| |
| |||||||
Log-Analyse und Auswertung: Pop-up unten rechtsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.08.2012, 16:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Pop-up unten rechts Das Log ist ziemlich unauffällig. Ist das Werbepopup noch da? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2012, 10:13
| #17 |
 | Pop-up unten rechts Also, das Popup ist noch da und die nervige Umleitung von Links ist auch noch aktiv.
__________________anbei das Log Code:
ATTFilter 11:05:37.0933 1720 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:05:38.0011 1720 ============================================================
11:05:38.0011 1720 Current date / time: 2012/09/03 11:05:38.0011
11:05:38.0011 1720 SystemInfo:
11:05:38.0011 1720
11:05:38.0011 1720 OS Version: 6.1.7601 ServicePack: 1.0
11:05:38.0011 1720 Product type: Workstation
11:05:38.0011 1720 ComputerName: JOACHIM-THINK
11:05:38.0011 1720 UserName: Joachim
11:05:38.0011 1720 Windows directory: C:\Windows
11:05:38.0011 1720 System windows directory: C:\Windows
11:05:38.0011 1720 Running under WOW64
11:05:38.0011 1720 Processor architecture: Intel x64
11:05:38.0011 1720 Number of processors: 2
11:05:38.0011 1720 Page size: 0x1000
11:05:38.0011 1720 Boot type: Normal boot
11:05:38.0011 1720 ============================================================
11:05:39.0213 1720 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:05:39.0228 1720 ============================================================
11:05:39.0228 1720 \Device\Harddisk0\DR0:
11:05:39.0228 1720 MBR partitions:
11:05:39.0228 1720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCF7800, BlocksNum 0x11D21800
11:05:39.0228 1720 ============================================================
11:05:39.0259 1720 C: <-> \Device\Harddisk0\DR0\Partition1
11:05:39.0259 1720 ============================================================
11:05:39.0259 1720 Initialize success
11:05:39.0259 1720 ============================================================
11:07:55.0914 5592 ============================================================
11:07:55.0914 5592 Scan started
11:07:55.0914 5592 Mode: Manual; SigCheck; TDLFS;
11:07:55.0914 5592 ============================================================
11:07:57.0365 5592 ================ Scan system memory ========================
11:07:57.0365 5592 System memory - ok
11:07:57.0365 5592 ================ Scan services =============================
11:07:57.0537 5592 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:07:57.0677 5592 1394ohci - ok
11:07:57.0693 5592 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:07:57.0708 5592 ACPI - ok
11:07:57.0724 5592 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:07:57.0786 5592 AcpiPmi - ok
11:07:57.0849 5592 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
11:07:57.0880 5592 AcPrfMgrSvc - ok
11:07:57.0895 5592 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
11:07:57.0911 5592 AcSvc - ok
11:07:57.0989 5592 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:07:58.0020 5592 AdobeARMservice - ok
11:07:58.0051 5592 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:07:58.0083 5592 adp94xx - ok
11:07:58.0129 5592 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:07:58.0176 5592 adpahci - ok
11:07:58.0192 5592 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:07:58.0192 5592 adpu320 - ok
11:07:58.0223 5592 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:07:58.0410 5592 AeLookupSvc - ok
11:07:58.0441 5592 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:07:58.0504 5592 AFD - ok
11:07:58.0551 5592 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:07:58.0582 5592 agp440 - ok
11:07:58.0597 5592 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:07:58.0675 5592 ALG - ok
11:07:58.0691 5592 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:07:58.0691 5592 aliide - ok
11:07:58.0753 5592 [ 0B387CBB0C445893EA4907DF6312D367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:07:58.0847 5592 AMD External Events Utility - ok
11:07:58.0863 5592 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:07:58.0878 5592 amdide - ok
11:07:58.0894 5592 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:07:58.0956 5592 AmdK8 - ok
11:07:59.0143 5592 [ 393D90B57B1FA56CAF4E6CCC7A55B069 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:07:59.0362 5592 amdkmdag - ok
11:07:59.0377 5592 [ 62171B584A80E74FFF16A55BF95DD4C6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:07:59.0424 5592 amdkmdap - ok
11:07:59.0455 5592 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:07:59.0487 5592 AmdPPM - ok
11:07:59.0533 5592 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:07:59.0549 5592 amdsata - ok
11:07:59.0565 5592 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:07:59.0580 5592 amdsbs - ok
11:07:59.0596 5592 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:07:59.0611 5592 amdxata - ok
11:07:59.0643 5592 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:07:59.0814 5592 AppID - ok
11:07:59.0830 5592 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:07:59.0923 5592 AppIDSvc - ok
11:07:59.0955 5592 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:08:00.0001 5592 Appinfo - ok
11:08:00.0048 5592 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:08:00.0079 5592 AppMgmt - ok
11:08:00.0111 5592 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:08:00.0126 5592 arc - ok
11:08:00.0126 5592 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:08:00.0142 5592 arcsas - ok
11:08:00.0173 5592 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:08:00.0220 5592 AsyncMac - ok
11:08:00.0235 5592 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:08:00.0251 5592 atapi - ok
11:08:00.0454 5592 [ 393D90B57B1FA56CAF4E6CCC7A55B069 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:08:00.0547 5592 atikmdag - ok
11:08:00.0610 5592 [ 17B8D955BE11B001456C47C5CFAB1054 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
11:08:00.0688 5592 ATSwpWDF - ok
11:08:00.0719 5592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:08:00.0859 5592 AudioEndpointBuilder - ok
11:08:00.0922 5592 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:08:00.0969 5592 AudioSrv - ok
11:08:00.0984 5592 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:08:01.0093 5592 AxInstSV - ok
11:08:01.0140 5592 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:08:01.0218 5592 b06bdrv - ok
11:08:01.0249 5592 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:08:01.0281 5592 b57nd60a - ok
11:08:01.0312 5592 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:08:01.0359 5592 BDESVC - ok
11:08:01.0390 5592 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:08:01.0437 5592 Beep - ok
11:08:01.0483 5592 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:08:01.0546 5592 BFE - ok
11:08:01.0577 5592 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:08:01.0686 5592 BITS - ok
11:08:01.0717 5592 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:08:01.0749 5592 blbdrive - ok
11:08:01.0749 5592 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:08:01.0795 5592 bowser - ok
11:08:01.0827 5592 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:08:01.0858 5592 BrFiltLo - ok
11:08:01.0858 5592 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:08:01.0889 5592 BrFiltUp - ok
11:08:01.0920 5592 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:08:01.0936 5592 Browser - ok
11:08:01.0967 5592 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:08:01.0998 5592 Brserid - ok
11:08:02.0014 5592 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:08:02.0029 5592 BrSerWdm - ok
11:08:02.0045 5592 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:08:02.0061 5592 BrUsbMdm - ok
11:08:02.0061 5592 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:08:02.0076 5592 BrUsbSer - ok
11:08:02.0123 5592 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:08:02.0170 5592 BthEnum - ok
11:08:02.0185 5592 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:08:02.0217 5592 BTHMODEM - ok
11:08:02.0232 5592 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:08:02.0263 5592 BthPan - ok
11:08:02.0279 5592 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:08:02.0326 5592 BTHPORT - ok
11:08:02.0341 5592 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:08:02.0388 5592 bthserv - ok
11:08:02.0404 5592 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:08:02.0435 5592 BTHUSB - ok
11:08:02.0451 5592 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
11:08:02.0466 5592 btusbflt - ok
11:08:02.0482 5592 [ A72A9101F9730DB7332714E566614E4D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:08:02.0497 5592 btwaudio - ok
11:08:02.0513 5592 [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:08:02.0544 5592 btwavdt - ok
11:08:02.0638 5592 [ FFE8C1C3ABBF75CE4E74E9A0942DAE7D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
11:08:02.0685 5592 btwdins - ok
11:08:02.0716 5592 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:08:02.0716 5592 btwl2cap - ok
11:08:02.0731 5592 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:08:02.0731 5592 btwrchid - ok
11:08:02.0763 5592 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:08:02.0794 5592 CAXHWAZL - ok
11:08:02.0809 5592 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:08:02.0856 5592 cdfs - ok
11:08:02.0887 5592 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:08:02.0903 5592 cdrom - ok
11:08:02.0934 5592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:08:02.0997 5592 CertPropSvc - ok
11:08:03.0028 5592 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:08:03.0043 5592 circlass - ok
11:08:03.0075 5592 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:08:03.0090 5592 CLFS - ok
11:08:03.0137 5592 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:08:03.0168 5592 clr_optimization_v2.0.50727_32 - ok
11:08:03.0215 5592 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:08:03.0246 5592 clr_optimization_v2.0.50727_64 - ok
11:08:03.0309 5592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:08:03.0340 5592 clr_optimization_v4.0.30319_32 - ok
11:08:03.0387 5592 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:08:03.0402 5592 clr_optimization_v4.0.30319_64 - ok
11:08:03.0433 5592 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:08:03.0465 5592 CmBatt - ok
11:08:03.0496 5592 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:08:03.0496 5592 cmdide - ok
11:08:03.0543 5592 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:08:03.0589 5592 CNG - ok
11:08:03.0621 5592 [ D3C4F72E8F8DC523B02A0C313CEEEA99 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
11:08:03.0667 5592 CnxtHdAudService - ok
11:08:03.0699 5592 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:08:03.0714 5592 Compbatt - ok
11:08:03.0714 5592 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:08:03.0777 5592 CompositeBus - ok
11:08:03.0792 5592 COMSysApp - ok
11:08:03.0823 5592 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:08:03.0839 5592 crcdisk - ok
11:08:03.0901 5592 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:08:03.0933 5592 CryptSvc - ok
11:08:03.0948 5592 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:08:04.0026 5592 CSC - ok
11:08:04.0057 5592 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:08:04.0104 5592 CscService - ok
11:08:04.0151 5592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:08:04.0229 5592 DcomLaunch - ok
11:08:04.0260 5592 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:08:04.0307 5592 defragsvc - ok
11:08:04.0323 5592 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:08:04.0369 5592 DfsC - ok
11:08:04.0401 5592 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:08:04.0463 5592 Dhcp - ok
11:08:04.0479 5592 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:08:04.0541 5592 discache - ok
11:08:04.0572 5592 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:08:04.0572 5592 Disk - ok
11:08:04.0603 5592 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:08:04.0666 5592 dmvsc - ok
11:08:04.0681 5592 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:08:04.0728 5592 Dnscache - ok
11:08:04.0744 5592 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:08:04.0806 5592 dot3svc - ok
11:08:04.0853 5592 [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
11:08:04.0900 5592 DozeSvc - ok
11:08:04.0915 5592 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:08:04.0962 5592 DPS - ok
11:08:04.0993 5592 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:08:05.0040 5592 drmkaud - ok
11:08:05.0071 5592 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:08:05.0103 5592 DXGKrnl - ok
11:08:05.0134 5592 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
11:08:05.0149 5592 DzHDD64 - ok
11:08:05.0165 5592 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
11:08:05.0181 5592 e1yexpress - ok
11:08:05.0196 5592 [ 24BC0EC911009700CAA38A8867A0F22A ] e36gbus C:\Windows\system32\drivers\e36gbus.sys
11:08:05.0212 5592 e36gbus - ok
11:08:05.0243 5592 [ EB82C999E14C74D07133521CA37AA5C3 ] e36gmgmt C:\Windows\system32\drivers\e36gmgmt.sys
11:08:05.0259 5592 e36gmgmt - ok
11:08:05.0290 5592 [ 7B2260B796D5DE34EDE7AE483005FCBB ] e36wgps C:\Windows\system32\drivers\e36wgps64.sys
11:08:05.0321 5592 e36wgps - ok
11:08:05.0368 5592 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:08:05.0430 5592 EapHost - ok
11:08:05.0524 5592 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:08:05.0617 5592 ebdrv - ok
11:08:05.0633 5592 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
11:08:05.0649 5592 ecnssndis - ok
11:08:05.0649 5592 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
11:08:05.0664 5592 ecnssndisfltr - ok
11:08:05.0695 5592 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:08:05.0742 5592 EFS - ok
11:08:05.0805 5592 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:08:05.0883 5592 ehRecvr - ok
11:08:05.0898 5592 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:08:05.0929 5592 ehSched - ok
11:08:06.0007 5592 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:08:06.0039 5592 elxstor - ok
11:08:06.0054 5592 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:08:06.0085 5592 ErrDev - ok
11:08:06.0117 5592 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:08:06.0179 5592 EventSystem - ok
11:08:06.0273 5592 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:08:06.0335 5592 EvtEng - ok
11:08:06.0366 5592 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:08:06.0429 5592 exfat - ok
11:08:06.0444 5592 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:08:06.0491 5592 fastfat - ok
11:08:06.0522 5592 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:08:06.0585 5592 Fax - ok
11:08:06.0616 5592 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:08:06.0663 5592 fdc - ok
11:08:06.0678 5592 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:08:06.0772 5592 fdPHost - ok
11:08:06.0772 5592 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:08:06.0819 5592 FDResPub - ok
11:08:06.0834 5592 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:08:06.0850 5592 FileInfo - ok
11:08:06.0865 5592 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:08:06.0912 5592 Filetrace - ok
11:08:06.0912 5592 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:08:06.0928 5592 flpydisk - ok
11:08:06.0943 5592 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:08:06.0959 5592 FltMgr - ok
11:08:06.0990 5592 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:08:07.0053 5592 FontCache - ok
11:08:07.0099 5592 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:08:07.0131 5592 FontCache3.0.0.0 - ok
11:08:07.0146 5592 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:08:07.0162 5592 FsDepends - ok
11:08:07.0193 5592 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:08:07.0209 5592 Fs_Rec - ok
11:08:07.0240 5592 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:08:07.0255 5592 fvevol - ok
11:08:07.0271 5592 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:08:07.0287 5592 gagp30kx - ok
11:08:07.0333 5592 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:08:07.0380 5592 gpsvc - ok
11:08:07.0411 5592 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:08:07.0458 5592 hcw85cir - ok
11:08:07.0474 5592 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:08:07.0521 5592 HdAudAddService - ok
11:08:07.0552 5592 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:08:07.0567 5592 HDAudBus - ok
11:08:07.0583 5592 [ 15C9789470B8855AC2F54FDF96802D13 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:08:07.0599 5592 HECIx64 - ok
11:08:07.0599 5592 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:08:07.0630 5592 HidBatt - ok
11:08:07.0645 5592 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:08:07.0661 5592 HidBth - ok
11:08:07.0677 5592 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:08:07.0677 5592 HidIr - ok
11:08:07.0723 5592 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:08:07.0786 5592 hidserv - ok
11:08:07.0801 5592 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:08:07.0817 5592 HidUsb - ok
11:08:07.0833 5592 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:08:07.0926 5592 hkmsvc - ok
11:08:07.0942 5592 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:08:08.0004 5592 HomeGroupListener - ok
11:08:08.0035 5592 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:08:08.0067 5592 HomeGroupProvider - ok
11:08:08.0082 5592 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:08:08.0113 5592 HpSAMD - ok
11:08:08.0207 5592 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
11:08:08.0269 5592 HsfXAudioService - ok
11:08:08.0316 5592 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:08:08.0394 5592 HSF_DPV - ok
11:08:08.0441 5592 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:08:08.0488 5592 HTTP - ok
11:08:08.0503 5592 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:08:08.0519 5592 hwpolicy - ok
11:08:08.0535 5592 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:08:08.0550 5592 i8042prt - ok
11:08:08.0597 5592 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:08:08.0613 5592 iaStorV - ok
11:08:08.0644 5592 [ 2151176DB657AEFF9B873D23380C3F5B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:08:08.0644 5592 IBMPMDRV - ok
11:08:08.0659 5592 [ C76A67AED080538D420550C903696788 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
11:08:08.0659 5592 IBMPMSVC - ok
11:08:08.0737 5592 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:08:08.0753 5592 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:08:08.0753 5592 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:08:08.0831 5592 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:08:08.0878 5592 idsvc - ok
11:08:09.0127 5592 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:08:09.0393 5592 igfx - ok
11:08:09.0439 5592 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:08:09.0439 5592 iirsp - ok
11:08:09.0471 5592 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:08:09.0533 5592 IKEEXT - ok
11:08:09.0564 5592 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:08:09.0564 5592 intelide - ok
11:08:09.0798 5592 [ 677AA5991026A65ADA128C4B59CF2BAD ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
11:08:10.0063 5592 intelkmd - ok
11:08:10.0095 5592 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:08:10.0110 5592 intelppm - ok
11:08:10.0141 5592 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:08:10.0173 5592 IPBusEnum - ok
11:08:10.0188 5592 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:08:10.0219 5592 IpFilterDriver - ok
11:08:10.0251 5592 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:08:10.0297 5592 iphlpsvc - ok
11:08:10.0313 5592 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:08:10.0329 5592 IPMIDRV - ok
11:08:10.0329 5592 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:08:10.0360 5592 IPNAT - ok
11:08:10.0391 5592 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:08:10.0438 5592 IRENUM - ok
11:08:10.0453 5592 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:08:10.0453 5592 isapnp - ok
11:08:10.0485 5592 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:08:10.0500 5592 iScsiPrt - ok
11:08:10.0516 5592 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:08:10.0531 5592 kbdclass - ok
11:08:10.0563 5592 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:08:10.0578 5592 kbdhid - ok
11:08:10.0594 5592 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:08:10.0609 5592 KeyIso - ok
11:08:10.0625 5592 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:08:10.0641 5592 KSecDD - ok
11:08:10.0656 5592 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:08:10.0672 5592 KSecPkg - ok
11:08:10.0687 5592 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:08:10.0719 5592 ksthunk - ok
11:08:10.0765 5592 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:08:10.0828 5592 KtmRm - ok
11:08:10.0875 5592 [ 0FEF994D890C92D8F23442BC52D4FEA9 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys
11:08:10.0906 5592 l36wgps - ok
11:08:10.0937 5592 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:08:10.0984 5592 LanmanServer - ok
11:08:11.0031 5592 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:08:11.0077 5592 LanmanWorkstation - ok
11:08:11.0109 5592 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
11:08:11.0124 5592 LENOVO.CAMMUTE - ok
11:08:11.0140 5592 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:08:11.0155 5592 LENOVO.MICMUTE - ok
11:08:11.0171 5592 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
11:08:11.0187 5592 lenovo.smi - ok
11:08:11.0187 5592 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
11:08:11.0202 5592 LENOVO.TPKNRSVC - ok
11:08:11.0218 5592 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:08:11.0233 5592 Lenovo.VIRTSCRLSVC - ok
11:08:11.0265 5592 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:08:11.0327 5592 lltdio - ok
11:08:11.0374 5592 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:08:11.0452 5592 lltdsvc - ok
11:08:11.0467 5592 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:08:11.0514 5592 lmhosts - ok
11:08:11.0545 5592 [ 7F697D6EB3E47FBC7757229DAEE406B4 ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
11:08:11.0577 5592 LMS - ok
11:08:11.0608 5592 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:08:11.0623 5592 LSI_FC - ok
11:08:11.0623 5592 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:08:11.0639 5592 LSI_SAS - ok
11:08:11.0655 5592 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:08:11.0670 5592 LSI_SAS2 - ok
11:08:11.0670 5592 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:08:11.0686 5592 LSI_SCSI - ok
11:08:11.0701 5592 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:08:11.0748 5592 luafv - ok
11:08:11.0779 5592 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:08:11.0811 5592 MBAMProtector - ok
11:08:11.0842 5592 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:08:11.0873 5592 MBAMService - ok
11:08:11.0935 5592 [ 0845DA0BFF1AF5C57DE4DD97ACAF2FCD ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
11:08:11.0967 5592 Mbm3CBus - ok
11:08:11.0982 5592 [ DB6FA599AA79324E287C4EAF6020DA37 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
11:08:12.0013 5592 Mbm3DevMt - ok
11:08:12.0013 5592 [ 2F71EDB697752D409B9983F0E1D88F70 ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
11:08:12.0029 5592 Mbm3mdfl - ok
11:08:12.0045 5592 [ 21B412A36DE3CCFE4E13383B88CFC90C ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
11:08:12.0076 5592 Mbm3Mdm - ok
11:08:12.0091 5592 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:08:12.0123 5592 Mcx2Svc - ok
11:08:12.0138 5592 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:08:12.0154 5592 mdmxsdk - ok
11:08:12.0185 5592 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:08:12.0185 5592 megasas - ok
11:08:12.0201 5592 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:08:12.0216 5592 MegaSR - ok
11:08:12.0232 5592 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:08:12.0279 5592 MMCSS - ok
11:08:12.0294 5592 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:08:12.0325 5592 Modem - ok
11:08:12.0357 5592 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:08:12.0388 5592 monitor - ok
11:08:12.0403 5592 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:08:12.0419 5592 mouclass - ok
11:08:12.0419 5592 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:08:12.0435 5592 mouhid - ok
11:08:12.0450 5592 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:08:12.0450 5592 mountmgr - ok
11:08:12.0513 5592 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:08:12.0544 5592 MpFilter - ok
11:08:12.0559 5592 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:08:12.0575 5592 mpio - ok
11:08:12.0591 5592 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:08:12.0622 5592 mpsdrv - ok
11:08:12.0653 5592 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:08:12.0747 5592 MpsSvc - ok
11:08:12.0747 5592 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:08:12.0778 5592 MRxDAV - ok
11:08:12.0793 5592 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:08:12.0856 5592 mrxsmb - ok
11:08:12.0871 5592 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:08:12.0887 5592 mrxsmb10 - ok
11:08:12.0903 5592 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:08:12.0918 5592 mrxsmb20 - ok
11:08:12.0934 5592 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:08:12.0949 5592 msahci - ok
11:08:12.0965 5592 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:08:12.0981 5592 msdsm - ok
11:08:13.0012 5592 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:08:13.0043 5592 MSDTC - ok
11:08:13.0074 5592 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:08:13.0121 5592 Msfs - ok
11:08:13.0137 5592 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:08:13.0168 5592 mshidkmdf - ok
11:08:13.0168 5592 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:08:13.0183 5592 msisadrv - ok
11:08:13.0215 5592 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:08:13.0261 5592 MSiSCSI - ok
11:08:13.0261 5592 msiserver - ok
11:08:13.0293 5592 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:08:13.0324 5592 MSKSSRV - ok
11:08:13.0371 5592 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:08:13.0386 5592 MsMpSvc - ok
11:08:13.0402 5592 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:08:13.0449 5592 MSPCLOCK - ok
11:08:13.0480 5592 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:08:13.0542 5592 MSPQM - ok
11:08:13.0573 5592 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:08:13.0605 5592 MsRPC - ok
11:08:13.0620 5592 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:08:13.0620 5592 mssmbios - ok
11:08:13.0636 5592 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:08:13.0683 5592 MSTEE - ok
11:08:13.0683 5592 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:08:13.0714 5592 MTConfig - ok
11:08:13.0714 5592 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:08:13.0729 5592 Mup - ok
11:08:13.0761 5592 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:08:13.0839 5592 napagent - ok
11:08:13.0885 5592 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:08:13.0948 5592 NativeWifiP - ok
11:08:13.0979 5592 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:08:14.0010 5592 NDIS - ok
11:08:14.0026 5592 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:08:14.0057 5592 NdisCap - ok
11:08:14.0088 5592 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:08:14.0135 5592 NdisTapi - ok
11:08:14.0135 5592 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:08:14.0166 5592 Ndisuio - ok
11:08:14.0166 5592 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:08:14.0213 5592 NdisWan - ok
11:08:14.0229 5592 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:08:14.0275 5592 NDProxy - ok
11:08:14.0291 5592 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:08:14.0338 5592 NetBIOS - ok
11:08:14.0353 5592 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:08:14.0400 5592 NetBT - ok
11:08:14.0416 5592 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:08:14.0431 5592 Netlogon - ok
11:08:14.0478 5592 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:08:14.0525 5592 Netman - ok
11:08:14.0556 5592 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:08:14.0603 5592 netprofm - ok
11:08:14.0634 5592 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:08:14.0634 5592 NetTcpPortSharing - ok
11:08:14.0790 5592 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
11:08:14.0915 5592 netw5v64 - ok
11:08:15.0133 5592 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
11:08:15.0383 5592 NETwNs64 - ok
11:08:15.0414 5592 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:08:15.0414 5592 nfrd960 - ok
11:08:15.0461 5592 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:08:15.0461 5592 NisDrv - ok
11:08:15.0508 5592 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:08:15.0539 5592 NisSrv - ok
11:08:15.0570 5592 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:08:15.0633 5592 NlaSvc - ok
11:08:15.0664 5592 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:08:15.0695 5592 Npfs - ok
11:08:15.0726 5592 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:08:15.0773 5592 nsi - ok
11:08:15.0789 5592 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:08:15.0835 5592 nsiproxy - ok
11:08:15.0898 5592 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:08:15.0976 5592 Ntfs - ok
11:08:15.0991 5592 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:08:16.0038 5592 Null - ok
11:08:16.0054 5592 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:08:16.0069 5592 nvraid - ok
11:08:16.0101 5592 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:08:16.0116 5592 nvstor - ok
11:08:16.0132 5592 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:08:16.0147 5592 nv_agp - ok
11:08:16.0241 5592 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:08:16.0272 5592 odserv - ok
11:08:16.0272 5592 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:08:16.0303 5592 ohci1394 - ok
11:08:16.0335 5592 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:08:16.0350 5592 ose - ok
11:08:16.0381 5592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:08:16.0428 5592 p2pimsvc - ok
11:08:16.0444 5592 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:08:16.0475 5592 p2psvc - ok
11:08:16.0491 5592 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:08:16.0506 5592 Parport - ok
11:08:16.0537 5592 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:08:16.0553 5592 partmgr - ok
11:08:16.0553 5592 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:08:16.0584 5592 PcaSvc - ok
11:08:16.0662 5592 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
11:08:16.0693 5592 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
11:08:16.0709 5592 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:08:16.0725 5592 pci - ok
11:08:16.0740 5592 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:08:16.0740 5592 pciide - ok
11:08:16.0756 5592 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:08:16.0771 5592 pcmcia - ok
11:08:16.0771 5592 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:08:16.0787 5592 pcw - ok
11:08:16.0803 5592 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:08:16.0865 5592 PEAUTH - ok
11:08:16.0912 5592 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:08:16.0974 5592 PeerDistSvc - ok
11:08:16.0990 5592 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:08:17.0021 5592 PerfHost - ok
11:08:17.0052 5592 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:08:17.0115 5592 pla - ok
11:08:17.0146 5592 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:08:17.0193 5592 PlugPlay - ok
11:08:17.0208 5592 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:08:17.0239 5592 PNRPAutoReg - ok
11:08:17.0255 5592 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:08:17.0271 5592 PNRPsvc - ok
11:08:17.0317 5592 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:08:17.0380 5592 PolicyAgent - ok
11:08:17.0411 5592 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:08:17.0458 5592 Power - ok
11:08:17.0520 5592 [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:08:17.0551 5592 Power Manager DBC Service - ok
11:08:17.0583 5592 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:08:17.0645 5592 PptpMiniport - ok
11:08:17.0645 5592 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:08:17.0661 5592 Processor - ok
11:08:17.0692 5592 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:08:17.0739 5592 ProfSvc - ok
11:08:17.0754 5592 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:08:17.0770 5592 ProtectedStorage - ok
11:08:17.0801 5592 [ C2C5F5D150605FD14FA2ABDE88DB2020 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
11:08:17.0817 5592 psadd - ok
11:08:17.0832 5592 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:08:17.0895 5592 Psched - ok
11:08:17.0926 5592 [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
11:08:17.0941 5592 PwmEWSvc - ok
11:08:18.0019 5592 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:08:18.0082 5592 ql2300 - ok
11:08:18.0097 5592 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:08:18.0097 5592 ql40xx - ok
11:08:18.0129 5592 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:08:18.0160 5592 QWAVE - ok
11:08:18.0175 5592 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:08:18.0191 5592 QWAVEdrv - ok
11:08:18.0207 5592 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:08:18.0253 5592 RasAcd - ok
11:08:18.0269 5592 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:08:18.0347 5592 RasAgileVpn - ok
11:08:18.0363 5592 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:08:18.0409 5592 RasAuto - ok
11:08:18.0425 5592 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:08:18.0472 5592 Rasl2tp - ok
11:08:18.0487 5592 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:08:18.0534 5592 RasMan - ok
11:08:18.0534 5592 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:08:18.0581 5592 RasPppoe - ok
11:08:18.0597 5592 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:08:18.0643 5592 RasSstp - ok
11:08:18.0659 5592 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:08:18.0706 5592 rdbss - ok
11:08:18.0737 5592 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:08:18.0784 5592 rdpbus - ok
11:08:18.0799 5592 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:08:18.0877 5592 RDPCDD - ok
11:08:18.0893 5592 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:08:18.0924 5592 RDPDR - ok
11:08:18.0940 5592 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:08:18.0987 5592 RDPENCDD - ok
11:08:19.0002 5592 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:08:19.0033 5592 RDPREFMP - ok
11:08:19.0080 5592 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:08:19.0143 5592 RDPWD - ok
11:08:19.0158 5592 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:08:19.0174 5592 rdyboost - ok
11:08:19.0267 5592 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:08:19.0299 5592 RegSrvc - ok
11:08:19.0330 5592 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:08:19.0361 5592 RemoteAccess - ok
11:08:19.0392 5592 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:08:19.0439 5592 RemoteRegistry - ok
11:08:19.0470 5592 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:08:19.0501 5592 RFCOMM - ok
11:08:19.0533 5592 [ F45D6E12EB99A668F52201637C67C8F5 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
11:08:19.0579 5592 rimmptsk - ok
11:08:19.0595 5592 [ EAC02ED935A9C1F2DDD8D985C465B854 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
11:08:19.0657 5592 rimsptsk - ok
11:08:19.0657 5592 [ 931A8F843B4120DF527C3684DAF77FD9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
11:08:19.0704 5592 rismxdp - ok
11:08:19.0720 5592 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:08:19.0782 5592 RpcEptMapper - ok
11:08:19.0813 5592 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:08:19.0829 5592 RpcLocator - ok
11:08:19.0845 5592 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:08:19.0891 5592 RpcSs - ok
11:08:19.0923 5592 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:08:19.0969 5592 rspndr - ok
11:08:19.0969 5592 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:08:20.0001 5592 s3cap - ok
11:08:20.0016 5592 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:08:20.0032 5592 SamSs - ok
11:08:20.0032 5592 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:08:20.0047 5592 sbp2port - ok
11:08:20.0079 5592 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:08:20.0125 5592 SCardSvr - ok
11:08:20.0141 5592 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:08:20.0188 5592 scfilter - ok
11:08:20.0219 5592 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:08:20.0266 5592 Schedule - ok
11:08:20.0297 5592 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:08:20.0328 5592 SCPolicySvc - ok
11:08:20.0359 5592 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:08:20.0406 5592 sdbus - ok
11:08:20.0437 5592 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:08:20.0469 5592 SDRSVC - ok
11:08:20.0500 5592 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:08:20.0562 5592 secdrv - ok
11:08:20.0562 5592 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:08:20.0609 5592 seclogon - ok
11:08:20.0625 5592 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:08:20.0671 5592 SENS - ok
11:08:20.0671 5592 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:08:20.0718 5592 SensrSvc - ok
11:08:20.0734 5592 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:08:20.0765 5592 Serenum - ok
11:08:20.0781 5592 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:08:20.0812 5592 Serial - ok
11:08:20.0827 5592 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:08:20.0859 5592 sermouse - ok
11:08:20.0890 5592 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:08:20.0937 5592 SessionEnv - ok
11:08:20.0937 5592 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:08:20.0952 5592 sffdisk - ok
11:08:20.0952 5592 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:08:20.0968 5592 sffp_mmc - ok
11:08:20.0968 5592 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:08:20.0999 5592 sffp_sd - ok
11:08:20.0999 5592 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:08:21.0015 5592 sfloppy - ok
11:08:21.0030 5592 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:08:21.0093 5592 SharedAccess - ok
11:08:21.0108 5592 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:08:21.0155 5592 ShellHWDetection - ok
11:08:21.0202 5592 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
11:08:21.0217 5592 Shockprf - ok
11:08:21.0233 5592 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:08:21.0249 5592 SiSRaid2 - ok
11:08:21.0249 5592 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:08:21.0264 5592 SiSRaid4 - ok
11:08:21.0280 5592 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:08:21.0327 5592 Smb - ok
11:08:21.0373 5592 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:08:21.0420 5592 SNMPTRAP - ok
11:08:21.0545 5592 [ 3BCD7556F3222221C31B1577B5527ED7 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
11:08:21.0639 5592 SNP2UVC - ok
11:08:21.0654 5592 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:08:21.0670 5592 spldr - ok
11:08:21.0701 5592 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:08:21.0779 5592 Spooler - ok
11:08:21.0904 5592 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:08:22.0029 5592 sppsvc - ok
11:08:22.0044 5592 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:08:22.0091 5592 sppuinotify - ok
11:08:22.0122 5592 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:08:22.0153 5592 srv - ok
11:08:22.0169 5592 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:08:22.0185 5592 srv2 - ok
11:08:22.0200 5592 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:08:22.0231 5592 SrvHsfHDA - ok
11:08:22.0278 5592 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:08:22.0325 5592 SrvHsfV92 - ok
11:08:22.0356 5592 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:08:22.0387 5592 SrvHsfWinac - ok
11:08:22.0403 5592 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:08:22.0419 5592 srvnet - ok
11:08:22.0465 5592 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:08:22.0543 5592 SSDPSRV - ok
11:08:22.0559 5592 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:08:22.0606 5592 SstpSvc - ok
11:08:22.0637 5592 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:08:22.0637 5592 stexstor - ok
11:08:22.0684 5592 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:08:22.0715 5592 stisvc - ok
11:08:22.0731 5592 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:08:22.0746 5592 storflt - ok
11:08:22.0762 5592 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:08:22.0777 5592 StorSvc - ok
11:08:22.0809 5592 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:08:22.0824 5592 storvsc - ok
11:08:22.0871 5592 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:08:22.0887 5592 SUService ( UnsignedFile.Multi.Generic ) - warning
11:08:22.0887 5592 SUService - detected UnsignedFile.Multi.Generic (1)
11:08:22.0918 5592 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:08:22.0918 5592 swenum - ok
11:08:22.0965 5592 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:08:23.0011 5592 swprv - ok
11:08:23.0058 5592 [ 772493A8945495F1A287BF6C4CA25B48 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:08:23.0074 5592 SynTP - ok
11:08:23.0121 5592 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:08:23.0183 5592 SysMain - ok
11:08:23.0199 5592 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:08:23.0214 5592 TabletInputService - ok
11:08:23.0214 5592 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:08:23.0261 5592 TapiSrv - ok
11:08:23.0261 5592 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:08:23.0292 5592 TBS - ok
11:08:23.0355 5592 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:08:23.0417 5592 Tcpip - ok
11:08:23.0448 5592 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:08:23.0479 5592 TCPIP6 - ok
11:08:23.0511 5592 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:08:23.0557 5592 tcpipreg - ok
11:08:23.0573 5592 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:08:23.0589 5592 TDPIPE - ok
11:08:23.0620 5592 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:08:23.0651 5592 TDTCP - ok
11:08:23.0667 5592 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:08:23.0698 5592 tdx - ok
11:08:23.0713 5592 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:08:23.0713 5592 TermDD - ok
11:08:23.0760 5592 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:08:23.0854 5592 TermService - ok
11:08:23.0869 5592 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:08:23.0885 5592 Themes - ok
11:08:23.0916 5592 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:08:23.0947 5592 THREADORDER - ok
11:08:23.0947 5592 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
11:08:23.0963 5592 TPDIGIMN - ok
11:08:23.0979 5592 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
11:08:23.0979 5592 TPHDEXLGSVC - ok
11:08:24.0041 5592 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:08:24.0057 5592 TPHKLOAD - ok
11:08:24.0088 5592 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:08:24.0088 5592 TPHKSVC - ok
11:08:24.0119 5592 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
11:08:24.0135 5592 TPM - ok
11:08:24.0150 5592 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
11:08:24.0166 5592 TPPWRIF - ok
11:08:24.0181 5592 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:08:24.0244 5592 TrkWks - ok
11:08:24.0291 5592 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:08:24.0337 5592 TrustedInstaller - ok
11:08:24.0369 5592 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:08:24.0400 5592 tssecsrv - ok
11:08:24.0431 5592 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:08:24.0462 5592 TsUsbFlt - ok
11:08:24.0462 5592 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:08:24.0493 5592 TsUsbGD - ok
11:08:24.0525 5592 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:08:24.0571 5592 tunnel - ok
11:08:24.0571 5592 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:08:24.0587 5592 uagp35 - ok
11:08:24.0603 5592 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:08:24.0665 5592 udfs - ok
11:08:24.0696 5592 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:08:24.0712 5592 UI0Detect - ok
11:08:24.0712 5592 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:08:24.0727 5592 uliagpkx - ok
11:08:24.0759 5592 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:08:24.0774 5592 umbus - ok
11:08:24.0774 5592 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:08:24.0805 5592 UmPass - ok
11:08:24.0821 5592 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:08:24.0852 5592 UmRdpService - ok
11:08:24.0961 5592 [ 86DEAC5CED845D55C63B125E0908685E ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
11:08:25.0008 5592 UNS - ok
11:08:25.0039 5592 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:08:25.0086 5592 upnphost - ok
11:08:25.0117 5592 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:08:25.0164 5592 usbccgp - ok
11:08:25.0211 5592 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:08:25.0242 5592 usbcir - ok
11:08:25.0273 5592 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:08:25.0305 5592 usbehci - ok
11:08:25.0336 5592 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:08:25.0367 5592 usbhub - ok
11:08:25.0398 5592 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:08:25.0445 5592 usbohci - ok
11:08:25.0476 5592 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:08:25.0507 5592 usbprint - ok
11:08:25.0523 5592 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:08:25.0554 5592 USBSTOR - ok
11:08:25.0570 5592 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:08:25.0617 5592 usbuhci - ok
11:08:25.0648 5592 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:08:25.0663 5592 usbvideo - ok
11:08:25.0679 5592 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:08:25.0773 5592 UxSms - ok
11:08:25.0788 5592 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:08:25.0804 5592 VaultSvc - ok
11:08:25.0804 5592 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:08:25.0819 5592 vdrvroot - ok
11:08:25.0835 5592 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:08:25.0897 5592 vds - ok
11:08:25.0913 5592 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:08:25.0929 5592 vga - ok
11:08:25.0944 5592 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:08:25.0975 5592 VgaSave - ok
11:08:25.0991 5592 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:08:26.0007 5592 vhdmp - ok
11:08:26.0007 5592 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:08:26.0022 5592 viaide - ok
11:08:26.0038 5592 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:08:26.0053 5592 vmbus - ok
11:08:26.0053 5592 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:08:26.0085 5592 VMBusHID - ok
11:08:26.0100 5592 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:08:26.0100 5592 volmgr - ok
11:08:26.0131 5592 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:08:26.0147 5592 volmgrx - ok
11:08:26.0163 5592 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:08:26.0178 5592 volsnap - ok
11:08:26.0209 5592 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:08:26.0209 5592 vsmraid - ok
11:08:26.0272 5592 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:08:26.0365 5592 VSS - ok
11:08:26.0365 5592 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:08:26.0397 5592 vwifibus - ok
11:08:26.0397 5592 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:08:26.0428 5592 vwififlt - ok
11:08:26.0443 5592 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:08:26.0490 5592 W32Time - ok
11:08:26.0521 5592 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:08:26.0537 5592 WacomPen - ok
11:08:26.0568 5592 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:08:26.0599 5592 WANARP - ok
11:08:26.0599 5592 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:08:26.0631 5592 Wanarpv6 - ok
11:08:26.0693 5592 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:08:26.0755 5592 WatAdminSvc - ok
11:08:26.0802 5592 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:08:26.0865 5592 wbengine - ok
11:08:26.0880 5592 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:08:26.0911 5592 WbioSrvc - ok
11:08:26.0927 5592 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:08:26.0974 5592 wcncsvc - ok
11:08:26.0989 5592 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:08:27.0005 5592 WcsPlugInService - ok
11:08:27.0021 5592 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:08:27.0036 5592 Wd - ok
11:08:27.0067 5592 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:08:27.0083 5592 Wdf01000 - ok
11:08:27.0114 5592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:08:27.0208 5592 WdiServiceHost - ok
11:08:27.0208 5592 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:08:27.0239 5592 WdiSystemHost - ok
11:08:27.0255 5592 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:08:27.0301 5592 WebClient - ok
11:08:27.0317 5592 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:08:27.0364 5592 Wecsvc - ok
11:08:27.0379 5592 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:08:27.0426 5592 wercplsupport - ok
11:08:27.0442 5592 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:08:27.0489 5592 WerSvc - ok
11:08:27.0520 5592 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:08:27.0551 5592 WfpLwf - ok
11:08:27.0567 5592 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:08:27.0582 5592 WIMMount - ok
11:08:27.0613 5592 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:08:27.0645 5592 winachsf - ok
11:08:27.0660 5592 WinDefend - ok
11:08:27.0660 5592 WinHttpAutoProxySvc - ok
11:08:27.0707 5592 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:08:27.0754 5592 Winmgmt - ok
11:08:27.0816 5592 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:08:27.0894 5592 WinRM - ok
11:08:27.0941 5592 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:08:27.0972 5592 WinUsb - ok
11:08:28.0019 5592 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:08:28.0066 5592 Wlansvc - ok
11:08:28.0113 5592 WMCoreService - ok
11:08:28.0128 5592 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:08:28.0175 5592 WmiAcpi - ok
11:08:28.0222 5592 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:08:28.0253 5592 wmiApSrv - ok
11:08:28.0269 5592 WMPNetworkSvc - ok
11:08:28.0300 5592 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:08:28.0331 5592 WPCSvc - ok
11:08:28.0347 5592 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:08:28.0362 5592 WPDBusEnum - ok
11:08:28.0393 5592 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:08:28.0456 5592 ws2ifsl - ok
11:08:28.0471 5592 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:08:28.0503 5592 wscsvc - ok
11:08:28.0503 5592 WSearch - ok
11:08:28.0596 5592 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:08:28.0659 5592 wuauserv - ok
11:08:28.0674 5592 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:08:28.0721 5592 WudfPf - ok
11:08:28.0752 5592 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:08:28.0783 5592 WUDFRd - ok
11:08:28.0815 5592 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:08:28.0846 5592 wudfsvc - ok
11:08:28.0861 5592 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:08:28.0893 5592 WwanSvc - ok
11:08:28.0939 5592 [ DDA7CD9F319AA76385F24BB2BD320044 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
11:08:28.0939 5592 WwanUsbServ - ok
11:08:28.0955 5592 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
11:08:28.0986 5592 XAudio - ok
11:08:29.0002 5592 ================ Scan global ===============================
11:08:29.0017 5592 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:08:29.0033 5592 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:08:29.0049 5592 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:08:29.0064 5592 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:08:29.0080 5592 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:08:29.0095 5592 [Global] - ok
11:08:29.0095 5592 ================ Scan MBR ==================================
11:08:29.0095 5592 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:08:29.0423 5592 \Device\Harddisk0\DR0 - ok
11:08:29.0423 5592 ================ Scan VBR ==================================
11:08:29.0454 5592 [ A45CA30E02B53BCDF78ED7EFE0FF8D7E ] \Device\Harddisk0\DR0\Partition1
11:08:29.0454 5592 \Device\Harddisk0\DR0\Partition1 - ok
11:08:29.0454 5592 ============================================================
11:08:29.0454 5592 Scan finished
11:08:29.0454 5592 ============================================================
11:08:29.0485 4300 Detected object count: 2
11:08:29.0485 4300 Actual detected object count: 2
11:08:52.0616 4300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:52.0616 4300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:08:52.0616 4300 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:52.0616 4300 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.09.2012, 20:12
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pop-up unten rechts Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
04.09.2012, 07:39
| #19 |
| | Pop-up unten rechtsCode:
ATTFilter ComboFix 12-09-03.07 - Joachim 04.09.2012 8:15.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3990.2546 [GMT 2:00]
ausgeführt von:: c:\users\Joachim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-04 bis 2012-09-04 ))))))))))))))))))))))))))))))
.
.
2012-09-04 06:03 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13BDE13F-70D9-404F-B58F-EBDCECF2C52B}\mpengine.dll
2012-09-03 05:28 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 14:22 . 2012-08-30 14:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-30 14:22 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 08:55 . 2012-08-22 08:55 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8962E8B3-6F56-4B40-BA18-30FB6A503423}\gapaengine.dll
2012-08-22 08:52 . 2012-08-22 08:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-22 08:52 . 2012-08-22 08:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-21 09:45 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D091F01-0D0F-4F1F-BE7A-ED7797AEDCD6}\mpengine.dll
2012-08-19 20:12 . 2012-08-22 06:37 -------- d-----w- c:\users\Joachim\AppData\Roaming\Skype
2012-08-19 20:11 . 2012-08-22 06:37 -------- d-----w- c:\programdata\Skype
2012-08-17 19:19 . 2012-08-17 19:19 -------- d-----w- c:\programdata\Escape From Paradise_11
2012-08-17 19:00 . 2012-08-17 19:01 -------- d-----w- c:\users\Joachim\AppData\Roaming\GetRightToGo
2012-08-15 14:17 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 14:15 . 2012-06-29 03:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 14:15 . 2012-06-29 03:50 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 14:15 . 2012-06-29 03:44 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-15 14:15 . 2012-06-29 00:10 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-15 14:15 . 2012-06-29 00:10 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-15 14:15 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-15 14:15 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-06 21:25 . 2012-08-06 21:25 -------- d-----w- c:\users\Joachim\AppData\Roaming\Ashampoo
2012-08-06 21:24 . 2012-08-06 21:25 -------- d-----w- c:\users\Joachim\AppData\Local\ashampoo
2012-08-06 21:24 . 2012-08-06 21:24 -------- d-----w- c:\programdata\ashampoo
2012-08-06 20:05 . 2012-08-06 20:05 -------- d-----w- c:\users\Joachim\AppData\Local\MPlayer
2012-08-06 20:03 . 2012-08-07 06:48 -------- d-----w- c:\program files (x86)\DVDx 4.0 Open Edition
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:13 . 2012-01-17 08:20 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-08 11:42 . 2012-06-28 13:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-08 11:42 . 2012-06-28 13:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 18:41 . 2012-08-04 18:41 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-04 18:41 . 2012-01-17 08:50 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 05:43 . 2012-07-11 08:00 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-10-04 1631296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-1-16 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-13 101736]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-02-05 736840]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-09 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-04 478056]
R3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\drivers\e36gbus.sys [2009-06-30 328704]
R3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\drivers\e36gmgmt.sys [2009-06-30 376320]
R3 e36wgps;Mobile Broadband GPS Port;c:\windows\system32\drivers\e36wgps64.sys [2009-07-10 96296]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2010-12-02 101416]
R3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-11-01 411208]
R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-11-01 419912]
R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-11-01 19528]
R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-11-01 472648]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-03-31 25072]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-10-04 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-10-04 175168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-17 1255736]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-02-08 276520]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-10-04 31344]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 203776]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-13 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-13 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-13 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 287232]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-08 290008]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-26 10611552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF24620.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 139.18.25.3 139.18.1.2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-04 08:34:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-04 06:34
|
|
04.09.2012, 15:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pop-up unten rechts Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2012, 10:29
| #21 |
| | Pop-up unten rechts Hier der GMER-log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-07 10:25:40
Windows 6.1.7601 Service Pack 1
Running: 9u17e52r.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e5b97b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556cc9b56
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e5b97b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556cc9b56 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
und hier die anderen logfiles Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:35:58 on 07.11.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Opera Software Opera Internet Browser 12.02 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "PCDoctorBackgroundMonitorTask-Delay.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe "SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PWMCP64V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP64V.cpl "TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM64.sys "AuthenTec TruePrint USB Driver" (ATSwpWDF) - "AuthenTec, Inc." - C:\Windows\System32\Drivers\ATSwpWDF.sys "DzHDD64" (DzHDD64) - "Lenovo." - C:\Windows\System32\DRIVERS\DzHDD64.sys "Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\Windows\System32\DRIVERS\smiifx64.sys "PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{127174DC-C366ED8B-06020200}_0) - "PC-Doctor, Inc." - c:\program files\pc-doctor\pcdsrvc_x64.pkms "Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL "Send To Bluetooth" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files (x86)\Digital Line Detect\DLG.exe (Shortcut exists | File exists) "Bluetooth.lnk" - ? - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe (Shortcut exists | File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "FreePDF Assistant" - "shbox.de" - "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" "PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe "AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe "AcSvc" (AcSvc) - "Lenovo" - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe "Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\AMT\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe "Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE "Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe "Lenovo Keyboard Noise Reduction" (LENOVO.TPKNRSVC) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mobile Broadband Service" (WMCoreService) - "Ericsson AB" - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "On Screen Display" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE "System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files (x86)\Lenovo\System Update\SUService.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG64.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 10:37:08
-----------------------------
10:37:08.472 OS Version: Windows x64 6.1.7601 Service Pack 1
10:37:08.472 Number of processors: 2 586 0x1706
10:37:08.472 ComputerName: JOACHIM-THINK UserName: Joachim
10:37:09.283 Initialize success
10:38:53.391 AVAST engine defs: 12110602
10:39:22.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:39:22.652 Disk 0 Vendor: HITACHI_HTS723216L9SA60 FC2ZC50B Size: 152627MB BusType: 11
10:39:22.667 Disk 0 MBR read successfully
10:39:22.683 Disk 0 MBR scan
10:39:22.683 Disk 0 Windows 7 default MBR code
10:39:22.714 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 6638 MB offset 2048
10:39:22.730 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 145987 MB offset 13596672
10:39:22.761 Disk 0 scanning C:\Windows\system32\drivers
10:39:32.105 Service scanning
10:39:59.296 Modules scanning
10:39:59.312 Disk 0 trace - called modules:
10:39:59.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:39:59.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005185060]
10:39:59.359 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004fe9480]
10:40:00.045 AVAST engine scan C:\Windows
10:40:01.839 AVAST engine scan C:\Windows\system32
10:42:04.845 AVAST engine scan C:\Windows\system32\drivers
10:42:14.938 AVAST engine scan C:\Users\Joachim
10:42:27.075 Disk 0 MBR has been saved successfully to "C:\Users\Joachim\Desktop\MBR.dat"
10:42:27.091 The log file has been saved successfully to "C:\Users\Joachim\Desktop\aswMBR.txt"
|
|
07.11.2012, 12:32
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pop-up unten rechts Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2012, 13:44
| #23 |
| | Pop-up unten rechts Malwarebytes gibt mir folgendes aus: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.07.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joachim :: JOACHIM-THINK [Administrator] 07.11.2012 12:48:37 mbam-log-2012-11-07 (12-51-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207853 Laufzeit: 2 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Keine Aktion durchgeführt. Infizierte Dateien: 4 C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar (Adware.Zwangi) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Keine Aktion durchgeführt. (Ende) |
|
07.11.2012, 15:20
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pop-up unten rechts Und wieso entfernst du die Funde nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 08:46
| #25 |
| | Pop-up unten rechts Mein Fehler, hab sie jetzt gelöscht. |
|
08.11.2012, 13:40
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pop-up unten rechts Und was ist jetzt mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Pop-up unten rechts |
| aktuelle, bereits, einiger, erscheint, erstell, erstellt, essen, folge, folgendes, gelöscht, hintergrund, installiert, links, log, nervig, opera, popup, problem, recht, rechts, security, seite, umgeleitet, würde |
Linear-Darstellung
