| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - vollständig entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.08.2012, 17:45
| #1 |
 |  Live Security Platinum - vollständig entfernen Hi! Leider habe ich diesen Live Security Platinum Virus auf meinem Rechner. Es wäre sehr nett, wenn Ihr mir helfen und sagen könntet, was ich tun soll, damit der Virus komplett von meinem Rechner entfernt wird. Bisher habe ich Folgendes gemacht: Ich habe mit dem Programm Sardu einen bootfähigen USB-Stick mit Antivir erstellt, den Rechner über den USB-Stick gebootet und die infizierten Daten löschen lassen. Dann habe ich mit Malwarebytes Anti-Malware einen Scan gemacht, mit der Einstellung, dass die infizierten Dateien in Quarantäne sollen. Hier ist das Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Laney :: TORNADO [Administrator] 14.08.2012 16:35:34 mbam-log-2012-08-14 (16-35-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373229 Laufzeit: 53 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U\800000cb.@.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Laney :: TORNADO [Administrator] 14.08.2012 21:41:21 mbam-log-2012-08-14 (21-41-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 361113 Laufzeit: 1 Stunde(n), 40 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Dann habe ich den ESET Online Scanner verwendet, wie es hier im Forum beschrieben wird, hier das Log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56dc201eb7f8b2429164b3f3141dabb4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-15 10:20:49
# local_time=2012-08-15 12:20:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9642451 9642451 0 0
# compatibility_mode=5893 16776574 66 94 409491 96646556 0 0
# compatibility_mode=8192 67108863 100 0 91 91 0 0
# compatibility_mode=9217 16777214 75 4 4478678 4478678 0 0
# scanned=150080
# found=0
# cleaned=0
# scan_time=10684
das "Extra"-Log ist angehangen, hier dasOTL-Log,: Code:
ATTFilter TL logfile created on: 15.08.2012 12:37:24 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Laney\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,34% Memory free 3,92 Gb Paging File | 2,73 Gb Available in Paging File | 69,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,25 Gb Total Space | 1,92 Gb Free Space | 1,33% Space Free | Partition Type: NTFS Computer Name: TORNADO | User Name: Laney | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.09 16:53:16 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Win32 Services (SafeList) ========== SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.06.21 15:58:50 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether) DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.07 18:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan) DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%7D&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-21%2018%3A55%3A33&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 16:53:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.24 14:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions [2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions [2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml [2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 16:53:10 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FB3177-40D2-4833-8FD7-D160FDECAE8E}: DhcpNameServer = 80.69.102.158 80.69.100.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC974E05-87DD-47CC-B0F2-7BA917689391}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 12:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe [2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.08.15 09:18:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes [2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E [2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp [2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2 [2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables [2012.07.21 15:08:05 | 000,000,000 | ---D | C] -- C:\Snag_India ========== Files - Modified Within 30 Days ========== [2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe [2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable [2012.08.15 09:15:28 | 006,110,278 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.15 09:15:28 | 002,260,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.15 09:15:28 | 001,875,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.15 09:15:28 | 001,679,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 09:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 09:07:44 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys [2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.11 15:42:35 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf ========== Files Created - No Company Name ========== [2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable [2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf [2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ [2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ [2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel [2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat [2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer [2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon [2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint [2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox [2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla [2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo [2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0 [2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes [2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer [2012.06.21 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\OpenCandy [2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer [2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr [2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony [2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer [2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird [2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software [2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone [2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9} [2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Das Log ist angehangen. Vielen Dank schon mal für Eure Hilfe! Laney Geändert von laney18 (15.08.2012 um 18:01 Uhr) |
|
18.08.2012, 10:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Live Security Platinum - vollständig entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
18.08.2012, 11:04
| #3 |
| | Live Security Platinum - vollständig entfernen Hallo Cosinus,
__________________vielen Dank für Deine Hilfe! Hier die Logdatei: Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 12:00:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Laney - TORNADO
# Boot Mode : Normal
# Running from : C:\Users\Laney\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
Found : vToolbarUpdater11.2.0
***** [Files / Folders] *****
Folder Found : C:\Users\Laney\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Laney\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Laney\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Laney\AppData\Roaming\OpenCandy
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]
Profile name : default
File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6591 octets] - [18/08/2012 12:00:57]
########## EOF - C:\AdwCleaner[R1].txt - [6719 octets] ##########
|
|
18.08.2012, 13:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.08.2012, 14:31
| #5 |
| | Live Security Platinum - vollständig entfernen Hier das Log: Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 15:07:56
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Laney - TORNADO
# Boot Mode : Normal
# Running from : C:\Users\Laney\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : vToolbarUpdater11.2.0
***** [Files / Folders] *****
Folder Deleted : C:\Users\Laney\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Laney\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Laney\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Laney\AppData\Roaming\OpenCandy
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]
Profile name : default
File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6720 octets] - [18/08/2012 12:00:57]
AdwCleaner[S1].txt - [6865 octets] - [18/08/2012 15:07:56]
########## EOF - C:\AdwCleaner[S1].txt - [6993 octets] ##########
|
|
18.08.2012, 14:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Live Security Platinum - vollständig entfernen |
|
18.08.2012, 14:49
| #7 |
| | Live Security Platinum - vollständig entfernen Der normale Modus von Windows funktioniert. Allerdings kann ich nicht ins Internet, wenn ich bei ZoneAlarm die Einstellungen für die öffentliche Zone auf hoch stelle. Wenn es auf mittel eingestellt ist, kann ich ganz normal ins Internet. Im Startmenü fehlt nichts. Unter allen Programmen ist der Ordner "Afinion Project Viewer" leer. Das könnte allerdings auch schon so gewesen sein bevor ich die Probleme mit diesem Live Security Platinum hatte. Vielen Dank und beste Grüße Laney |
|
19.08.2012, 17:37
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2012, 18:05
| #9 |
| | Live Security Platinum - vollständig entfernen Ich habe ZoneAlarm jetzt deinstalliert. Wenn ich die Windows-Firewall aktivieren will, kommt aber folgende Fehlermeldung: "Einige der Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x80070424". Ich kann dann nichts anderes als OK drücken und die Firewall wird nicht aktiviert. Vielen Dank und schöne Grüße Laney |
|
20.08.2012, 21:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 21:26
| #11 |
| | Live Security Platinum - vollständig entfernen Hallo! Hier die Logdatei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.08.2012 22:08:13 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Laney\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,73% Memory free 3,92 Gb Paging File | 2,88 Gb Available in Paging File | 73,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,25 Gb Total Space | 2,78 Gb Free Space | 1,93% Space Free | Partition Type: NTFS Computer Name: TORNADO | User Name: Laney | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Win32 Services (SafeList) ========== SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether) DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan) DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01 [binary data] IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions [2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions [2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml [2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found O4 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: EasyTether - hkey= - key= - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream) MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 22:06:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe [2012.08.19 18:53:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes [2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E [2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp [2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2 [2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables ========== Files - Modified Within 30 Days ========== [2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe [2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 21:50:18 | 006,302,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.20 21:50:18 | 002,318,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.20 21:50:18 | 001,937,086 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.20 21:50:18 | 001,735,472 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.20 21:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.20 21:42:45 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys [2012.08.19 14:48:51 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.08.18 12:00:00 | 000,618,227 | ---- | M] () -- C:\Users\Laney\Desktop\adwcleaner.exe [2012.08.15 12:46:59 | 000,302,592 | ---- | M] () -- C:\Users\Laney\Desktop\0hn0jums.exe [2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable [2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf ========== Files Created - No Company Name ========== [2012.08.18 11:59:55 | 000,618,227 | ---- | C] () -- C:\Users\Laney\Desktop\adwcleaner.exe [2012.08.15 12:46:58 | 000,302,592 | ---- | C] () -- C:\Users\Laney\Desktop\0hn0jums.exe [2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable [2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf [2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ [2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ [2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel [2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat [2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer [2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon [2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint [2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox [2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla [2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo [2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0 [2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes [2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer [2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer [2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr [2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony [2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer [2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird [2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software [2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone [2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9} [2012.02.20 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\CheckPoint [2012.02.20 22:35:20 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\PwrMgr [2012.02.20 19:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\Vodafone [2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer [2012.02.20 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Adobe [2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon [2012.04.25 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Avira [2011.06.28 15:04:21 | 000,000,000 | R--D | M] -- C:\Users\Laney\AppData\Roaming\Brother [2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint [2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox [2012.08.18 10:00:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\dvdcss [2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla [2011.07.12 08:57:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FLEXnet [2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo [2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0 [2011.06.24 10:08:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Identities [2011.06.24 14:22:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\InstallShield [2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes [2012.02.17 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Macromedia [2012.08.14 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Media Center Programs [2012.07.11 12:31:02 | 000,000,000 | --SD | M] -- C:\Users\Laney\AppData\Roaming\Microsoft [2011.06.24 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Mozilla [2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer [2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer [2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr [2012.07.28 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Skype [2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony [2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer [2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird [2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software [2012.03.30 12:43:59 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\vlc [2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone [2011.09.13 22:19:18 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\WinRAR [2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9} < %APPDATA%\*.exe /s > [2012.06.14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.06.14 04:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.06.14 04:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.11.11 16:44:36 | 000,010,134 | R--- | M] () -- C:\Users\Laney\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver\IaStor.sys [2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys [2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys [2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver64\IaStor.sys [2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Vielen Dank für die Hilfe, Laney |
|
21.08.2012, 12:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - user.js - File not found
O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Files
C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.08.2012, 15:59
| #13 |
| | Live Security Platinum - vollständig entfernen Hallo, vielen Dank, hier die Log-Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E folder moved successfully.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.
File\Folder C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.
File\Folder C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Laney
->Temp folder emptied: 210015949 bytes
->Temporary Internet Files folder emptied: 68690827 bytes
->Java cache emptied: 1084735 bytes
->FireFox cache emptied: 391159200 bytes
->Flash cache emptied: 66969 bytes
User: Public
User: Sicherheit
->Temp folder emptied: 1256988 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 389520749 bytes
RecycleBin emptied: 244339496 bytes
Total Files Cleaned = 1.246,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Laney
->Flash cache emptied: 0 bytes
User: Public
User: Sicherheit
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.58.1 log created on 08212012_164033
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Laney |
|
30.08.2012, 11:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum - vollständig entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.08.2012, 14:47
| #15 |
| | Live Security Platinum - vollständig entfernen Hi! Ich hoffe, Dein Urlaub war schön. Vielen Dank für die Hilfe! Hier die Log-Datei vom TDSSKiller: Code:
ATTFilter 15:42:28.0493 3752 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:42:28.0556 3752 ============================================================
15:42:28.0556 3752 Current date / time: 2012/08/30 15:42:28.0556
15:42:28.0556 3752 SystemInfo:
15:42:28.0556 3752
15:42:28.0556 3752 OS Version: 6.1.7601 ServicePack: 1.0
15:42:28.0556 3752 Product type: Workstation
15:42:28.0556 3752 ComputerName: TORNADO
15:42:28.0571 3752 UserName: Laney
15:42:28.0571 3752 Windows directory: C:\Windows
15:42:28.0571 3752 System windows directory: C:\Windows
15:42:28.0571 3752 Processor architecture: Intel x86
15:42:28.0571 3752 Number of processors: 2
15:42:28.0571 3752 Page size: 0x1000
15:42:28.0571 3752 Boot type: Normal boot
15:42:28.0571 3752 ============================================================
15:42:28.0946 3752 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:42:28.0961 3752 ============================================================
15:42:28.0961 3752 \Device\Harddisk1\DR1:
15:42:28.0961 3752 MBR partitions:
15:42:28.0961 3752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x99A000, BlocksNum 0x1207F000
15:42:28.0961 3752 ============================================================
15:42:28.0961 3752 C: <-> \Device\Harddisk1\DR1\Partition1
15:42:28.0961 3752 ============================================================
15:42:28.0961 3752 Initialize success
15:42:28.0961 3752 ============================================================
15:43:36.0213 5292 ============================================================
15:43:36.0213 5292 Scan started
15:43:36.0213 5292 Mode: Manual; SigCheck; TDLFS;
15:43:36.0213 5292 ============================================================
15:43:36.0993 5292 ================ Scan services =============================
15:43:37.0055 5292 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:43:37.0180 5292 1394ohci - ok
15:43:37.0196 5292 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:43:37.0211 5292 ACPI - ok
15:43:37.0227 5292 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:43:37.0274 5292 AcpiPmi - ok
15:43:37.0289 5292 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
15:43:37.0352 5292 ADIHdAudAddService - ok
15:43:37.0367 5292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:37.0367 5292 AdobeARMservice - ok
15:43:37.0430 5292 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:37.0445 5292 adp94xx - ok
15:43:37.0461 5292 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:43:37.0476 5292 adpahci - ok
15:43:37.0508 5292 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:43:37.0523 5292 adpu320 - ok
15:43:37.0523 5292 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
15:43:37.0554 5292 AEADIFilters - ok
15:43:37.0554 5292 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:43:37.0586 5292 AeLookupSvc - ok
15:43:37.0617 5292 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:43:37.0664 5292 AFD - ok
15:43:37.0679 5292 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:43:37.0695 5292 agp440 - ok
15:43:37.0710 5292 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:43:37.0726 5292 aic78xx - ok
15:43:37.0960 5292 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
15:43:37.0960 5292 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
15:43:37.0976 5292 Akamai ( HiddenFile.Multi.Generic ) - warning
15:43:37.0976 5292 Akamai - detected HiddenFile.Multi.Generic (1)
15:43:37.0991 5292 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:43:38.0022 5292 ALG - ok
15:43:38.0038 5292 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:43:38.0054 5292 aliide - ok
15:43:38.0085 5292 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:43:38.0100 5292 amdagp - ok
15:43:38.0116 5292 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:43:38.0116 5292 amdide - ok
15:43:38.0147 5292 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:43:38.0178 5292 AmdK8 - ok
15:43:38.0194 5292 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:43:38.0241 5292 AmdPPM - ok
15:43:38.0256 5292 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:43:38.0272 5292 amdsata - ok
15:43:38.0288 5292 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:38.0303 5292 amdsbs - ok
15:43:38.0303 5292 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:43:38.0319 5292 amdxata - ok
15:43:38.0350 5292 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:43:38.0444 5292 androidusb - ok
15:43:38.0459 5292 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:38.0459 5292 AntiVirSchedulerService - ok
15:43:38.0475 5292 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:38.0475 5292 AntiVirService - ok
15:43:38.0506 5292 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:43:38.0646 5292 AppID - ok
15:43:38.0678 5292 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:43:38.0709 5292 AppIDSvc - ok
15:43:38.0724 5292 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:43:38.0756 5292 Appinfo - ok
15:43:38.0771 5292 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:43:38.0802 5292 AppMgmt - ok
15:43:38.0834 5292 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:43:38.0849 5292 arc - ok
15:43:38.0865 5292 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:43:38.0865 5292 arcsas - ok
15:43:38.0880 5292 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:39.0005 5292 AsyncMac - ok
15:43:39.0005 5292 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:43:39.0021 5292 atapi - ok
15:43:39.0052 5292 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:39.0099 5292 AudioEndpointBuilder - ok
15:43:39.0114 5292 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:43:39.0146 5292 Audiosrv - ok
15:43:39.0161 5292 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:39.0177 5292 avgntflt - ok
15:43:39.0177 5292 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:43:39.0192 5292 avipbb - ok
15:43:39.0208 5292 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:43:39.0208 5292 avkmgr - ok
15:43:39.0224 5292 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:43:39.0255 5292 AxInstSV - ok
15:43:39.0302 5292 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:43:39.0348 5292 b06bdrv - ok
15:43:39.0380 5292 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:43:39.0395 5292 b57nd60x - ok
15:43:39.0411 5292 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:43:39.0442 5292 BDESVC - ok
15:43:39.0442 5292 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:43:39.0473 5292 Beep - ok
15:43:39.0473 5292 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:39.0504 5292 blbdrive - ok
15:43:39.0504 5292 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:43:39.0551 5292 bowser - ok
15:43:39.0567 5292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:39.0629 5292 BrFiltLo - ok
15:43:39.0645 5292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:39.0676 5292 BrFiltUp - ok
15:43:39.0676 5292 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
15:43:39.0738 5292 Browser - ok
15:43:39.0754 5292 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:43:39.0785 5292 Brserid - ok
15:43:39.0801 5292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:39.0832 5292 BrSerWdm - ok
15:43:39.0832 5292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:39.0863 5292 BrUsbMdm - ok
15:43:39.0863 5292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:39.0894 5292 BrUsbSer - ok
15:43:39.0926 5292 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:43:39.0941 5292 BthEnum - ok
15:43:39.0957 5292 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:39.0988 5292 BTHMODEM - ok
15:43:40.0019 5292 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:43:40.0035 5292 BthPan - ok
15:43:40.0082 5292 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:43:40.0113 5292 BTHPORT - ok
15:43:40.0128 5292 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:43:40.0191 5292 bthserv - ok
15:43:40.0206 5292 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:43:40.0238 5292 BTHUSB - ok
15:43:40.0253 5292 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:43:40.0300 5292 cdfs - ok
15:43:40.0300 5292 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:43:40.0331 5292 cdrom - ok
15:43:40.0347 5292 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:43:40.0378 5292 CertPropSvc - ok
15:43:40.0409 5292 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:43:40.0425 5292 circlass - ok
15:43:40.0425 5292 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:43:40.0440 5292 CLFS - ok
15:43:40.0472 5292 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:40.0487 5292 clr_optimization_v2.0.50727_32 - ok
15:43:40.0518 5292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:40.0534 5292 clr_optimization_v4.0.30319_32 - ok
15:43:40.0534 5292 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:40.0550 5292 CmBatt - ok
15:43:40.0565 5292 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:43:40.0581 5292 cmdide - ok
15:43:40.0596 5292 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:43:40.0628 5292 CNG - ok
15:43:40.0628 5292 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:43:40.0643 5292 Compbatt - ok
15:43:40.0659 5292 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:43:40.0674 5292 CompositeBus - ok
15:43:40.0690 5292 COMSysApp - ok
15:43:40.0706 5292 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:40.0706 5292 crcdisk - ok
15:43:40.0737 5292 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:43:40.0768 5292 CryptSvc - ok
15:43:40.0784 5292 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:43:40.0846 5292 CSC - ok
15:43:40.0877 5292 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:43:40.0908 5292 CscService - ok
15:43:40.0940 5292 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
15:43:40.0955 5292 CVirtA - ok
15:43:41.0033 5292 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:43:41.0080 5292 CVPND - ok
15:43:41.0096 5292 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:43:41.0127 5292 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:43:41.0127 5292 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:43:41.0158 5292 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:43:41.0189 5292 DcomLaunch - ok
15:43:41.0205 5292 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:43:41.0236 5292 defragsvc - ok
15:43:41.0252 5292 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:43:41.0283 5292 DfsC - ok
15:43:41.0298 5292 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:43:41.0345 5292 Dhcp - ok
15:43:41.0345 5292 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:43:41.0376 5292 discache - ok
15:43:41.0392 5292 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:43:41.0408 5292 Disk - ok
15:43:41.0408 5292 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
15:43:41.0423 5292 DNE - ok
15:43:41.0423 5292 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:43:41.0454 5292 Dnscache - ok
15:43:41.0470 5292 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:43:41.0501 5292 dot3svc - ok
15:43:41.0517 5292 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
15:43:41.0517 5292 DozeHDD - ok
15:43:41.0548 5292 [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
15:43:41.0564 5292 DozeSvc - ok
15:43:41.0579 5292 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:43:41.0626 5292 DPS - ok
15:43:41.0642 5292 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:43:41.0673 5292 drmkaud - ok
15:43:41.0704 5292 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:43:41.0735 5292 DXGKrnl - ok
15:43:41.0751 5292 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
15:43:41.0782 5292 e1express - ok
15:43:41.0782 5292 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:43:41.0813 5292 EapHost - ok
15:43:41.0829 5292 [ 312B74DC21C0EE503905740852DAE28B ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
15:43:41.0829 5292 easytether - ok
15:43:41.0954 5292 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:43:42.0110 5292 ebdrv - ok
15:43:42.0110 5292 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:43:42.0141 5292 EFS - ok
15:43:42.0172 5292 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:43:42.0203 5292 ehRecvr - ok
15:43:42.0234 5292 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:43:42.0250 5292 ehSched - ok
15:43:42.0281 5292 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:43:42.0297 5292 elxstor - ok
15:43:42.0328 5292 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:43:42.0344 5292 ErrDev - ok
15:43:42.0375 5292 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:43:42.0422 5292 EventSystem - ok
15:43:42.0453 5292 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:43:42.0484 5292 exfat - ok
15:43:42.0515 5292 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:43:42.0562 5292 fastfat - ok
15:43:42.0593 5292 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:43:42.0640 5292 Fax - ok
15:43:42.0656 5292 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:43:42.0656 5292 fdc - ok
15:43:42.0687 5292 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:43:42.0718 5292 fdPHost - ok
15:43:42.0718 5292 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:43:42.0749 5292 FDResPub - ok
15:43:42.0749 5292 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:43:42.0765 5292 FileInfo - ok
15:43:42.0780 5292 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:43:42.0812 5292 Filetrace - ok
15:43:42.0827 5292 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:42.0843 5292 flpydisk - ok
15:43:42.0858 5292 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:43:42.0874 5292 FltMgr - ok
15:43:42.0921 5292 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:43:42.0952 5292 FontCache - ok
15:43:42.0968 5292 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:42.0968 5292 FontCache3.0.0.0 - ok
15:43:42.0983 5292 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:43:42.0999 5292 FsDepends - ok
15:43:42.0999 5292 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:43:43.0014 5292 Fs_Rec - ok
15:43:43.0030 5292 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:43:43.0046 5292 fvevol - ok
15:43:43.0077 5292 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:43.0077 5292 gagp30kx - ok
15:43:43.0108 5292 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:43:43.0155 5292 gpsvc - ok
15:43:43.0170 5292 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:43:43.0202 5292 hcw85cir - ok
15:43:43.0233 5292 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:43.0248 5292 HdAudAddService - ok
15:43:43.0264 5292 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:43:43.0295 5292 HDAudBus - ok
15:43:43.0311 5292 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:43.0326 5292 HidBatt - ok
15:43:43.0342 5292 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:43:43.0373 5292 HidBth - ok
15:43:43.0389 5292 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:43:43.0420 5292 HidIr - ok
15:43:43.0420 5292 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:43:43.0436 5292 hidserv - ok
15:43:43.0482 5292 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:43:43.0482 5292 HidUsb - ok
15:43:43.0498 5292 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:43:43.0529 5292 hkmsvc - ok
15:43:43.0560 5292 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:43.0592 5292 HomeGroupListener - ok
15:43:43.0623 5292 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:43.0638 5292 HomeGroupProvider - ok
15:43:43.0670 5292 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:43:43.0685 5292 HpSAMD - ok
15:43:43.0716 5292 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:43:43.0794 5292 HSF_DPV - ok
15:43:43.0810 5292 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:43:43.0826 5292 HSXHWAZL - ok
15:43:43.0857 5292 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:43:43.0888 5292 HTTP - ok
15:43:43.0919 5292 [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:43:43.0935 5292 hwdatacard - ok
15:43:43.0950 5292 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:43:43.0950 5292 hwpolicy - ok
15:43:43.0982 5292 [ A259D3619AA23D4562581067F85E2006 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
15:43:43.0997 5292 hwusbdev - ok
15:43:44.0013 5292 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:43:44.0028 5292 i8042prt - ok
15:43:44.0044 5292 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:44.0060 5292 IAANTMON - ok
15:43:44.0075 5292 [ D0310C79C5A9D42B96E37C5C510C6A5C ] iaNvStor C:\Windows\system32\DRIVERS\iaNvStor.sys
15:43:44.0091 5292 iaNvStor - ok
15:43:44.0106 5292 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:43:44.0122 5292 iaStor - ok
15:43:44.0138 5292 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:43:44.0153 5292 iaStorV - ok
15:43:44.0153 5292 [ BF648877413F6160E480814A24942B65 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:43:44.0169 5292 IBMPMDRV - ok
15:43:44.0184 5292 [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
15:43:44.0184 5292 IBMPMSVC - ok
15:43:44.0247 5292 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:44.0278 5292 idsvc - ok
15:43:44.0450 5292 [ 1F50623259DF354776DF04C56504A2D7 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:43:44.0684 5292 igfx - ok
15:43:44.0699 5292 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:43:44.0699 5292 iirsp - ok
15:43:44.0730 5292 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:43:44.0777 5292 IKEEXT - ok
15:43:44.0793 5292 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:43:44.0793 5292 intelide - ok
15:43:44.0808 5292 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:43:44.0824 5292 intelppm - ok
15:43:44.0840 5292 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:43:44.0886 5292 IPBusEnum - ok
15:43:44.0886 5292 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:44.0933 5292 IpFilterDriver - ok
15:43:44.0949 5292 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:43:44.0964 5292 IPMIDRV - ok
15:43:44.0980 5292 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:43:45.0011 5292 IPNAT - ok
15:43:45.0027 5292 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:43:45.0089 5292 IRENUM - ok
15:43:45.0105 5292 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:43:45.0105 5292 isapnp - ok
15:43:45.0120 5292 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:43:45.0136 5292 iScsiPrt - ok
15:43:45.0152 5292 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:45.0167 5292 kbdclass - ok
15:43:45.0167 5292 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:45.0198 5292 kbdhid - ok
15:43:45.0198 5292 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:43:45.0214 5292 KeyIso - ok
15:43:45.0245 5292 [ EC97BE0D539597965BE5A8DABBD67BD9 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:43:45.0261 5292 KMWDFILTERx86 - ok
15:43:45.0339 5292 [ 37C4748910241C745FEA5A8D3059543C ] KMWDSERVICE C:\Program Files\Mouse Driver\KMWDSrv.exe
15:43:45.0417 5292 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
15:43:45.0417 5292 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
15:43:45.0417 5292 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:43:45.0432 5292 KSecDD - ok
15:43:45.0448 5292 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:43:45.0464 5292 KSecPkg - ok
15:43:45.0495 5292 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:43:45.0557 5292 KtmRm - ok
15:43:45.0573 5292 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:43:45.0604 5292 LanmanServer - ok
15:43:45.0604 5292 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:45.0635 5292 LanmanWorkstation - ok
15:43:45.0651 5292 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:43:45.0666 5292 LENOVO.MICMUTE - ok
15:43:45.0666 5292 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
15:43:45.0666 5292 lenovo.smi - ok
15:43:45.0682 5292 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
15:43:45.0682 5292 Lenovo.VIRTSCRLSVC - ok
15:43:45.0698 5292 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:43:45.0729 5292 lltdio - ok
15:43:45.0744 5292 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:43:45.0776 5292 lltdsvc - ok
15:43:45.0791 5292 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:43:45.0822 5292 lmhosts - ok
15:43:45.0854 5292 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:45.0854 5292 LSI_FC - ok
15:43:45.0869 5292 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:45.0885 5292 LSI_SAS - ok
15:43:45.0900 5292 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:45.0916 5292 LSI_SAS2 - ok
15:43:45.0932 5292 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:45.0947 5292 LSI_SCSI - ok
15:43:45.0947 5292 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:43:45.0978 5292 luafv - ok
15:43:46.0010 5292 [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
15:43:46.0025 5292 massfilter - ok
15:43:46.0041 5292 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:43:46.0056 5292 Mcx2Svc - ok
15:43:46.0072 5292 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:43:46.0088 5292 mdmxsdk - ok
15:43:46.0103 5292 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:43:46.0119 5292 megasas - ok
15:43:46.0150 5292 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:46.0166 5292 MegaSR - ok
15:43:46.0197 5292 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:43:46.0197 5292 Microsoft Office Groove Audit Service - ok
15:43:46.0212 5292 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:43:46.0244 5292 MMCSS - ok
15:43:46.0244 5292 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:43:46.0290 5292 Modem - ok
15:43:46.0290 5292 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:43:46.0306 5292 monitor - ok
15:43:46.0322 5292 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:43:46.0322 5292 mouclass - ok
15:43:46.0353 5292 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:43:46.0368 5292 mouhid - ok
15:43:46.0384 5292 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:43:46.0400 5292 mountmgr - ok
15:43:46.0446 5292 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:43:46.0446 5292 MozillaMaintenance - ok
15:43:46.0478 5292 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:43:46.0493 5292 mpio - ok
15:43:46.0524 5292 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:43:46.0571 5292 mpsdrv - ok
15:43:46.0602 5292 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:43:46.0618 5292 MRxDAV - ok
15:43:46.0634 5292 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:46.0665 5292 mrxsmb - ok
15:43:46.0680 5292 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:46.0712 5292 mrxsmb10 - ok
15:43:46.0727 5292 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:46.0743 5292 mrxsmb20 - ok
15:43:46.0743 5292 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:43:46.0758 5292 msahci - ok
15:43:46.0774 5292 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:43:46.0790 5292 msdsm - ok
15:43:46.0805 5292 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:43:46.0821 5292 MSDTC - ok
15:43:46.0836 5292 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:43:46.0852 5292 Msfs - ok
15:43:46.0868 5292 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:43:46.0914 5292 mshidkmdf - ok
15:43:46.0914 5292 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:43:46.0930 5292 msisadrv - ok
15:43:46.0946 5292 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:43:46.0977 5292 MSiSCSI - ok
15:43:46.0992 5292 msiserver - ok
15:43:47.0008 5292 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:43:47.0039 5292 MSKSSRV - ok
15:43:47.0055 5292 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:47.0086 5292 MSPCLOCK - ok
15:43:47.0086 5292 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:43:47.0133 5292 MSPQM - ok
15:43:47.0133 5292 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:43:47.0148 5292 MsRPC - ok
15:43:47.0164 5292 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:43:47.0180 5292 mssmbios - ok
15:43:47.0195 5292 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:43:47.0211 5292 MSTEE - ok
15:43:47.0226 5292 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:47.0242 5292 MTConfig - ok
15:43:47.0242 5292 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:43:47.0258 5292 Mup - ok
15:43:47.0273 5292 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:43:47.0320 5292 napagent - ok
15:43:47.0336 5292 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:43:47.0351 5292 NativeWifiP - ok
15:43:47.0382 5292 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:43:47.0414 5292 NDIS - ok
15:43:47.0476 5292 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:47.0507 5292 NdisCap - ok
15:43:47.0507 5292 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:47.0538 5292 NdisTapi - ok
15:43:47.0554 5292 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:47.0570 5292 Ndisuio - ok
15:43:47.0585 5292 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:47.0616 5292 NdisWan - ok
15:43:47.0616 5292 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:43:47.0648 5292 NDProxy - ok
15:43:47.0648 5292 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:43:47.0679 5292 NetBIOS - ok
15:43:47.0694 5292 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:43:47.0741 5292 NetBT - ok
15:43:47.0741 5292 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:43:47.0757 5292 Netlogon - ok
15:43:47.0772 5292 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:43:47.0804 5292 Netman - ok
15:43:47.0819 5292 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:43:47.0866 5292 netprofm - ok
15:43:47.0897 5292 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:47.0897 5292 NetTcpPortSharing - ok
15:43:48.0038 5292 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
15:43:48.0256 5292 netw5v32 - ok
15:43:48.0272 5292 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:48.0287 5292 nfrd960 - ok
15:43:48.0303 5292 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:43:48.0334 5292 NlaSvc - ok
15:43:48.0350 5292 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:43:48.0381 5292 Npfs - ok
15:43:48.0381 5292 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:43:48.0412 5292 nsi - ok
15:43:48.0412 5292 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:43:48.0443 5292 nsiproxy - ok
15:43:48.0490 5292 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:43:48.0537 5292 Ntfs - ok
15:43:48.0552 5292 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:43:48.0771 5292 Null - ok
15:43:48.0818 5292 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:43:48.0818 5292 nvraid - ok
15:43:48.0864 5292 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:43:48.0864 5292 nvstor - ok
15:43:48.0880 5292 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:43:48.0896 5292 nv_agp - ok
15:43:48.0927 5292 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:48.0942 5292 odserv - ok
15:43:48.0974 5292 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:43:49.0005 5292 ohci1394 - ok
15:43:49.0020 5292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:49.0036 5292 ose - ok
15:43:49.0067 5292 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:43:49.0098 5292 p2pimsvc - ok
15:43:49.0114 5292 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:43:49.0145 5292 p2psvc - ok
15:43:49.0145 5292 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:43:49.0176 5292 Parport - ok
15:43:49.0176 5292 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:43:49.0192 5292 partmgr - ok
15:43:49.0208 5292 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:43:49.0239 5292 Parvdm - ok
15:43:49.0254 5292 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:43:49.0270 5292 PcaSvc - ok
15:43:49.0270 5292 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:43:49.0286 5292 pci - ok
15:43:49.0317 5292 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:43:49.0317 5292 pciide - ok
15:43:49.0332 5292 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:49.0348 5292 pcmcia - ok
15:43:49.0364 5292 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:43:49.0364 5292 pcw - ok
15:43:49.0395 5292 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:43:49.0488 5292 PEAUTH - ok
15:43:49.0535 5292 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:43:49.0566 5292 PeerDistSvc - ok
15:43:49.0629 5292 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:43:49.0707 5292 pla - ok
15:43:49.0722 5292 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:43:49.0754 5292 PlugPlay - ok
15:43:49.0769 5292 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:43:49.0785 5292 PNRPAutoReg - ok
15:43:49.0816 5292 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:43:49.0832 5292 PNRPsvc - ok
15:43:49.0863 5292 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:43:49.0910 5292 PolicyAgent - ok
15:43:49.0910 5292 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:43:49.0941 5292 Power - ok
15:43:49.0972 5292 [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
15:43:49.0988 5292 Power Manager DBC Service - ok
15:43:49.0988 5292 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:43:50.0019 5292 PptpMiniport - ok
15:43:50.0050 5292 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:43:50.0066 5292 Processor - ok
15:43:50.0112 5292 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:43:50.0128 5292 ProfSvc - ok
15:43:50.0144 5292 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:50.0159 5292 ProtectedStorage - ok
15:43:50.0159 5292 [ 06F82545E04EBF113B1C2C1C9F766D81 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
15:43:50.0175 5292 psadd - ok
15:43:50.0175 5292 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:43:50.0206 5292 Psched - ok
15:43:50.0222 5292 [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
15:43:50.0237 5292 PwmEWSvc - ok
15:43:50.0300 5292 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:43:50.0378 5292 ql2300 - ok
15:43:50.0378 5292 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:50.0393 5292 ql40xx - ok
15:43:50.0409 5292 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:43:50.0440 5292 QWAVE - ok
15:43:50.0471 5292 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:43:50.0487 5292 QWAVEdrv - ok
15:43:50.0502 5292 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:43:50.0534 5292 RasAcd - ok
15:43:50.0534 5292 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:50.0580 5292 RasAgileVpn - ok
15:43:50.0596 5292 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:43:50.0612 5292 RasAuto - ok
15:43:50.0627 5292 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:50.0658 5292 Rasl2tp - ok
15:43:50.0690 5292 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:43:50.0721 5292 RasMan - ok
15:43:50.0721 5292 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:50.0752 5292 RasPppoe - ok
15:43:50.0752 5292 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:43:50.0799 5292 RasSstp - ok
15:43:50.0814 5292 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:43:50.0846 5292 rdbss - ok
15:43:50.0846 5292 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:50.0877 5292 rdpbus - ok
15:43:50.0877 5292 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:50.0924 5292 RDPCDD - ok
15:43:50.0955 5292 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:43:50.0970 5292 RDPDR - ok
15:43:50.0970 5292 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:43:51.0017 5292 RDPENCDD - ok
15:43:51.0017 5292 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:43:51.0064 5292 RDPREFMP - ok
15:43:51.0095 5292 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:43:51.0126 5292 RDPWD - ok
15:43:51.0126 5292 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:43:51.0158 5292 rdyboost - ok
15:43:51.0173 5292 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:43:51.0205 5292 RemoteAccess - ok
15:43:51.0220 5292 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:43:51.0251 5292 RemoteRegistry - ok
15:43:51.0267 5292 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:51.0283 5292 RFCOMM - ok
15:43:51.0298 5292 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:43:51.0329 5292 RpcEptMapper - ok
15:43:51.0345 5292 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:43:51.0376 5292 RpcLocator - ok
15:43:51.0392 5292 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:43:51.0423 5292 RpcSs - ok
15:43:51.0439 5292 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:43:51.0454 5292 rspndr - ok
15:43:51.0485 5292 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:43:51.0501 5292 s3cap - ok
15:43:51.0501 5292 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:43:51.0517 5292 SamSs - ok
15:43:51.0532 5292 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:43:51.0548 5292 sbp2port - ok
15:43:51.0563 5292 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:43:51.0595 5292 SCardSvr - ok
15:43:51.0610 5292 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:43:51.0641 5292 scfilter - ok
15:43:51.0673 5292 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:43:51.0735 5292 Schedule - ok
15:43:51.0766 5292 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:43:51.0782 5292 SCPolicySvc - ok
15:43:51.0782 5292 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:43:51.0813 5292 sdbus - ok
15:43:51.0829 5292 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:43:51.0860 5292 SDRSVC - ok
15:43:51.0860 5292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:43:51.0891 5292 secdrv - ok
15:43:51.0907 5292 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:43:51.0938 5292 seclogon - ok
15:43:51.0938 5292 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:43:51.0969 5292 SENS - ok
15:43:52.0000 5292 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:43:52.0000 5292 SensrSvc - ok
15:43:52.0016 5292 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:43:52.0047 5292 Serenum - ok
15:43:52.0063 5292 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:43:52.0078 5292 Serial - ok
15:43:52.0109 5292 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:43:52.0109 5292 sermouse - ok
15:43:52.0141 5292 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:43:52.0187 5292 SessionEnv - ok
15:43:52.0187 5292 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:52.0219 5292 sffdisk - ok
15:43:52.0234 5292 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:43:52.0265 5292 sffp_mmc - ok
15:43:52.0265 5292 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:52.0281 5292 sffp_sd - ok
15:43:52.0312 5292 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:52.0328 5292 sfloppy - ok
15:43:52.0359 5292 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:52.0390 5292 ShellHWDetection - ok
15:43:52.0406 5292 [ DF6A84DD19D3C0858D707B5E64938D60 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
15:43:52.0421 5292 Shockprf - ok
15:43:52.0453 5292 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:43:52.0453 5292 sisagp - ok
15:43:52.0499 5292 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:52.0499 5292 SiSRaid2 - ok
15:43:52.0515 5292 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:52.0531 5292 SiSRaid4 - ok
15:43:52.0546 5292 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:43:52.0577 5292 Smb - ok
15:43:52.0577 5292 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:43:52.0593 5292 smihlp - ok
15:43:52.0609 5292 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:43:52.0609 5292 SNMPTRAP - ok
15:43:52.0952 5292 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
15:43:53.0342 5292 SNPSTD3 - ok
15:43:53.0357 5292 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:43:53.0357 5292 spldr - ok
15:43:53.0389 5292 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
15:43:53.0420 5292 Spooler - ok
15:43:53.0732 5292 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:43:53.0857 5292 sppsvc - ok
15:43:53.0888 5292 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:43:53.0919 5292 sppuinotify - ok
15:43:53.0935 5292 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:43:53.0966 5292 srv - ok
15:43:53.0981 5292 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:43:54.0013 5292 srv2 - ok
15:43:54.0059 5292 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:43:54.0091 5292 SrvHsfHDA - ok
15:43:54.0122 5292 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:43:54.0184 5292 SrvHsfV92 - ok
15:43:54.0215 5292 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:43:54.0231 5292 SrvHsfWinac - ok
15:43:54.0247 5292 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:43:54.0262 5292 srvnet - ok
15:43:54.0293 5292 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:43:54.0325 5292 ssadbus - ok
15:43:54.0356 5292 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:43:54.0356 5292 ssadmdfl - ok
15:43:54.0387 5292 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:43:54.0403 5292 ssadmdm - ok
15:43:54.0418 5292 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
15:43:54.0434 5292 ssadserd - ok
15:43:54.0449 5292 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:43:54.0481 5292 SSDPSRV - ok
15:43:54.0481 5292 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:43:54.0496 5292 ssmdrv - ok
15:43:54.0512 5292 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:43:54.0527 5292 SstpSvc - ok
15:43:54.0574 5292 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:43:54.0574 5292 stexstor - ok
15:43:54.0605 5292 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:43:54.0637 5292 StiSvc - ok
15:43:54.0652 5292 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:43:54.0668 5292 storflt - ok
15:43:54.0683 5292 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
15:43:54.0683 5292 StorSvc - ok
15:43:54.0715 5292 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:43:54.0730 5292 storvsc - ok
15:43:54.0730 5292 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:43:54.0746 5292 swenum - ok
15:43:54.0761 5292 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:43:54.0793 5292 swprv - ok
15:43:54.0855 5292 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:43:54.0902 5292 SysMain - ok
15:43:54.0917 5292 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:54.0949 5292 TabletInputService - ok
15:43:54.0964 5292 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:43:54.0995 5292 TapiSrv - ok
15:43:54.0995 5292 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:43:55.0027 5292 TBS - ok
15:43:55.0073 5292 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:43:55.0136 5292 Tcpip - ok
15:43:55.0183 5292 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:43:55.0214 5292 TCPIP6 - ok
15:43:55.0214 5292 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:43:55.0245 5292 tcpipreg - ok
15:43:55.0307 5292 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:43:55.0339 5292 TDPIPE - ok
15:43:55.0354 5292 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:43:55.0370 5292 TDTCP - ok
15:43:55.0385 5292 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:43:55.0417 5292 tdx - ok
15:43:55.0495 5292 [ 0F0FEDEB1BEF118CF676B1E5BBB0FE9A ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
15:43:55.0541 5292 TeamViewer6 - ok
15:43:55.0635 5292 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:43:55.0682 5292 TeamViewer7 - ok
15:43:55.0682 5292 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:43:55.0697 5292 TermDD - ok
15:43:55.0760 5292 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:43:55.0822 5292 TermService - ok
15:43:55.0822 5292 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:43:55.0853 5292 Themes - ok
15:43:55.0869 5292 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:43:55.0885 5292 THREADORDER - ok
15:43:55.0900 5292 [ 1C950AE9C09904C229525F22EEFC15DB ] Tp4Track C:\Windows\system32\DRIVERS\tp4track.sys
15:43:55.0900 5292 Tp4Track - ok
15:43:55.0916 5292 [ 50B570E4209F6D401893720FC8DDCE46 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
15:43:55.0916 5292 TPDIGIMN - ok
15:43:55.0947 5292 [ 1F98A2433555DD854CB4E2EDC819DEB4 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
15:43:55.0947 5292 TPHDEXLGSVC - ok
15:43:55.0963 5292 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:43:55.0963 5292 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
15:43:55.0963 5292 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
15:43:55.0963 5292 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:43:55.0978 5292 TPHKSVC - ok
15:43:55.0978 5292 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
15:43:56.0009 5292 TPM - ok
15:43:56.0009 5292 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
15:43:56.0025 5292 TPPWRIF - ok
15:43:56.0025 5292 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:43:56.0056 5292 TrkWks - ok
15:43:56.0072 5292 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:56.0103 5292 TrustedInstaller - ok
15:43:56.0134 5292 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:56.0165 5292 tssecsrv - ok
15:43:56.0197 5292 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:43:56.0212 5292 TsUsbFlt - ok
15:43:56.0228 5292 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:43:56.0259 5292 tunnel - ok
15:43:56.0290 5292 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:43:56.0306 5292 uagp35 - ok
15:43:56.0337 5292 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:43:56.0368 5292 udfs - ok
15:43:56.0384 5292 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:43:56.0399 5292 UI0Detect - ok
15:43:56.0431 5292 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:43:56.0431 5292 uliagpkx - ok
15:43:56.0446 5292 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:43:56.0477 5292 umbus - ok
15:43:56.0493 5292 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:43:56.0509 5292 UmPass - ok
15:43:56.0509 5292 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:43:56.0540 5292 UmRdpService - ok
15:43:56.0571 5292 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:43:56.0618 5292 upnphost - ok
15:43:56.0633 5292 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:56.0649 5292 usbccgp - ok
15:43:56.0680 5292 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:43:56.0696 5292 usbcir - ok
15:43:56.0711 5292 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:43:56.0711 5292 usbehci - ok
15:43:56.0727 5292 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:43:56.0774 5292 usbhub - ok
15:43:56.0789 5292 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:43:56.0789 5292 usbohci - ok
15:43:56.0821 5292 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:43:56.0836 5292 usbprint - ok
15:43:56.0867 5292 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:43:56.0883 5292 usbscan - ok
15:43:56.0899 5292 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:56.0914 5292 USBSTOR - ok
15:43:56.0914 5292 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:56.0930 5292 usbuhci - ok
15:43:56.0930 5292 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:43:56.0977 5292 UxSms - ok
15:43:56.0977 5292 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:43:56.0992 5292 VaultSvc - ok
15:43:56.0992 5292 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:43:57.0008 5292 vdrvroot - ok
15:43:57.0039 5292 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:43:57.0101 5292 vds - ok
15:43:57.0133 5292 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:57.0148 5292 vga - ok
15:43:57.0148 5292 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:43:57.0179 5292 VgaSave - ok
15:43:57.0195 5292 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:43:57.0211 5292 vhdmp - ok
15:43:57.0226 5292 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:43:57.0242 5292 viaagp - ok
15:43:57.0242 5292 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:43:57.0257 5292 ViaC7 - ok
15:43:57.0289 5292 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:43:57.0304 5292 viaide - ok
15:43:57.0320 5292 [ F4C327CEA220C858E057FD82C6D803EA ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
15:43:57.0320 5292 VmbService ( UnsignedFile.Multi.Generic ) - warning
15:43:57.0320 5292 VmbService - detected UnsignedFile.Multi.Generic (1)
15:43:57.0335 5292 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:43:57.0351 5292 vmbus - ok
15:43:57.0351 5292 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:43:57.0367 5292 VMBusHID - ok
15:43:57.0367 5292 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:43:57.0382 5292 volmgr - ok
15:43:57.0398 5292 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:43:57.0429 5292 volmgrx - ok
15:43:57.0429 5292 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:43:57.0460 5292 volsnap - ok
15:43:57.0523 5292 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:57.0538 5292 vsmraid - ok
15:43:57.0585 5292 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:43:57.0647 5292 VSS - ok
15:43:57.0663 5292 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:43:57.0679 5292 vwifibus - ok
15:43:57.0710 5292 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:43:57.0741 5292 W32Time - ok
15:43:57.0772 5292 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:43:57.0803 5292 WacomPen - ok
15:43:57.0803 5292 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0819 5292 WANARP - ok
15:43:57.0835 5292 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0850 5292 Wanarpv6 - ok
15:43:57.0913 5292 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:43:57.0991 5292 WatAdminSvc - ok
15:43:58.0053 5292 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:43:58.0131 5292 wbengine - ok
15:43:58.0147 5292 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:43:58.0178 5292 WbioSrvc - ok
15:43:58.0209 5292 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:43:58.0225 5292 wcncsvc - ok
15:43:58.0240 5292 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:58.0271 5292 WcsPlugInService - ok
15:43:58.0287 5292 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:43:58.0303 5292 Wd - ok
15:43:58.0318 5292 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:43:58.0349 5292 Wdf01000 - ok
15:43:58.0349 5292 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:43:58.0381 5292 WdiServiceHost - ok
15:43:58.0381 5292 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:43:58.0396 5292 WdiSystemHost - ok
15:43:58.0412 5292 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:43:58.0443 5292 WebClient - ok
15:43:58.0459 5292 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:43:58.0490 5292 Wecsvc - ok
15:43:58.0505 5292 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:43:58.0537 5292 wercplsupport - ok
15:43:58.0537 5292 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:43:58.0568 5292 WerSvc - ok
15:43:58.0568 5292 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:58.0599 5292 WfpLwf - ok
15:43:58.0615 5292 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:43:58.0615 5292 WIMMount - ok
15:43:58.0646 5292 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:43:58.0677 5292 winachsf - ok
15:43:58.0693 5292 WinHttpAutoProxySvc - ok
15:43:58.0708 5292 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:43:58.0739 5292 Winmgmt - ok
15:43:58.0786 5292 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:43:58.0849 5292 WinRM - ok
15:43:58.0849 5292 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
15:43:58.0880 5292 WinUsb - ok
15:43:58.0911 5292 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:43:58.0973 5292 Wlansvc - ok
15:43:58.0989 5292 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:43:59.0005 5292 WmiAcpi - ok
15:43:59.0036 5292 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:43:59.0067 5292 wmiApSrv - ok
15:43:59.0114 5292 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:59.0161 5292 WMPNetworkSvc - ok
15:43:59.0176 5292 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:43:59.0207 5292 WPCSvc - ok
15:43:59.0207 5292 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:43:59.0239 5292 WPDBusEnum - ok
15:43:59.0254 5292 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:43:59.0285 5292 ws2ifsl - ok
15:43:59.0285 5292 WSearch - ok
15:43:59.0301 5292 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:43:59.0332 5292 WudfPf - ok
15:43:59.0332 5292 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:59.0363 5292 WUDFRd - ok
15:43:59.0363 5292 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:43:59.0395 5292 wudfsvc - ok
15:43:59.0441 5292 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:43:59.0473 5292 WwanSvc - ok
15:43:59.0473 5292 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:43:59.0488 5292 XAudio - ok
15:43:59.0504 5292 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:43:59.0519 5292 XAudioService - ok
15:43:59.0551 5292 [ 966756D861161FCC04D8051F210B942F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:43:59.0566 5292 ZTEusbmdm6k - ok
15:43:59.0582 5292 [ 966756D861161FCC04D8051F210B942F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:43:59.0597 5292 ZTEusbnmea - ok
15:43:59.0597 5292 [ 966756D861161FCC04D8051F210B942F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:43:59.0613 5292 ZTEusbser6k - ok
15:43:59.0629 5292 [ 966756D861161FCC04D8051F210B942F ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
15:43:59.0644 5292 ZTEusbvoice - ok
15:43:59.0644 5292 [ 6C26A5776A1913B5458B4BED50FAF47F ] ZTEusbwwan C:\Windows\system32\DRIVERS\ZTEusbwwan.sys
15:43:59.0675 5292 ZTEusbwwan - ok
15:43:59.0691 5292 ================ Scan global ===============================
15:43:59.0691 5292 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:43:59.0722 5292 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:43:59.0722 5292 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:43:59.0722 5292 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:43:59.0738 5292 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:43:59.0738 5292 [Global] - ok
15:43:59.0738 5292 ================ Scan MBR ==================================
15:43:59.0753 5292 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:44:00.0221 5292 \Device\Harddisk1\DR1 - ok
15:44:00.0221 5292 ================ Scan VBR ==================================
15:44:00.0221 5292 [ 65A437FA4C1C7030D9CE2870BC5CA583 ] \Device\Harddisk1\DR1\Partition1
15:44:00.0221 5292 \Device\Harddisk1\DR1\Partition1 - ok
15:44:00.0221 5292 ============================================================
15:44:00.0221 5292 Scan finished
15:44:00.0221 5292 ============================================================
15:44:00.0237 5308 Detected object count: 5
15:44:00.0237 5308 Actual detected object count: 5
15:44:26.0211 5308 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:44:26.0211 5308 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:26.0211 5308 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:26.0211 5308 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:26.0211 5308 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Lena |
|
| Themen zu Live Security Platinum - vollständig entfernen |
| application/pdf:, avg secure search, avg security toolbar, daten löschen, einstellung, entfernen, iexplore.exe, langs, plug-in, programm, registry, rogue.livesecurityplatinum, rootkit.0access, secure search, security, software, tracker, trojan.agent.vgenx, trojan.zaccess, vodafone, vollständig entfernen, vtoolbarupdater |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
