486 2728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:51.0502 2728 GEARAspiWDM - ok
09:38:51.0580 2728 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
09:38:51.0642 2728 gpsvc - ok
09:38:51.0689 2728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:38:51.0736 2728 hcw85cir - ok
09:38:51.0782 2728 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:38:51.0814 2728 HdAudAddService - ok
09:38:51.0860 2728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:51.0892 2728 HDAudBus - ok
09:38:51.0938 2728 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:51.0954 2728 HECIx64 - ok
09:38:51.0970 2728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:38:51.0985 2728 HidBatt - ok
09:38:52.0016 2728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:38:52.0048 2728 HidBth - ok
09:38:52.0048 2728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:38:52.0079 2728 HidIr - ok
09:38:52.0110 2728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:38:52.0172 2728 hidserv - ok
09:38:52.0204 2728 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:38:52.0219 2728 HidUsb - ok
09:38:52.0250 2728 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
09:38:52.0313 2728 hkmsvc - ok
09:38:52.0344 2728 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
09:38:52.0406 2728 HomeGroupListener - ok
09:38:52.0438 2728 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
09:38:52.0469 2728 HomeGroupProvider - ok
09:38:52.0500 2728 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:38:52.0516 2728 HpSAMD - ok
09:38:52.0609 2728 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:38:52.0703 2728 HTTP - ok
09:38:52.0718 2728 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:38:52.0734 2728 hwpolicy - ok
09:38:52.0781 2728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:52.0796 2728 i8042prt - ok
09:38:52.0859 2728 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
09:38:52.0874 2728 iaStor - ok
09:38:52.0937 2728 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
09:38:52.0952 2728 iaStorV - ok
09:38:52.0984 2728 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:38:52.0984 2728 IBMPMDRV - ok
09:38:52.0999 2728 IBMPMSVC (fc22310f3862e2c7c8722ef4778d5cc3) C:\Windows\system32\ibmpmsvc.exe
09:38:53.0015 2728 IBMPMSVC - ok
09:38:53.0155 2728 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:53.0186 2728 idsvc - ok
09:38:54.0044 2728 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:54.0481 2728 igfx - ok
09:38:54.0653 2728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:38:54.0668 2728 iirsp - ok
09:38:54.0762 2728 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
09:38:54.0856 2728 IKEEXT - ok
09:38:54.0902 2728 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
09:38:54.0934 2728 Impcd - ok
09:38:54.0996 2728 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:55.0043 2728 IntcDAud - ok
09:38:55.0058 2728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:38:55.0074 2728 intelide - ok
09:38:55.0105 2728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:38:55.0136 2728 intelppm - ok
09:38:55.0168 2728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:38:55.0246 2728 IPBusEnum - ok
09:38:55.0246 2728 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:55.0308 2728 IpFilterDriver - ok
09:38:55.0355 2728 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
09:38:55.0464 2728 iphlpsvc - ok
09:38:55.0480 2728 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:38:55.0495 2728 IPMIDRV - ok
09:38:55.0511 2728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:38:55.0589 2728 IPNAT - ok
09:38:55.0745 2728 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
09:38:55.0792 2728 iPod Service - ok
09:38:55.0807 2728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:38:55.0838 2728 IRENUM - ok
09:38:55.0870 2728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:38:55.0870 2728 isapnp - ok
09:38:55.0901 2728 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:38:55.0932 2728 iScsiPrt - ok
09:38:55.0948 2728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:55.0963 2728 kbdclass - ok
09:38:55.0979 2728 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:56.0010 2728 kbdhid - ok
09:38:56.0041 2728 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:38:56.0072 2728 KeyIso - ok
09:38:56.0072 2728 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:38:56.0088 2728 KSecDD - ok
09:38:56.0119 2728 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:38:56.0135 2728 KSecPkg - ok
09:38:56.0166 2728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:38:56.0244 2728 ksthunk - ok
09:38:56.0275 2728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:38:56.0353 2728 KtmRm - ok
09:38:56.0384 2728 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
09:38:56.0431 2728 LanmanServer - ok
09:38:56.0447 2728 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
09:38:56.0525 2728 LanmanWorkstation - ok
09:38:56.0587 2728 LENOVO.CAMMUTE (70481dabd9adab51a6933c5893b82925) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:38:56.0603 2728 LENOVO.CAMMUTE - ok
09:38:56.0650 2728 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:38:56.0650 2728 LENOVO.MICMUTE - ok
09:38:56.0712 2728 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
09:38:56.0712 2728 lenovo.smi - ok
09:38:56.0743 2728 LENOVO.TPKNRSVC (d0daf6a22037f6dee706a095c647aa41) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:38:56.0759 2728 LENOVO.TPKNRSVC - ok
09:38:56.0790 2728 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:38:56.0790 2728 Lenovo.VIRTSCRLSVC - ok
09:38:56.0837 2728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:38:56.0915 2728 lltdio - ok
09:38:56.0962 2728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:38:57.0024 2728 lltdsvc - ok
09:38:57.0055 2728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:38:57.0118 2728 lmhosts - ok
09:38:57.0196 2728 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:38:57.0211 2728 LMS - ok
09:38:57.0242 2728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:38:57.0258 2728 LSI_FC - ok
09:38:57.0274 2728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:38:57.0289 2728 LSI_SAS - ok
09:38:57.0305 2728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:38:57.0320 2728 LSI_SAS2 - ok
09:38:57.0336 2728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:38:57.0352 2728 LSI_SCSI - ok
09:38:57.0383 2728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:38:57.0461 2728 luafv - ok
09:38:57.0539 2728 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:38:57.0554 2728 MBAMProtector - ok
09:38:57.0664 2728 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:38:57.0695 2728 MBAMService - ok
09:38:57.0710 2728 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
09:38:57.0742 2728 Mcx2Svc - ok
09:38:57.0835 2728 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:38:57.0866 2728 MDM - ok
09:38:58.0069 2728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:38:58.0116 2728 megasas - ok
09:38:58.0147 2728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:38:58.0178 2728 MegaSR - ok
09:38:58.0210 2728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:38:58.0288 2728 MMCSS - ok
09:38:58.0303 2728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:38:58.0381 2728 Modem - ok
09:38:58.0412 2728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:38:58.0444 2728 monitor - ok
09:38:58.0475 2728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:38:58.0490 2728 mouclass - ok
09:38:58.0537 2728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:38:58.0553 2728 mouhid - ok
09:38:58.0568 2728 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:38:58.0584 2728 mountmgr - ok
09:38:58.0646 2728 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:38:58.0678 2728 MozillaMaintenance - ok
09:38:58.0693 2728 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:38:58.0709 2728 mpio - ok
09:38:58.0740 2728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:38:58.0802 2728 mpsdrv - ok
09:38:58.0880 2728 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
09:38:58.0974 2728 MpsSvc - ok
09:38:59.0005 2728 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:38:59.0036 2728 MRxDAV - ok
09:38:59.0068 2728 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:59.0114 2728 mrxsmb - ok
09:38:59.0146 2728 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:59.0192 2728 mrxsmb10 - ok
09:38:59.0208 2728 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:59.0224 2728 mrxsmb20 - ok
09:38:59.0239 2728 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:38:59.0255 2728 msahci - ok
09:38:59.0270 2728 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:38:59.0286 2728 msdsm - ok
09:38:59.0333 2728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:38:59.0348 2728 MSDTC - ok
09:38:59.0395 2728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:38:59.0458 2728 Msfs - ok
09:38:59.0489 2728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:38:59.0567 2728 mshidkmdf - ok
09:38:59.0582 2728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:38:59.0598 2728 msisadrv - ok
09:38:59.0629 2728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:38:59.0707 2728 MSiSCSI - ok
09:38:59.0723 2728 msiserver - ok
09:38:59.0754 2728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:38:59.0832 2728 MSKSSRV - ok
09:38:59.0848 2728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:59.0910 2728 MSPCLOCK - ok
09:38:59.0926 2728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:39:00.0004 2728 MSPQM - ok
09:39:00.0035 2728 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:39:00.0066 2728 MsRPC - ok
09:39:00.0082 2728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:39:00.0097 2728 mssmbios - ok
09:39:00.0128 2728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:39:00.0191 2728 MSTEE - ok
09:39:00.0206 2728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:39:00.0238 2728 MTConfig - ok
09:39:00.0269 2728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:39:00.0284 2728 Mup - ok
09:39:00.0347 2728 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
09:39:00.0425 2728 napagent - ok
09:39:00.0472 2728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:39:00.0518 2728 NativeWifiP - ok
09:39:00.0628 2728 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:39:00.0690 2728 NDIS - ok
09:39:00.0721 2728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:39:00.0799 2728 NdisCap - ok
09:39:00.0830 2728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:39:00.0908 2728 NdisTapi - ok
09:39:00.0924 2728 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:39:01.0002 2728 Ndisuio - ok
09:39:01.0033 2728 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:39:01.0111 2728 NdisWan - ok
09:39:01.0127 2728 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:39:01.0189 2728 NDProxy - ok
09:39:01.0252 2728 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
09:39:01.0267 2728 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:39:01.0267 2728 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:39:01.0314 2728 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
09:39:01.0345 2728 Netaapl - ok
09:39:01.0376 2728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:39:01.0439 2728 NetBIOS - ok
09:39:01.0486 2728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:39:01.0548 2728 NetBT - ok
09:39:01.0579 2728 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:39:01.0595 2728 Netlogon - ok
09:39:01.0657 2728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:39:01.0735 2728 Netman - ok
09:39:01.0782 2728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:39:01.0860 2728 netprofm - ok
09:39:01.0954 2728 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:39:01.0969 2728 NetTcpPortSharing - ok
09:39:02.0453 2728 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:39:02.0702 2728 netw5v64 - ok
09:39:02.0843 2728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:39:02.0858 2728 nfrd960 - ok
09:39:02.0952 2728 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
09:39:03.0030 2728 NlaSvc - ok
09:39:03.0061 2728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:39:03.0124 2728 Npfs - ok
09:39:03.0124 2728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:39:03.0202 2728 nsi - ok
09:39:03.0217 2728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:39:03.0295 2728 nsiproxy - ok
09:39:03.0467 2728 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
09:39:03.0529 2728 Ntfs - ok
09:39:03.0654 2728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:39:03.0732 2728 Null - ok
09:39:03.0763 2728 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
09:39:03.0779 2728 nvraid - ok
09:39:03.0794 2728 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
09:39:03.0810 2728 nvstor - ok
09:39:03.0826 2728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:39:03.0841 2728 nv_agp - ok
09:39:03.0857 2728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:39:03.0872 2728 ohci1394 - ok
09:39:03.0950 2728 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:39:03.0966 2728 ose - ok
09:39:04.0013 2728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:39:04.0075 2728 p2pimsvc - ok
09:39:04.0122 2728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:39:04.0153 2728 p2psvc - ok
09:39:04.0184 2728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:39:04.0216 2728 Parport - ok
09:39:04.0231 2728 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:39:04.0247 2728 partmgr - ok
09:39:04.0294 2728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:39:04.0325 2728 PcaSvc - ok
09:39:04.0372 2728 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:39:04.0387 2728 pci - ok
09:39:04.0387 2728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:39:04.0403 2728 pciide - ok
09:39:04.0434 2728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:39:04.0450 2728 pcmcia - ok
09:39:04.0559 2728 PCSUService (7eb95aa73d657a2da9d8cfc336f4f48f) C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
09:39:04.0574 2728 PCSUService ( UnsignedFile.Multi.Generic ) - warning
09:39:04.0574 2728 PCSUService - detected UnsignedFile.Multi.Generic (1)
09:39:04.0621 2728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:39:04.0637 2728 pcw - ok
09:39:04.0699 2728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:39:04.0777 2728 PEAUTH - ok
09:39:04.0855 2728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:39:04.0886 2728 PerfHost - ok
09:39:05.0027 2728 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
09:39:05.0136 2728 pla - ok
09:39:05.0198 2728 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
09:39:05.0292 2728 PlugPlay - ok
09:39:05.0339 2728 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
09:39:05.0370 2728 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:39:05.0370 2728 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:39:05.0386 2728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:39:05.0417 2728 PNRPAutoReg - ok
09:39:05.0448 2728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:39:05.0479 2728 PNRPsvc - ok
09:39:05.0526 2728 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
09:39:05.0604 2728 PolicyAgent - ok
09:39:05.0651 2728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:39:05.0729 2728 Power - ok
09:39:05.0791 2728 Power Manager DBC Service (a65a62ee76e94eed6b2dbcfdbd2cae6d) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
09:39:05.0807 2728 Power Manager DBC Service - ok
09:39:05.0885 2728 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:39:05.0947 2728 PptpMiniport - ok
09:39:05.0963 2728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:39:05.0978 2728 Processor - ok
09:39:06.0025 2728 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
09:39:06.0103 2728 ProfSvc - ok
09:39:06.0134 2728 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:39:06.0150 2728 ProtectedStorage - ok
09:39:06.0181 2728 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
09:39:06.0197 2728 psadd - ok
09:39:06.0244 2728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:39:06.0306 2728 Psched - ok
09:39:06.0446 2728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:39:06.0509 2728 ql2300 - ok
09:39:06.0634 2728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:39:06.0649 2728 ql40xx - ok
09:39:06.0712 2728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:39:06.0743 2728 QWAVE - ok
09:39:06.0758 2728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:39:06.0805 2728 QWAVEdrv - ok
09:39:06.0821 2728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:39:06.0883 2728 RasAcd - ok
09:39:06.0930 2728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:39:06.0992 2728 RasAgileVpn - ok
09:39:07.0024 2728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:39:07.0102 2728 RasAuto - ok
09:39:07.0133 2728 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:39:07.0195 2728 Rasl2tp - ok
09:39:07.0226 2728 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
09:39:07.0304 2728 RasMan - ok
09:39:07.0351 2728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:39:07.0429 2728 RasPppoe - ok
09:39:07.0445 2728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:39:07.0523 2728 RasSstp - ok
09:39:07.0554 2728 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:39:07.0632 2728 rdbss - ok
09:39:07.0648 2728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:39:07.0679 2728 rdpbus - ok
09:39:07.0694 2728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:39:07.0757 2728 RDPCDD - ok
09:39:07.0804 2728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:39:07.0882 2728 RDPENCDD - ok
09:39:07.0897 2728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:39:07.0975 2728 RDPREFMP - ok
09:39:08.0006 2728 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:39:08.0069 2728 RDPWD - ok
09:39:08.0116 2728 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:39:08.0131 2728 rdyboost - ok
09:39:08.0162 2728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:39:08.0240 2728 RemoteAccess - ok
09:39:08.0287 2728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:39:08.0365 2728 RemoteRegistry - ok
09:39:08.0412 2728 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:39:08.0443 2728 RFCOMM - ok
09:39:08.0474 2728 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:39:08.0521 2728 RimUsb - ok
09:39:08.0568 2728 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:39:08.0599 2728 RimVSerPort - ok
09:39:08.0662 2728 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
09:39:08.0724 2728 ROOTMODEM - ok
09:39:08.0755 2728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:39:08.0818 2728 RpcEptMapper - ok
09:39:08.0864 2728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:39:08.0880 2728 RpcLocator - ok
09:39:08.0927 2728 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:39:08.0989 2728 RpcSs - ok
09:39:09.0020 2728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:39:09.0098 2728 rspndr - ok
09:39:09.0130 2728 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
09:39:09.0145 2728 RSUSBSTOR - ok
09:39:09.0208 2728 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:39:09.0239 2728 RTL8167 - ok
09:39:09.0332 2728 RTL8192Ce (9a1cea6e20e19afce888d3f3e4358381) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
09:39:09.0379 2728 RTL8192Ce - ok
09:39:09.0410 2728 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:39:09.0426 2728 SamSs - ok
09:39:09.0442 2728 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:39:09.0457 2728 sbp2port - ok
09:39:09.0504 2728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:39:09.0582 2728 SCardSvr - ok
09:39:09.0598 2728 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:39:09.0676 2728 scfilter - ok
09:39:09.0754 2728 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
09:39:09.0847 2728 Schedule - ok
09:39:09.0878 2728 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:39:09.0941 2728 SCPolicySvc - ok
09:39:09.0988 2728 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
09:39:10.0019 2728 sdbus - ok
09:39:10.0066 2728 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
09:39:10.0081 2728 SDRSVC - ok
09:39:10.0112 2728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:39:10.0190 2728 secdrv - ok
09:39:10.0206 2728 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
09:39:10.0284 2728 seclogon - ok
09:39:10.0300 2728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:39:10.0362 2728 SENS - ok
09:39:10.0393 2728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:39:10.0440 2728 SensrSvc - ok
09:39:10.0471 2728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:39:10.0487 2728 Serenum - ok
09:39:10.0518 2728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:39:10.0549 2728 Serial - ok
09:39:10.0565 2728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:39:10.0596 2728 sermouse - ok
09:39:10.0643 2728 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
09:39:10.0721 2728 SessionEnv - ok
09:39:10.0721 2728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:39:10.0752 2728 sffdisk - ok
09:39:10.0783 2728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:39:10.0799 2728 sffp_mmc - ok
09:39:10.0814 2728 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:39:10.0830 2728 sffp_sd - ok
09:39:10.0846 2728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:39:10.0861 2728 sfloppy - ok
09:39:10.0924 2728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:39:11.0002 2728 SharedAccess - ok
09:39:11.0048 2728 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
09:39:11.0095 2728 ShellHWDetection - ok
09:39:11.0158 2728 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
09:39:11.0158 2728 Shockprf - ok
09:39:11.0189 2728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:39:11.0204 2728 SiSRaid2 - ok
09:39:11.0220 2728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:39:11.0236 2728 SiSRaid4 - ok
09:39:11.0329 2728 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
09:39:11.0329 2728 SkypeUpdate - ok
09:39:11.0360 2728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:39:11.0438 2728 Smb - ok
09:39:11.0470 2728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:39:11.0501 2728 SNMPTRAP - ok
09:39:11.0532 2728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:39:11.0548 2728 spldr - ok
09:39:11.0610 2728 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
09:39:11.0657 2728 Spooler - ok
09:39:11.0969 2728 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
09:39:12.0078 2728 sppsvc - ok
09:39:12.0203 2728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:39:12.0265 2728 sppuinotify - ok
09:39:12.0359 2728 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
09:39:12.0390 2728 srv - ok
09:39:12.0437 2728 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
09:39:12.0484 2728 srv2 - ok
09:39:12.0530 2728 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:39:12.0562 2728 SrvHsfHDA - ok
09:39:12.0686 2728 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:39:12.0749 2728 SrvHsfV92 - ok
09:39:12.0936 2728 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:39:12.0983 2728 SrvHsfWinac - ok
09:39:13.0014 2728 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
09:39:13.0045 2728 srvnet - ok
09:39:13.0092 2728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:39:13.0170 2728 SSDPSRV - ok
09:39:13.0186 2728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:39:13.0264 2728 SstpSvc - ok
09:39:13.0279 2728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:39:13.0295 2728 stexstor - ok
09:39:13.0357 2728 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
09:39:13.0404 2728 stisvc - ok
09:39:13.0513 2728 SUService (f3c73e650f1cd3289f38e62ccc325a66) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
09:39:13.0529 2728 SUService ( UnsignedFile.Multi.Generic ) - warning
09:39:13.0529 2728 SUService - detected UnsignedFile.Multi.Generic (1)
09:39:13.0560 2728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:39:13.0576 2728 swenum - ok
09:39:13.0622 2728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:39:13.0700 2728 swprv - ok
09:39:13.0856 2728 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
09:39:13.0903 2728 SynTP - ok
09:39:14.0153 2728 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
09:39:14.0231 2728 SysMain - ok
09:39:14.0340 2728 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
09:39:14.0371 2728 TabletInputService - ok
09:39:14.0418 2728 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
09:39:14.0496 2728 TapiSrv - ok
09:39:14.0512 2728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:39:14.0574 2728 TBS - ok
09:39:14.0792 2728 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
09:39:14.0870 2728 Tcpip - ok
09:39:15.0182 2728 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
09:39:15.0260 2728 TCPIP6 - ok
09:39:15.0401 2728 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:39:15.0463 2728 tcpipreg - ok
09:39:15.0494 2728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:39:15.0557 2728 TDPIPE - ok
09:39:15.0557 2728 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:39:15.0619 2728 TDTCP - ok
09:39:15.0650 2728 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:39:15.0713 2728 tdx - ok
09:39:15.0760 2728 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:39:15.0775 2728 TermDD - ok
09:39:15.0869 2728 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
09:39:15.0978 2728 TermService - ok
09:39:16.0025 2728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:39:16.0056 2728 Themes - ok
09:39:16.0181 2728 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:39:16.0228 2728 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:39:16.0228 2728 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:39:16.0259 2728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:39:16.0321 2728 THREADORDER - ok
09:39:16.0399 2728 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
09:39:16.0415 2728 TPDIGIMN - ok
09:39:16.0446 2728 TPHDEXLGSVC (0c1c7753a5539c898adaffde835df7a8) C:\Windows\system32\TPHDEXLG64.exe
09:39:16.0462 2728 TPHDEXLGSVC - ok
09:39:16.0540 2728 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
09:39:16.0555 2728 TPHKSVC - ok
09:39:16.0586 2728 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
09:39:16.0618 2728 TPM - ok
09:39:16.0680 2728 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
09:39:16.0680 2728 TPPWRIF - ok
09:39:16.0727 2728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:39:16.0789 2728 TrkWks - ok
09:39:16.0852 2728 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
09:39:16.0883 2728 TrustedInstaller - ok
09:39:16.0898 2728 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:39:16.0961 2728 tssecsrv - ok
09:39:17.0008 2728 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:39:17.0070 2728 tunnel - ok
09:39:17.0273 2728 TVT Backup Service (003afb1490828615b041849abb40eaa1) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
09:39:17.0335 2728 TVT Backup Service - ok
09:39:17.0476 2728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:39:17.0491 2728 uagp35 - ok
09:39:17.0538 2728 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:39:17.0600 2728 udfs - ok
09:39:17.0632 2728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:39:17.0678 2728 UI0Detect - ok
09:39:17.0694 2728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:39:17.0694 2728 uliagpkx - ok
09:39:17.0725 2728 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:39:17.0756 2728 umbus - ok
09:39:17.0772 2728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:39:17.0803 2728 UmPass - ok
09:39:18.0053 2728 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:39:18.0146 2728 UNS - ok
09:39:18.0271 2728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:39:18.0365 2728 upnphost - ok
09:39:18.0427 2728 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:39:18.0474 2728 USBAAPL64 - ok
09:39:18.0521 2728 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
09:39:18.0552 2728 usbccgp - ok
09:39:18.0599 2728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:39:18.0630 2728 usbcir - ok
09:39:18.0630 2728 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
09:39:18.0661 2728 usbehci - ok
09:39:18.0724 2728 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
09:39:18.0755 2728 usbhub - ok
09:39:18.0770 2728 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:39:18.0786 2728 usbohci - ok
09:39:18.0802 2728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:39:18.0833 2728 usbprint - ok
09:39:18.0864 2728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:39:18.0880 2728 usbscan - ok
09:39:18.0926 2728 usbsmi (63fe600d71d72eb960ff01b0f0e5d837) C:\Windows\system32\DRIVERS\SMIksdrv.sys
09:39:18.0973 2728 usbsmi - ok
09:39:19.0020 2728 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:39:19.0051 2728 USBSTOR - ok
09:39:19.0067 2728 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:39:19.0082 2728 usbuhci - ok
09:39:19.0145 2728 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:39:19.0176 2728 usbvideo - ok
09:39:19.0192 2728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:39:19.0270 2728 UxSms - ok
09:39:19.0301 2728 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:39:19.0316 2728 VaultSvc - ok
09:39:19.0332 2728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:39:19.0348 2728 vdrvroot - ok
09:39:19.0410 2728 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
09:39:19.0441 2728 vds - ok
09:39:19.0457 2728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:39:19.0488 2728 vga - ok
09:39:19.0504 2728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:39:19.0582 2728 VgaSave - ok
09:39:19.0597 2728 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:39:19.0613 2728 vhdmp - ok
09:39:19.0628 2728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:39:19.0644 2728 viaide - ok
09:39:19.0675 2728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:39:19.0691 2728 volmgr - ok
09:39:19.0722 2728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:39:19.0738 2728 volmgrx - ok
09:39:19.0769 2728 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:39:19.0784 2728 volsnap - ok
09:39:19.0831 2728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:39:19.0847 2728 vsmraid - ok
09:39:19.0987 2728 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
09:39:20.0065 2728 VSS - ok
09:39:20.0206 2728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:39:20.0221 2728 vwifibus - ok
09:39:20.0252 2728 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:39:20.0284 2728 vwififlt - ok
09:39:20.0346 2728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:39:20.0424 2728 W32Time - ok
09:39:20.0440 2728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:39:20.0471 2728 WacomPen - ok
09:39:20.0502 2728 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:39:20.0580 2728 WANARP - ok
09:39:20.0596 2728 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:39:20.0658 2728 Wanarpv6 - ok
09:39:20.0783 2728 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
09:39:20.0861 2728 wbengine - ok
09:39:21.0001 2728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:39:21.0032 2728 WbioSrvc - ok
09:39:21.0079 2728 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
09:39:21.0110 2728 wcncsvc - ok
09:39:21.0126 2728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:39:21.0157 2728 WcsPlugInService - ok
09:39:21.0220 2728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:39:21.0235 2728 Wd - ok
09:39:21.0298 2728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:39:21.0329 2728 Wdf01000 - ok
09:39:21.0344 2728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:39:21.0391 2728 WdiServiceHost - ok
09:39:21.0391 2728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:39:21.0422 2728 WdiSystemHost - ok
09:39:21.0469 2728 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
09:39:21.0500 2728 WebClient - ok
09:39:21.0547 2728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:39:21.0625 2728 Wecsvc - ok
09:39:21.0656 2728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:39:21.0719 2728 wercplsupport - ok
09:39:21.0734 2728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:39:21.0797 2728 WerSvc - ok
09:39:21.0875 2728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:39:21.0937 2728 WfpLwf - ok
09:39:21.0953 2728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:39:21.0968 2728 WIMMount - ok
09:39:22.0000 2728 WinDefend - ok
09:39:22.0015 2728 WinHttpAutoProxySvc - ok
09:39:22.0078 2728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:39:22.0156 2728 Winmgmt - ok
09:39:22.0343 2728 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
09:39:22.0483 2728 WinRM - ok
09:39:22.0655 2728 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:39:22.0670 2728 WinUsb - ok
09:39:22.0764 2728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:39:22.0811 2728 Wlansvc - ok
09:39:22.0858 2728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:39:22.0873 2728 WmiAcpi - ok
09:39:22.0936 2728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:39:22.0967 2728 wmiApSrv - ok
09:39:23.0029 2728 WMPNetworkSvc - ok
09:39:23.0060 2728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:39:23.0092 2728 WPCSvc - ok
09:39:23.0123 2728 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
09:39:23.0170 2728 WPDBusEnum - ok
09:39:23.0201 2728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:39:23.0263 2728 ws2ifsl - ok
09:39:23.0294 2728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
09:39:23.0326 2728 wscsvc - ok
09:39:23.0326 2728 WSearch - ok
09:39:23.0513 2728 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
09:39:23.0638 2728 wuauserv - ok
09:39:23.0872 2728 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:39:23.0934 2728 WudfPf - ok
09:39:23.0950 2728 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:24.0028 2728 WUDFRd - ok
09:39:24.0074 2728 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
09:39:24.0152 2728 wudfsvc - ok
09:39:24.0184 2728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:39:24.0230 2728 WwanSvc - ok
09:39:24.0262 2728 MBR (0x1B8) (0d8ccfd941fcd953f608374feb7acc05) \Device\Harddisk0\DR0
09:39:24.0761 2728 \Device\Harddisk0\DR0 - ok
09:39:24.0776 2728 Boot (0x1200) (1704543382a9d1ea50d3144fd18489a9) \Device\Harddisk0\DR0\Partition0
09:39:24.0776 2728 \Device\Harddisk0\DR0\Partition0 - ok
09:39:24.0792 2728 Boot (0x1200) (debf4b060b55e980f02dd52908062982) \Device\Harddisk0\DR0\Partition1
09:39:24.0808 2728 \Device\Harddisk0\DR0\Partition1 - ok
09:39:24.0823 2728 Boot (0x1200) (d5f53d16380f5b37c73e7accc8f0889e) \Device\Harddisk0\DR0\Partition2
09:39:24.0823 2728 \Device\Harddisk0\DR0\Partition2 - ok
09:39:24.0854 2728 Boot (0x1200) (0c98f31d378c627956d69bad8ef30b2f) \Device\Harddisk0\DR0\Partition3
09:39:24.0854 2728 \Device\Harddisk0\DR0\Partition3 - ok
09:39:24.0854 2728 ============================================================
09:39:24.0854 2728 Scan finished
09:39:24.0854 2728 ============================================================
09:39:24.0886 4124 Detected object count: 6
09:39:24.0886 4124 Actual detected object count: 6
09:39:50.0376 4124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:50.0376 4124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:50.0376 4124 PCSUService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 PCSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:50.0376 4124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:50.0376 4124 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:50.0376 4124 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:50.0376 4124 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.06.2012, 15:46
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Verschlüsselungs Trojaner |
| bereits, dateien, dateiname, dateinamen, decrypter, email, entschlüsseln, eurem, forum, infiziert., komische, konnte, könntet, laptop, malwarebytes, nichts, rechnung, schlüsseln, troja, trojane, trojaner, trojaner-board, verschlüsselungs, verschlüsselungs trojaner, verzweifel, windows, windows verschlüsselungs trojaner, wirklich |
