Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Stand nach Systemwiederherstellung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2012, 17:10   #1
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Liebe Mitglieder des Trojaner-Boards,

ich habe mir gestern Abend den GVU Trojaner eingefangen (Win 7, 64bit) und folgendes bisher unternommen: Nach erfolgreichem Starten im abgesicherten Modus habe ich eine Systemwiederherstellung vorgenommen, mit der aktuell alles scheinbar unbeeinträchtigt läuft, wobei mir klar ist, dass der Schein sicher trügt. Ich würde mich daher über eure Hilfe freuen, ein komplettes Neuauflegen zu vermeiden, und habe daher die Forentipps schon mal angefangen. Anbei also der Malwarebytes Bericht:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Claudia :: CLAUDIA-LAPTOP [Administrator]

27.12.2012 16:49:42
mbam-log-2012-12-27 (16-49-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236699
Laufzeit: 26 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und die OTL Dateien (im Anhang "extra" und hier "otl"):

Code:
ATTFilter
OTL logfile created on: 27.12.2012 17:35:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Claudia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 30,12% Memory free
7,60 Gb Paging File | 5,19 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 300,17 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 29,44 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-LAPTOP | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claudia\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{25FFB79E-A798-41BC-8772-22C93C98AD15}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8A1C7A57-C8E9-4021-AADF-35A83F18F20F}&mid=ef9c2db9a64f47d1a3d8c9bd2c19e266-72fe822519a5efa2dfbe18b6cdcaf9340cd142f9&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 19:00:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 17:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 17:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 17:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 17:23:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 17:23:43 | 000,000,000 | ---D | M]
 
[2011.02.23 22:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.02.23 22:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.11.21 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\g9xypjhb.default\extensions
[2012.11.21 19:47:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\g9xypjhb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.13 17:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.13 17:23:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.13 17:23:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.13 17:23:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.30 22:52:13 | 000,103,904 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2012.04.03 19:58:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 12:36:38 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.02 12:52:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.03 19:58:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.02 12:52:21 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012.04.03 19:58:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.03 19:58:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.03 19:58:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [Power2GoExpress] C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001..\Run: [Spotify Web Helper] C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91C7CCB-1714-4120-A525-6685D43E25FB}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 16:50:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL(1).exe
[2012.12.27 16:46:42 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2012.12.27 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.27 16:46:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.27 16:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.27 16:15:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Recov
[2012.12.20 19:41:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.12.16 12:33:12 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.16 12:33:12 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.16 12:33:12 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.16 12:32:46 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.16 12:32:46 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.16 12:32:46 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.16 12:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.16 12:30:55 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Users\Claudia\Desktop\jre-7u9-windows-x64.exe
[2012.12.13 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\AVG2013
[2012.12.13 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2012.12.13 18:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.13 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\MFAData
[2012.12.13 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Avg2013
[2012.12.13 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.13 11:51:14 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.13 11:51:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.13 11:51:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.13 11:51:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.13 11:51:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.13 11:51:12 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.13 11:51:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.13 11:51:10 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.13 11:51:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.13 11:51:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.13 11:51:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.13 11:51:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.13 11:51:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.13 11:51:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.13 11:51:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.13 11:51:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.13 11:51:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.13 11:51:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.13 11:51:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.13 11:51:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.13 11:51:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.13 11:51:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.13 11:51:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.13 11:51:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 11:51:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 11:51:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 11:51:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 11:50:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 11:50:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 11:50:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 11:50:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.13 11:50:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.13 11:50:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 17:26:25 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 16:50:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL(1).exe
[2012.12.27 16:46:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 16:45:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:45:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:42:20 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.27 16:42:20 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.27 16:42:20 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.27 16:42:20 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.27 16:42:20 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.27 16:42:09 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 16:35:31 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 16:35:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.27 16:35:11 | 3061,125,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 22:46:22 | 000,017,408 | ---- | M] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2012.12.16 12:32:18 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.16 12:32:16 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.16 12:32:16 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.16 12:32:15 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.16 12:32:15 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.16 12:32:15 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.16 12:31:04 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Users\Claudia\Desktop\jre-7u9-windows-x64.exe
[2012.12.14 20:03:48 | 000,332,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.13 18:16:22 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.13 13:26:22 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.13 13:26:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.12.27 16:46:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 18:16:22 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.08.03 22:36:37 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2011.09.24 17:34:57 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011.09.24 17:34:57 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011.09.24 17:34:57 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011.09.24 17:32:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011.09.24 17:32:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011.09.05 07:26:03 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.28 16:40:54 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.02.25 11:30:50 | 000,000,346 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.02.23 22:26:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.02.25 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ArcSyncConfig
[2012.12.13 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\AVG2013
[2012.04.15 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\elsterformular
[2012.05.11 08:58:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Lenovo
[2012.01.08 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LyX2.0
[2011.02.25 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2012.10.01 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Sazose
[2012.01.09 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Smart PDF Converter
[2012.12.16 18:18:20 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Spotify
[2012.01.08 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Swiss Academic Software
[2012.12.13 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2012.10.01 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vyfoqe
[2012.10.01 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Wigog
 
========== Purity Check ==========
 
 

< End of report >
         
Ich habe gestern auch noch eine Datensicherung auf externer Festplatte vorgenommen - wie stelle ich am besten fest, ob diese nun auch befallen ist?

Vielen, vielen Dank schon vorab für jede Hilfe! Claudia
Angehängte Dateien
Dateityp: txt Extras.Txt (66,3 KB, 141x aufgerufen)

Alt 27.12.2012, 17:44   #2
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hi
finger weg, bei Malware befall, von der Systemwiederherstellung!
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 27.12.2012, 17:56   #3
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hallo Markus,

danke für die schnelle Rückmeldung. Hier der Log zum TDSSKiller:
Code:
ATTFilter
18:51:44.0529 4904  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:51:44.0749 4904  ============================================================
18:51:44.0749 4904  Current date / time: 2012/12/27 18:51:44.0749
18:51:44.0749 4904  SystemInfo:
18:51:44.0749 4904  
18:51:44.0749 4904  OS Version: 6.1.7601 ServicePack: 1.0
18:51:44.0749 4904  Product type: Workstation
18:51:44.0749 4904  ComputerName: CLAUDIA-LAPTOP
18:51:44.0749 4904  UserName: Claudia
18:51:44.0749 4904  Windows directory: C:\windows
18:51:44.0749 4904  System windows directory: C:\windows
18:51:44.0749 4904  Running under WOW64
18:51:44.0749 4904  Processor architecture: Intel x64
18:51:44.0749 4904  Number of processors: 2
18:51:44.0749 4904  Page size: 0x1000
18:51:44.0749 4904  Boot type: Normal boot
18:51:44.0749 4904  ============================================================
18:51:45.0459 4904  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:51:45.0469 4904  ============================================================
18:51:45.0469 4904  \Device\Harddisk0\DR0:
18:51:45.0469 4904  MBR partitions:
18:51:45.0469 4904  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:51:45.0469 4904  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x348AA000
18:51:45.0499 4904  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3490F000, BlocksNum 0x3CF4800
18:51:45.0499 4904  ============================================================
18:51:45.0539 4904  C: <-> \Device\Harddisk0\DR0\Partition2
18:51:45.0569 4904  D: <-> \Device\Harddisk0\DR0\Partition3
18:51:45.0569 4904  ============================================================
18:51:45.0569 4904  Initialize success
18:51:45.0569 4904  ============================================================
18:52:25.0032 4640  ============================================================
18:52:25.0032 4640  Scan started
18:52:25.0032 4640  Mode: Manual; SigCheck; TDLFS; 
18:52:25.0032 4640  ============================================================
18:52:25.0406 4640  ================ Scan system memory ========================
18:52:25.0406 4640  System memory - ok
18:52:25.0406 4640  ================ Scan services =============================
18:52:25.0765 4640  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:52:25.0921 4640  1394ohci - ok
18:52:25.0999 4640  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:52:26.0030 4640  ACPI - ok
18:52:26.0077 4640  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:52:26.0326 4640  AcpiPmi - ok
18:52:26.0389 4640  [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
18:52:26.0420 4640  ACPIVPC - ok
18:52:26.0607 4640  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:52:26.0623 4640  AdobeFlashPlayerUpdateSvc - ok
18:52:26.0779 4640  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
18:52:26.0826 4640  adp94xx - ok
18:52:26.0872 4640  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
18:52:26.0888 4640  adpahci - ok
18:52:26.0919 4640  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
18:52:26.0935 4640  adpu320 - ok
18:52:26.0982 4640  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:52:27.0325 4640  AeLookupSvc - ok
18:52:27.0418 4640  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
18:52:27.0543 4640  AFD - ok
18:52:27.0637 4640  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
18:52:27.0652 4640  agp440 - ok
18:52:27.0715 4640  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
18:52:27.0793 4640  ALG - ok
18:52:27.0918 4640  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
18:52:27.0949 4640  aliide - ok
18:52:28.0011 4640  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
18:52:28.0042 4640  amdide - ok
18:52:28.0120 4640  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
18:52:28.0245 4640  AmdK8 - ok
18:52:28.0292 4640  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
18:52:28.0339 4640  AmdPPM - ok
18:52:28.0417 4640  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:52:28.0448 4640  amdsata - ok
18:52:28.0510 4640  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
18:52:28.0542 4640  amdsbs - ok
18:52:28.0573 4640  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:52:28.0588 4640  amdxata - ok
18:52:28.0666 4640  [ 7F84DB2D9E20FB72613663A20A9041F6 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
18:52:28.0682 4640  ApfiltrService - ok
18:52:28.0760 4640  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
18:52:28.0963 4640  AppID - ok
18:52:29.0025 4640  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:52:29.0150 4640  AppIDSvc - ok
18:52:29.0212 4640  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
18:52:29.0306 4640  Appinfo - ok
18:52:29.0337 4640  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
18:52:29.0368 4640  arc - ok
18:52:29.0400 4640  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
18:52:29.0415 4640  arcsas - ok
18:52:29.0446 4640  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:52:29.0556 4640  AsyncMac - ok
18:52:29.0618 4640  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
18:52:29.0634 4640  atapi - ok
18:52:29.0712 4640  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\windows\system32\DRIVERS\athrx.sys
18:52:29.0836 4640  athr - ok
18:52:29.0914 4640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:52:30.0024 4640  AudioEndpointBuilder - ok
18:52:30.0024 4640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:52:30.0086 4640  AudioSrv - ok
18:52:30.0492 4640  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:52:30.0726 4640  AVGIDSAgent - ok
18:52:30.0897 4640  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
18:52:30.0928 4640  AVGIDSDriver - ok
18:52:30.0991 4640  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
18:52:31.0006 4640  AVGIDSHA - ok
18:52:31.0100 4640  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
18:52:31.0131 4640  Avgldx64 - ok
18:52:31.0287 4640  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
18:52:31.0318 4640  Avgloga - ok
18:52:31.0350 4640  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
18:52:31.0350 4640  Avgmfx64 - ok
18:52:31.0381 4640  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
18:52:31.0412 4640  Avgrkx64 - ok
18:52:31.0412 4640  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\windows\system32\DRIVERS\avgtdia.sys
18:52:31.0428 4640  Avgtdia - ok
18:52:31.0459 4640  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:52:31.0474 4640  avgwd - ok
18:52:31.0537 4640  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:52:31.0646 4640  AxInstSV - ok
18:52:31.0708 4640  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
18:52:31.0786 4640  b06bdrv - ok
18:52:31.0849 4640  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:52:31.0911 4640  b57nd60a - ok
18:52:32.0254 4640  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
18:52:32.0286 4640  BBSvc - ok
18:52:32.0364 4640  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
18:52:32.0410 4640  BBUpdate - ok
18:52:32.0426 4640  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
18:52:32.0504 4640  BDESVC - ok
18:52:32.0566 4640  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
18:52:32.0660 4640  Beep - ok
18:52:32.0738 4640  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
18:52:32.0816 4640  BFE - ok
18:52:32.0894 4640  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
18:52:33.0003 4640  BITS - ok
18:52:33.0034 4640  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:52:33.0066 4640  blbdrive - ok
18:52:33.0128 4640  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:52:33.0206 4640  bowser - ok
18:52:33.0268 4640  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
18:52:34.0080 4640  BrFiltLo - ok
18:52:34.0111 4640  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
18:52:34.0126 4640  BrFiltUp - ok
18:52:34.0189 4640  [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0         C:\windows\system32\drivers\WDBridge.sys
18:52:34.0204 4640  Bridge0 - ok
18:52:34.0267 4640  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
18:52:34.0345 4640  Browser - ok
18:52:34.0376 4640  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:52:34.0454 4640  Brserid - ok
18:52:34.0470 4640  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:52:34.0532 4640  BrSerWdm - ok
18:52:34.0548 4640  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:52:34.0657 4640  BrUsbMdm - ok
18:52:34.0688 4640  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:52:34.0735 4640  BrUsbSer - ok
18:52:34.0766 4640  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
18:52:34.0875 4640  BthEnum - ok
18:52:34.0922 4640  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
18:52:34.0984 4640  BTHMODEM - ok
18:52:35.0031 4640  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:52:35.0062 4640  BthPan - ok
18:52:35.0312 4640  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
18:52:35.0406 4640  BTHPORT - ok
18:52:35.0484 4640  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
18:52:35.0593 4640  bthserv - ok
18:52:35.0671 4640  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:52:35.0733 4640  BTHUSB - ok
18:52:35.0811 4640  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
18:52:35.0827 4640  btusbflt - ok
18:52:35.0889 4640  [ A72A9101F9730DB7332714E566614E4D ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
18:52:35.0905 4640  btwaudio - ok
18:52:35.0952 4640  [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
18:52:35.0967 4640  btwavdt - ok
18:52:36.0389 4640  [ B1DB1E1A90C940723980B94760487472 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:52:36.0467 4640  btwdins - ok
18:52:36.0513 4640  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
18:52:36.0529 4640  btwl2cap - ok
18:52:36.0591 4640  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
18:52:36.0591 4640  btwrchid - ok
18:52:36.0685 4640  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:52:36.0779 4640  cdfs - ok
18:52:36.0935 4640  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
18:52:37.0028 4640  cdrom - ok
18:52:37.0106 4640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
18:52:37.0231 4640  CertPropSvc - ok
18:52:37.0340 4640  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
18:52:37.0434 4640  circlass - ok
18:52:37.0496 4640  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
18:52:37.0512 4640  CLFS - ok
18:52:37.0590 4640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:37.0605 4640  clr_optimization_v2.0.50727_32 - ok
18:52:37.0683 4640  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:52:37.0715 4640  clr_optimization_v2.0.50727_64 - ok
18:52:37.0824 4640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:37.0839 4640  clr_optimization_v4.0.30319_32 - ok
18:52:37.0902 4640  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:52:37.0933 4640  clr_optimization_v4.0.30319_64 - ok
18:52:37.0964 4640  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:52:38.0011 4640  CmBatt - ok
18:52:38.0027 4640  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:52:38.0042 4640  cmdide - ok
18:52:38.0120 4640  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
18:52:38.0151 4640  CNG - ok
18:52:38.0214 4640  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:52:38.0229 4640  Compbatt - ok
18:52:38.0276 4640  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
18:52:38.0323 4640  CompositeBus - ok
18:52:38.0339 4640  COMSysApp - ok
18:52:38.0370 4640  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
18:52:38.0385 4640  crcdisk - ok
18:52:38.0448 4640  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:52:38.0526 4640  CryptSvc - ok
18:52:38.0588 4640  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\windows\system32\DRIVERS\CVirtA64.sys
18:52:38.0604 4640  CVirtA - ok
18:52:38.0729 4640  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
18:52:38.0807 4640  CVPND - ok
18:52:38.0900 4640  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\windows\system32\Drivers\CVPNDRVA.sys
18:52:38.0931 4640  CVPNDRVA - ok
18:52:39.0009 4640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:52:39.0087 4640  DcomLaunch - ok
18:52:39.0150 4640  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
18:52:39.0243 4640  defragsvc - ok
18:52:39.0290 4640  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:52:39.0384 4640  DfsC - ok
18:52:39.0446 4640  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
18:52:39.0509 4640  Dhcp - ok
18:52:39.0555 4640  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
18:52:39.0665 4640  discache - ok
18:52:39.0727 4640  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
18:52:39.0743 4640  Disk - ok
18:52:39.0805 4640  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\windows\system32\DRIVERS\dne64x.sys
18:52:39.0836 4640  DNE - ok
18:52:39.0930 4640  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:52:40.0008 4640  Dnscache - ok
18:52:40.0086 4640  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
18:52:40.0179 4640  dot3svc - ok
18:52:40.0226 4640  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
18:52:40.0273 4640  DPS - ok
18:52:40.0335 4640  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:52:40.0398 4640  drmkaud - ok
18:52:40.0476 4640  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:52:40.0554 4640  DXGKrnl - ok
18:52:40.0616 4640  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
18:52:40.0710 4640  EapHost - ok
18:52:40.0819 4640  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
18:52:40.0975 4640  ebdrv - ok
18:52:41.0022 4640  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
18:52:41.0100 4640  EFS - ok
18:52:41.0162 4640  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
18:52:41.0256 4640  ehRecvr - ok
18:52:41.0287 4640  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
18:52:41.0318 4640  ehSched - ok
18:52:41.0349 4640  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
18:52:41.0381 4640  elxstor - ok
18:52:41.0412 4640  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:52:41.0459 4640  ErrDev - ok
18:52:41.0521 4640  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
18:52:41.0583 4640  EventSystem - ok
18:52:41.0646 4640  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
18:52:41.0739 4640  exfat - ok
18:52:41.0755 4640  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:52:41.0817 4640  fastfat - ok
18:52:41.0895 4640  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
18:52:41.0989 4640  Fax - ok
18:52:42.0051 4640  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
18:52:42.0083 4640  fdc - ok
18:52:42.0114 4640  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
18:52:42.0161 4640  fdPHost - ok
18:52:42.0176 4640  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
18:52:42.0239 4640  FDResPub - ok
18:52:42.0301 4640  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:52:42.0301 4640  FileInfo - ok
18:52:42.0332 4640  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:52:42.0395 4640  Filetrace - ok
18:52:42.0441 4640  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
18:52:42.0488 4640  flpydisk - ok
18:52:42.0551 4640  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:52:42.0597 4640  FltMgr - ok
18:52:42.0644 4640  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
18:52:42.0785 4640  FontCache - ok
18:52:42.0831 4640  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:52:42.0863 4640  FontCache3.0.0.0 - ok
18:52:42.0894 4640  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:52:42.0925 4640  FsDepends - ok
18:52:42.0972 4640  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:52:43.0003 4640  Fs_Rec - ok
18:52:43.0128 4640  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:52:43.0159 4640  fvevol - ok
18:52:43.0190 4640  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
18:52:43.0206 4640  gagp30kx - ok
18:52:43.0253 4640  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
18:52:43.0331 4640  gpsvc - ok
18:52:43.0440 4640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:52:43.0455 4640  gupdate - ok
18:52:43.0502 4640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:52:43.0518 4640  gupdatem - ok
18:52:43.0580 4640  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:52:43.0596 4640  hcw85cir - ok
18:52:43.0674 4640  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:52:43.0721 4640  HdAudAddService - ok
18:52:43.0799 4640  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
18:52:43.0861 4640  HDAudBus - ok
18:52:43.0892 4640  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
18:52:43.0939 4640  HidBatt - ok
18:52:43.0970 4640  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
18:52:44.0001 4640  HidBth - ok
18:52:44.0033 4640  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
18:52:44.0095 4640  HidIr - ok
18:52:44.0126 4640  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
18:52:44.0189 4640  hidserv - ok
18:52:44.0235 4640  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
18:52:44.0267 4640  HidUsb - ok
18:52:44.0298 4640  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:52:44.0423 4640  hkmsvc - ok
18:52:44.0454 4640  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:52:44.0516 4640  HomeGroupListener - ok
18:52:44.0563 4640  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:52:44.0610 4640  HomeGroupProvider - ok
18:52:44.0641 4640  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:52:44.0657 4640  HpSAMD - ok
18:52:44.0735 4640  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:52:44.0828 4640  HTTP - ok
18:52:44.0891 4640  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:52:44.0906 4640  hwpolicy - ok
18:52:44.0984 4640  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
18:52:45.0015 4640  i8042prt - ok
18:52:45.0078 4640  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
18:52:45.0109 4640  iaStor - ok
18:52:45.0203 4640  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:52:45.0218 4640  IAStorDataMgrSvc - ok
18:52:45.0281 4640  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
18:52:45.0312 4640  iaStorV - ok
18:52:45.0359 4640  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:52:45.0405 4640  idsvc - ok
18:52:45.0686 4640  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
18:52:45.0873 4640  igfx - ok
18:52:45.0951 4640  [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
18:52:45.0967 4640  IGRS - ok
18:52:46.0014 4640  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
18:52:46.0029 4640  iirsp - ok
18:52:46.0076 4640  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
18:52:46.0154 4640  IKEEXT - ok
18:52:46.0217 4640  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
18:52:46.0263 4640  Impcd - ok
18:52:46.0451 4640  [ D6B90D1208CFC57E9F213357BCC41A3C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
18:52:46.0544 4640  IntcAzAudAddService - ok
18:52:46.0653 4640  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
18:52:46.0731 4640  IntcDAud - ok
18:52:46.0794 4640  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
18:52:46.0825 4640  intelide - ok
18:52:46.0903 4640  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
18:52:46.0965 4640  intelppm - ok
18:52:46.0997 4640  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
18:52:47.0090 4640  IPBusEnum - ok
18:52:47.0121 4640  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:52:47.0231 4640  IpFilterDriver - ok
18:52:47.0309 4640  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:52:47.0402 4640  iphlpsvc - ok
18:52:47.0449 4640  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
18:52:47.0480 4640  IPMIDRV - ok
18:52:47.0543 4640  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
18:52:47.0621 4640  IPNAT - ok
18:52:47.0683 4640  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:52:47.0777 4640  IRENUM - ok
18:52:47.0823 4640  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:52:47.0855 4640  isapnp - ok
18:52:47.0917 4640  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
18:52:47.0948 4640  iScsiPrt - ok
18:52:48.0011 4640  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
18:52:48.0057 4640  k57nd60a - ok
18:52:48.0089 4640  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
18:52:48.0104 4640  kbdclass - ok
18:52:48.0167 4640  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
18:52:48.0229 4640  kbdhid - ok
18:52:48.0245 4640  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
18:52:48.0260 4640  KeyIso - ok
18:52:48.0323 4640  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:52:48.0354 4640  KSecDD - ok
18:52:48.0401 4640  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
18:52:48.0432 4640  KSecPkg - ok
18:52:48.0479 4640  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
18:52:48.0541 4640  ksthunk - ok
18:52:48.0635 4640  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
18:52:48.0728 4640  KtmRm - ok
18:52:48.0791 4640  [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
18:52:48.0806 4640  L1C - ok
18:52:48.0869 4640  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
18:52:48.0962 4640  LanmanServer - ok
18:52:49.0056 4640  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:52:49.0118 4640  LanmanWorkstation - ok
18:52:49.0212 4640  [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
18:52:49.0243 4640  Lenovo ReadyComm AppSvc - ok
18:52:49.0305 4640  [ 5287074E79E4BA82510886F684DC5F72 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
18:52:49.0337 4640  Lenovo ReadyComm ConnSvc - ok
18:52:49.0368 4640  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
18:52:49.0368 4640  LHDmgr - ok
18:52:49.0415 4640  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:52:49.0524 4640  lltdio - ok
18:52:49.0571 4640  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
18:52:49.0680 4640  lltdsvc - ok
18:52:49.0711 4640  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
18:52:49.0758 4640  lmhosts - ok
18:52:49.0820 4640  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
18:52:49.0836 4640  LSI_FC - ok
18:52:49.0898 4640  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
18:52:49.0929 4640  LSI_SAS - ok
18:52:49.0929 4640  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
18:52:49.0945 4640  LSI_SAS2 - ok
18:52:49.0961 4640  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
18:52:49.0976 4640  LSI_SCSI - ok
18:52:49.0992 4640  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
18:52:50.0054 4640  luafv - ok
18:52:50.0117 4640  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
18:52:50.0148 4640  Mcx2Svc - ok
18:52:50.0163 4640  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
18:52:50.0179 4640  megasas - ok
18:52:50.0195 4640  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
18:52:50.0226 4640  MegaSR - ok
18:52:50.0273 4640  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
18:52:50.0366 4640  MMCSS - ok
18:52:50.0382 4640  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
18:52:50.0460 4640  Modem - ok
18:52:50.0507 4640  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
18:52:50.0553 4640  monitor - ok
18:52:50.0585 4640  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:52:50.0600 4640  mouclass - ok
18:52:50.0663 4640  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:52:50.0709 4640  mouhid - ok
18:52:50.0756 4640  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:52:50.0787 4640  mountmgr - ok
18:52:51.0006 4640  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:52:51.0037 4640  MozillaMaintenance - ok
18:52:51.0053 4640  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
18:52:51.0068 4640  mpio - ok
18:52:51.0099 4640  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:52:51.0162 4640  mpsdrv - ok
18:52:51.0209 4640  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:52:51.0287 4640  MpsSvc - ok
18:52:51.0318 4640  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:52:51.0380 4640  MRxDAV - ok
18:52:51.0411 4640  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:52:51.0489 4640  mrxsmb - ok
18:52:51.0536 4640  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:52:51.0583 4640  mrxsmb10 - ok
18:52:51.0614 4640  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:52:51.0630 4640  mrxsmb20 - ok
18:52:51.0661 4640  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
18:52:51.0661 4640  msahci - ok
18:52:51.0677 4640  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
18:52:51.0692 4640  msdsm - ok
18:52:51.0708 4640  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
18:52:51.0755 4640  MSDTC - ok
18:52:51.0786 4640  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:52:51.0833 4640  Msfs - ok
18:52:51.0864 4640  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
18:52:51.0957 4640  mshidkmdf - ok
18:52:51.0989 4640  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:52:52.0004 4640  msisadrv - ok
18:52:52.0051 4640  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
18:52:52.0145 4640  MSiSCSI - ok
18:52:52.0145 4640  msiserver - ok
18:52:52.0176 4640  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
18:52:52.0238 4640  MSKSSRV - ok
18:52:52.0285 4640  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:52:52.0347 4640  MSPCLOCK - ok
18:52:52.0363 4640  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
18:52:52.0425 4640  MSPQM - ok
18:52:52.0457 4640  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
18:52:52.0472 4640  MsRPC - ok
18:52:52.0503 4640  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
18:52:52.0519 4640  mssmbios - ok
18:52:52.0581 4640  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
18:52:52.0675 4640  MSTEE - ok
18:52:52.0706 4640  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
18:52:52.0737 4640  MTConfig - ok
18:52:52.0769 4640  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
18:52:52.0784 4640  Mup - ok
18:52:52.0831 4640  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
18:52:52.0909 4640  napagent - ok
18:52:53.0003 4640  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
18:52:53.0065 4640  NativeWifiP - ok
18:52:53.0159 4640  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:52:53.0237 4640  NDIS - ok
18:52:53.0299 4640  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
18:52:53.0377 4640  NdisCap - ok
18:52:53.0408 4640  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:52:53.0455 4640  NdisTapi - ok
18:52:53.0502 4640  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
18:52:53.0564 4640  Ndisuio - ok
18:52:53.0595 4640  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
18:52:53.0673 4640  NdisWan - ok
18:52:53.0705 4640  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
18:52:53.0751 4640  NDProxy - ok
18:52:53.0798 4640  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
18:52:53.0861 4640  NetBIOS - ok
18:52:53.0923 4640  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
18:52:54.0017 4640  NetBT - ok
18:52:54.0048 4640  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
18:52:54.0063 4640  Netlogon - ok
18:52:54.0126 4640  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
18:52:54.0204 4640  Netman - ok
18:52:54.0219 4640  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
18:52:54.0282 4640  netprofm - ok
18:52:54.0313 4640  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:52:54.0329 4640  NetTcpPortSharing - ok
18:52:54.0547 4640  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
18:52:54.0672 4640  netw5v64 - ok
18:52:54.0703 4640  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
18:52:54.0719 4640  nfrd960 - ok
18:52:54.0765 4640  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
18:52:54.0828 4640  NlaSvc - ok
18:52:54.0906 4640  [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64       C:\windows\system32\drivers\ccdcmbox64.sys
18:52:54.0984 4640  nmwcdcx64 - ok
18:52:55.0046 4640  [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64        C:\windows\system32\drivers\ccdcmbx64.sys
18:52:55.0062 4640  nmwcdx64 - ok
18:52:55.0077 4640  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:52:55.0124 4640  Npfs - ok
18:52:55.0140 4640  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
18:52:55.0202 4640  nsi - ok
18:52:55.0233 4640  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:52:55.0296 4640  nsiproxy - ok
18:52:55.0374 4640  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:52:55.0452 4640  Ntfs - ok
18:52:55.0483 4640  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
18:52:55.0545 4640  Null - ok
18:52:57.0776 4640  [ 84C338B8E6C12301AF74F8C9B71968AD ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
18:52:58.0197 4640  nvlddmkm - ok
18:52:58.0260 4640  [ B5BC922AC2CEFD7ED7D6680BF08F4604 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
18:52:58.0275 4640  nvpciflt - ok
18:52:58.0322 4640  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:52:58.0353 4640  nvraid - ok
18:52:58.0431 4640  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:52:58.0463 4640  nvstor - ok
18:52:58.0509 4640  [ 2786B69AE9144C522E2F0AD44B8CE1AD ] nvsvc           C:\windows\system32\nvvsvc.exe
18:52:58.0541 4640  nvsvc - ok
18:52:58.0619 4640  [ BB6A457CB1BB39AE55144C8C49E10ABE ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:52:58.0712 4640  nvUpdatusService - ok
18:52:58.0759 4640  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:52:58.0806 4640  nv_agp - ok
18:52:58.0821 4640  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:52:58.0853 4640  ohci1394 - ok
18:52:58.0915 4640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:52:58.0977 4640  p2pimsvc - ok
18:52:59.0009 4640  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
18:52:59.0024 4640  p2psvc - ok
18:52:59.0055 4640  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
18:52:59.0071 4640  Parport - ok
18:52:59.0118 4640  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
18:52:59.0149 4640  partmgr - ok
18:52:59.0165 4640  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:52:59.0180 4640  PcaSvc - ok
18:52:59.0211 4640  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
18:52:59.0227 4640  pci - ok
18:52:59.0274 4640  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
18:52:59.0289 4640  pciide - ok
18:52:59.0367 4640  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
18:52:59.0399 4640  pcmcia - ok
18:52:59.0414 4640  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
18:52:59.0430 4640  pcw - ok
18:52:59.0445 4640  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:52:59.0539 4640  PEAUTH - ok
18:52:59.0851 4640  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:52:59.0898 4640  PerfHost - ok
18:52:59.0960 4640  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
18:53:00.0038 4640  pla - ok
18:53:00.0085 4640  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:53:00.0179 4640  PlugPlay - ok
18:53:00.0210 4640  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
18:53:00.0241 4640  PNRPAutoReg - ok
18:53:00.0272 4640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
18:53:00.0303 4640  PNRPsvc - ok
18:53:00.0350 4640  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
18:53:00.0428 4640  PolicyAgent - ok
18:53:00.0459 4640  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
18:53:00.0537 4640  Power - ok
18:53:00.0584 4640  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:53:00.0631 4640  PptpMiniport - ok
18:53:00.0662 4640  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
18:53:00.0725 4640  Processor - ok
18:53:00.0771 4640  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
18:53:00.0865 4640  ProfSvc - ok
18:53:00.0896 4640  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:53:00.0927 4640  ProtectedStorage - ok
18:53:00.0990 4640  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:53:01.0068 4640  Psched - ok
18:53:01.0068 4640  PS_MDP - ok
18:53:01.0146 4640  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
18:53:01.0239 4640  ql2300 - ok
18:53:01.0271 4640  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
18:53:01.0286 4640  ql40xx - ok
18:53:01.0317 4640  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
18:53:01.0349 4640  QWAVE - ok
18:53:01.0364 4640  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:53:01.0395 4640  QWAVEdrv - ok
18:53:01.0427 4640  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:53:01.0489 4640  RasAcd - ok
18:53:01.0583 4640  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
18:53:01.0645 4640  RasAgileVpn - ok
18:53:01.0676 4640  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
18:53:01.0707 4640  RasAuto - ok
18:53:01.0770 4640  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
18:53:01.0832 4640  Rasl2tp - ok
18:53:01.0895 4640  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
18:53:01.0973 4640  RasMan - ok
18:53:02.0004 4640  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:53:02.0082 4640  RasPppoe - ok
18:53:02.0129 4640  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
18:53:02.0207 4640  RasSstp - ok
18:53:02.0238 4640  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
18:53:02.0347 4640  rdbss - ok
18:53:02.0378 4640  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
18:53:02.0425 4640  rdpbus - ok
18:53:02.0472 4640  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:53:02.0550 4640  RDPCDD - ok
18:53:02.0550 4640  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:53:02.0612 4640  RDPENCDD - ok
18:53:02.0628 4640  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:53:02.0675 4640  RDPREFMP - ok
18:53:02.0721 4640  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
18:53:02.0784 4640  RDPWD - ok
18:53:02.0877 4640  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:53:02.0909 4640  rdyboost - ok
18:53:02.0924 4640  ReadyComm.DirectRouter - ok
18:53:02.0987 4640  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:53:03.0065 4640  RemoteAccess - ok
18:53:03.0096 4640  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:53:03.0158 4640  RemoteRegistry - ok
18:53:03.0205 4640  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
18:53:03.0236 4640  RFCOMM - ok
18:53:03.0330 4640  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:53:03.0392 4640  RpcEptMapper - ok
18:53:03.0439 4640  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
18:53:03.0470 4640  RpcLocator - ok
18:53:03.0517 4640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
18:53:03.0579 4640  RpcSs - ok
18:53:03.0626 4640  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:53:03.0704 4640  rspndr - ok
18:53:03.0782 4640  [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
18:53:03.0813 4640  RSUSBSTOR - ok
18:53:03.0845 4640  RtsUIR - ok
18:53:03.0876 4640  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
18:53:03.0891 4640  SamSs - ok
18:53:03.0938 4640  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:53:03.0954 4640  sbp2port - ok
18:53:03.0985 4640  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:53:04.0047 4640  SCardSvr - ok
18:53:04.0079 4640  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:53:04.0125 4640  scfilter - ok
18:53:04.0219 4640  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
18:53:04.0297 4640  Schedule - ok
18:53:04.0344 4640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
18:53:04.0375 4640  SCPolicySvc - ok
18:53:04.0422 4640  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:53:04.0500 4640  SDRSVC - ok
18:53:04.0562 4640  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:53:04.0656 4640  secdrv - ok
18:53:04.0687 4640  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
18:53:04.0781 4640  seclogon - ok
18:53:04.0827 4640  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
18:53:04.0890 4640  SENS - ok
18:53:04.0921 4640  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:53:04.0952 4640  SensrSvc - ok
18:53:05.0015 4640  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
18:53:05.0061 4640  Serenum - ok
18:53:05.0124 4640  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
18:53:05.0171 4640  Serial - ok
18:53:05.0280 4640  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
18:53:05.0342 4640  sermouse - ok
18:53:05.0389 4640  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
18:53:05.0436 4640  SessionEnv - ok
18:53:05.0467 4640  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
18:53:05.0545 4640  sffdisk - ok
18:53:05.0561 4640  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:53:05.0592 4640  sffp_mmc - ok
18:53:05.0623 4640  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
18:53:05.0670 4640  sffp_sd - ok
18:53:05.0732 4640  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
18:53:05.0748 4640  sfloppy - ok
18:53:05.0857 4640  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:53:05.0919 4640  SharedAccess - ok
18:53:05.0966 4640  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:53:06.0013 4640  ShellHWDetection - ok
18:53:06.0029 4640  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
18:53:06.0044 4640  SiSRaid2 - ok
18:53:06.0075 4640  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
18:53:06.0091 4640  SiSRaid4 - ok
18:53:06.0185 4640  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:53:06.0216 4640  SkypeUpdate - ok
18:53:06.0263 4640  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
18:53:06.0341 4640  Smb - ok
18:53:06.0465 4640  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:53:06.0512 4640  SNMPTRAP - ok
18:53:06.0559 4640  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
18:53:06.0559 4640  spldr - ok
18:53:06.0621 4640  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
18:53:06.0668 4640  Spooler - ok
18:53:06.0777 4640  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
18:53:07.0043 4640  sppsvc - ok
18:53:07.0074 4640  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
18:53:07.0152 4640  sppuinotify - ok
18:53:07.0199 4640  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
18:53:07.0245 4640  srv - ok
18:53:07.0277 4640  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:53:07.0339 4640  srv2 - ok
18:53:07.0355 4640  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:53:07.0401 4640  srvnet - ok
18:53:07.0464 4640  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
18:53:07.0526 4640  SSDPSRV - ok
18:53:07.0557 4640  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
18:53:07.0620 4640  SstpSvc - ok
18:53:07.0682 4640  [ E24AEE53D394BF512EC34853C62987A9 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:53:07.0713 4640  Stereo Service - ok
18:53:07.0745 4640  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
18:53:07.0760 4640  stexstor - ok
18:53:07.0823 4640  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
18:53:07.0869 4640  stisvc - ok
18:53:07.0901 4640  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
18:53:07.0916 4640  swenum - ok
18:53:07.0979 4640  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
18:53:08.0057 4640  swprv - ok
18:53:08.0135 4640  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
18:53:08.0275 4640  SysMain - ok
18:53:08.0322 4640  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:53:08.0384 4640  TabletInputService - ok
18:53:08.0431 4640  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
18:53:08.0493 4640  TapiSrv - ok
18:53:08.0540 4640  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
18:53:08.0634 4640  TBS - ok
18:53:08.0712 4640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
18:53:08.0774 4640  Tcpip - ok
18:53:08.0852 4640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:53:08.0899 4640  TCPIP6 - ok
18:53:08.0930 4640  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:53:08.0977 4640  tcpipreg - ok
18:53:09.0024 4640  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:53:09.0086 4640  TDPIPE - ok
18:53:09.0102 4640  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
18:53:09.0149 4640  TDTCP - ok
18:53:09.0211 4640  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
18:53:09.0289 4640  tdx - ok
18:53:09.0336 4640  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
18:53:09.0367 4640  TermDD - ok
18:53:09.0414 4640  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
18:53:09.0461 4640  TermService - ok
18:53:09.0492 4640  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
18:53:09.0523 4640  Themes - ok
18:53:09.0554 4640  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
18:53:09.0601 4640  THREADORDER - ok
18:53:09.0617 4640  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
18:53:09.0679 4640  TrkWks - ok
18:53:09.0741 4640  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:53:09.0819 4640  TrustedInstaller - ok
18:53:09.0851 4640  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:53:09.0913 4640  tssecsrv - ok
18:53:09.0975 4640  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:53:10.0038 4640  TsUsbFlt - ok
18:53:10.0131 4640  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:53:10.0225 4640  tunnel - ok
18:53:10.0241 4640  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
18:53:10.0256 4640  uagp35 - ok
18:53:10.0303 4640  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:53:10.0412 4640  udfs - ok
18:53:10.0443 4640  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
18:53:10.0475 4640  UI0Detect - ok
18:53:10.0521 4640  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:53:10.0521 4640  uliagpkx - ok
18:53:10.0584 4640  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
18:53:10.0646 4640  umbus - ok
18:53:10.0677 4640  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
18:53:10.0709 4640  UmPass - ok
18:53:10.0755 4640  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
18:53:10.0818 4640  upnphost - ok
18:53:10.0865 4640  [ F49988FBF59413B974B1380D6F743EBC ] upperdev        C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:53:10.0927 4640  upperdev - ok
18:53:10.0989 4640  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
18:53:11.0021 4640  usbaudio - ok
18:53:11.0052 4640  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
18:53:11.0114 4640  usbccgp - ok
18:53:11.0114 4640  USBCCID - ok
18:53:11.0161 4640  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:53:11.0208 4640  usbcir - ok
18:53:11.0223 4640  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
18:53:11.0270 4640  usbehci - ok
18:53:11.0317 4640  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:53:11.0364 4640  usbhub - ok
18:53:11.0379 4640  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
18:53:11.0411 4640  usbohci - ok
18:53:11.0442 4640  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
18:53:11.0473 4640  usbprint - ok
18:53:11.0535 4640  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\windows\system32\drivers\usbser.sys
18:53:11.0598 4640  usbser - ok
18:53:11.0629 4640  [ 0FE9E048FC762DCAC087CB9EE1680079 ] UsbserFilt      C:\windows\system32\DRIVERS\usbser_lowerfltx64j.sys
18:53:11.0676 4640  UsbserFilt - ok
18:53:11.0691 4640  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
18:53:11.0754 4640  USBSTOR - ok
18:53:11.0785 4640  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
18:53:11.0816 4640  usbuhci - ok
18:53:11.0847 4640  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
18:53:11.0910 4640  usbvideo - ok
18:53:11.0972 4640  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
18:53:12.0035 4640  UxSms - ok
18:53:12.0081 4640  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
18:53:12.0097 4640  VaultSvc - ok
18:53:12.0128 4640  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:53:12.0144 4640  vdrvroot - ok
18:53:12.0222 4640  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
18:53:12.0284 4640  vds - ok
18:53:12.0347 4640  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
18:53:12.0362 4640  vga - ok
18:53:12.0378 4640  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
18:53:12.0440 4640  VgaSave - ok
18:53:12.0487 4640  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
18:53:12.0518 4640  vhdmp - ok
18:53:12.0565 4640  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
18:53:12.0581 4640  viaide - ok
18:53:12.0659 4640  [ C49FF968CF459DBE57CFADBC36988AAE ] vm331avs        C:\windows\system32\Drivers\vm331avs.sys
18:53:12.0721 4640  vm331avs - ok
18:53:12.0768 4640  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:53:12.0799 4640  volmgr - ok
18:53:12.0830 4640  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
18:53:12.0846 4640  volmgrx - ok
18:53:12.0877 4640  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
18:53:12.0893 4640  volsnap - ok
18:53:12.0924 4640  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
18:53:12.0955 4640  vsmraid - ok
18:53:13.0095 4640  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
18:53:13.0205 4640  VSS - ok
18:53:13.0251 4640  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:53:13.0283 4640  vwifibus - ok
18:53:13.0329 4640  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:53:13.0392 4640  vwififlt - ok
18:53:13.0470 4640  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
18:53:13.0548 4640  W32Time - ok
18:53:13.0563 4640  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
18:53:13.0595 4640  WacomPen - ok
18:53:13.0657 4640  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:53:13.0735 4640  WANARP - ok
18:53:13.0766 4640  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:53:13.0797 4640  Wanarpv6 - ok
18:53:13.0907 4640  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
18:53:13.0969 4640  WatAdminSvc - ok
18:53:14.0047 4640  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
18:53:14.0156 4640  wbengine - ok
18:53:14.0187 4640  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:53:14.0219 4640  WbioSrvc - ok
18:53:14.0265 4640  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
18:53:14.0312 4640  wcncsvc - ok
18:53:14.0328 4640  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:53:14.0359 4640  WcsPlugInService - ok
18:53:14.0390 4640  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
18:53:14.0421 4640  Wd - ok
18:53:14.0484 4640  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:53:14.0531 4640  Wdf01000 - ok
18:53:14.0562 4640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:53:14.0702 4640  WdiServiceHost - ok
18:53:14.0702 4640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
18:53:14.0718 4640  WdiSystemHost - ok
18:53:14.0765 4640  [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror        C:\windows\system32\DRIVERS\WDMirror.sys
18:53:14.0796 4640  wdmirror - ok
18:53:14.0843 4640  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
18:53:14.0889 4640  WebClient - ok
18:53:14.0999 4640  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:53:15.0092 4640  Wecsvc - ok
18:53:15.0139 4640  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
18:53:15.0217 4640  wercplsupport - ok
18:53:15.0295 4640  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
18:53:15.0373 4640  WerSvc - ok
18:53:15.0482 4640  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:53:15.0529 4640  WfpLwf - ok
18:53:15.0560 4640  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
18:53:15.0591 4640  WimFltr - ok
18:53:15.0623 4640  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:53:15.0638 4640  WIMMount - ok
18:53:15.0654 4640  WinDefend - ok
18:53:15.0654 4640  WinHttpAutoProxySvc - ok
18:53:15.0716 4640  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
18:53:15.0825 4640  Winmgmt - ok
18:53:15.0903 4640  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
18:53:16.0044 4640  WinRM - ok
18:53:16.0122 4640  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
18:53:16.0200 4640  Wlansvc - ok
18:53:16.0309 4640  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:53:16.0325 4640  wlcrasvc - ok
18:53:16.0449 4640  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:53:16.0559 4640  wlidsvc - ok
18:53:16.0621 4640  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
18:53:16.0652 4640  WmiAcpi - ok
18:53:16.0699 4640  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:53:16.0730 4640  wmiApSrv - ok
18:53:16.0793 4640  WMPNetworkSvc - ok
18:53:16.0886 4640  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:53:16.0933 4640  WPCSvc - ok
18:53:16.0964 4640  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:53:16.0995 4640  WPDBusEnum - ok
18:53:17.0042 4640  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
18:53:17.0120 4640  ws2ifsl - ok
18:53:17.0183 4640  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
18:53:17.0229 4640  wscsvc - ok
18:53:17.0245 4640  WSearch - ok
18:53:17.0292 4640  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
18:53:17.0307 4640  wsvd - ok
18:53:17.0432 4640  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
18:53:17.0510 4640  wuauserv - ok
18:53:17.0557 4640  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:53:17.0651 4640  WudfPf - ok
18:53:17.0713 4640  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:53:17.0744 4640  WUDFRd - ok
18:53:17.0775 4640  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
18:53:17.0791 4640  wudfsvc - ok
18:53:17.0822 4640  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
18:53:17.0869 4640  WwanSvc - ok
18:53:17.0900 4640  ================ Scan global ===============================
18:53:17.0963 4640  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:53:18.0009 4640  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
18:53:18.0041 4640  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
18:53:18.0072 4640  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:53:18.0103 4640  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:53:18.0103 4640  [Global] - ok
18:53:18.0103 4640  ================ Scan MBR ==================================
18:53:18.0119 4640  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:53:19.0803 4640  \Device\Harddisk0\DR0 - ok
18:53:19.0819 4640  ================ Scan VBR ==================================
18:53:19.0850 4640  [ D26090C4C6D6CDD28A9EDA6CDF6DC79A ] \Device\Harddisk0\DR0\Partition1
18:53:19.0850 4640  \Device\Harddisk0\DR0\Partition1 - ok
18:53:19.0866 4640  [ 46B1AFB48EDF39D517571E21320C5C34 ] \Device\Harddisk0\DR0\Partition2
18:53:19.0881 4640  \Device\Harddisk0\DR0\Partition2 - ok
18:53:19.0913 4640  [ F4D998C6F4739BBD1002DE4CA51A3D14 ] \Device\Harddisk0\DR0\Partition3
18:53:19.0913 4640  \Device\Harddisk0\DR0\Partition3 - ok
18:53:19.0913 4640  ============================================================
18:53:19.0913 4640  Scan finished
18:53:19.0913 4640  ============================================================
18:53:19.0928 2632  Detected object count: 0
18:53:19.0928 2632  Actual detected object count: 0
         
Es gab keine Meldungen.
Claudia
__________________

Alt 27.12.2012, 18:38   #4
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.12.2012, 22:09   #5
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Danke und entschuldige die verzögerte Antwort. Hier der Log von Combo Fix:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-27.03 - Claudia 27.12.2012  22:56:58.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3892.1459 [GMT 1:00]
ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Claudia\AppData\Local\assembly\tmp
c:\users\Claudia\AppData\Roaming\Vyfoqe
c:\users\Claudia\AppData\Roaming\Vyfoqe\wulo.tmp
c:\users\Claudia\AppData\Roaming\Wigog
c:\users\Claudia\AppData\Roaming\Wigog\quri.doy
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 22:02 . 2012-12-27 22:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-27 22:02 . 2012-12-27 22:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 15:46 . 2012-12-27 15:46	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Malwarebytes
2012-12-27 15:46 . 2012-12-27 15:46	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-27 15:46 . 2012-12-27 15:46	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-27 15:46 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-20 18:41 . 2012-12-20 18:41	--------	d-----w-	C:\found.000
2012-12-16 11:33 . 2012-12-16 11:32	289768	----a-w-	c:\windows\system32\javaws.exe
2012-12-16 11:33 . 2012-12-16 11:32	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-16 11:33 . 2012-12-16 11:32	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-16 11:32 . 2012-12-16 11:32	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-16 11:32 . 2012-12-16 11:32	189416	----a-w-	c:\windows\system32\javaw.exe
2012-12-16 11:32 . 2012-12-16 11:32	188904	----a-w-	c:\windows\system32\java.exe
2012-12-16 11:32 . 2012-12-16 11:32	--------	d-----w-	c:\program files\Java
2012-12-13 17:20 . 2012-12-13 17:20	--------	d-----w-	c:\users\Claudia\AppData\Roaming\AVG2013
2012-12-13 17:16 . 2012-12-13 17:16	--------	d-----w-	c:\users\Claudia\AppData\Roaming\TuneUp Software
2012-12-13 17:13 . 2012-12-13 17:16	--------	d-----w-	c:\programdata\AVG2013
2012-12-13 17:10 . 2012-12-27 07:02	--------	d-----w-	c:\users\Claudia\AppData\Local\Avg2013
2012-12-13 17:10 . 2012-12-13 17:10	--------	d-----w-	c:\users\Claudia\AppData\Local\MFAData
2012-12-13 10:50 . 2012-10-04 17:38	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 17:55 . 2011-03-03 19:46	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-13 12:26 . 2012-04-13 17:03	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 12:26 . 2011-06-11 07:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-22 12:02 . 2012-10-22 12:02	154464	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-27 18:30	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:30	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:30	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48	63328	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 19:37	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 19:37	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 19:37	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 19:37	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32 . 2012-10-05 02:32	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-13 10:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 19:35	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 19:35	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 19:35	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 19:35	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 19:35	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 19:35	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 19:35	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 19:35	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 19:35	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 19:35	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 19:35	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 02:30 . 2012-10-02 02:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28	1307928	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-16 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-5-10 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-16 220672]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-11 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-09-14 24680]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-14 235624]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-02-24 215040]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16638052
*Deregistered* - 16638052
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
<NO NAME>	REG_SZ         	
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:26]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 21:27]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 21:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-20 10151968]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-20 908320]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-05 345896]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-21 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-04-21 7069088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\g9xypjhb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27  23:05:00
ComboFix-quarantined-files.txt  2012-12-27 22:05
.
Vor Suchlauf: 7 Verzeichnis(se), 334.061.076.480 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 334.779.985.920 Bytes frei
.
- - End Of File - - 98C8E152823A91C3BC03D88994854371
         
--- --- ---


Danke für deine Hilfe!


Alt 28.12.2012, 14:07   #6
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> GVU Trojaner - Stand nach Systemwiederherstellung

Alt 29.12.2012, 10:00   #7
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hallo Markus, ja, mache ich sobald es geht - ich bin gerade unterwegs und habe nur sporadisch Zugang zum Netz. Es kann also etwas dauern :-(. Danke für deine Geduld! Claudia

Alt 02.01.2013, 20:15   #8
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



hi
einfach melden wenn du Zeit hast.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 21:21   #9
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hallo Markus - danke für deine Geduld und ein gesundes neues Jahr!

Hier der Logfile von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Claudia :: CLAUDIA-LAPTOP [Administrator]

04.01.2013 19:39:44
mbam-log-2013-01-04 (19-39-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 493993
Laufzeit: 1 Stunde(n), 33 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich muss allerdings dazu sagen, dass AVG im Hintergrund ebenfalls einen Scan gestartet hatte, ich das aber erst spät bemerkt habe. Da wurden 3 Bedrohungen gefunden, die Kurzübersicht sieht so aus:
Code:
ATTFilter
Geplanter Scan			
Hohe Priorität	3	3	0
Ausgewählte Ordner:	Gesamten Computer scannen		
Gestartet/beendet:	03.01.2013, 21:08:29 / 03.01.2013, 22:44:27		
Gescannter Objekte:	1843091		
Benutzer:	SYSTEM		
			
Status	Priorität	Name	Beschreibung
Geheilt	Hoch	Virus gefunden: JS/Redir	C:\Users\Claudia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPFZYGX2\giga-slot_biz[1].htm
Geheilt	Hoch	Trojaner: Dropper.Generic7.AEYP	C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-2ffb88d9
Geheilt	Hoch	Trojaner: Exploit_c.WMC	C:\Users\Claudia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPFZYGX2\Port_Anyway[1].htm
         
Danke und viele Grüße,
Claudia

Alt 05.01.2013, 14:54   #10
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 15:36   #11
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hallo Markus, hier die Liste. Ich war mir bei manchen Sachen nicht ganz sicher (die Treiber und die Dinge die von Haus aus von Lenovo hier installiert waren, habe ich nie deinstalliert, so dass ich bei manchen DIngen nicht sicher entscheiden konnte. Gleiches gilt für die Microsoft Programme, ich habe die erst mal mit "notwendig" gekennzeichnet.

Danke!

Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	13.12.2012	6,00MB	11.5.502.135	notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.12.2012	6,00MB	11.5.502.135	notwendig
Adobe Reader 9.5.2 - Deutsch	Adobe Systems Incorporated	05.10.2012	118MB	9.5.2		notwendig
ALPS Touch Pad Driver	Alps Electric	28.11.2010		Version 7.107.1611.204			notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	28.11.2010	1.0.0.26	notwendig
AVG 2013	AVG Technologies	13.12.2012		2013.0.2805	notwendig
Bing Bar	Microsoft Corporation	22.04.2012	464KB	7.1.361.0	unnötig
CCleaner	Piriform	19.12.2012		3.26			notwendig
Cisco Systems VPN Client 5.0.07.0290		18.05.2012	10,6MB		notwendig
Citavi	Swiss Academic Software	08.01.2012	62,8MB	3.1.15.0		notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	13.12.2012	116MB	12.0.6612.1000	notwendig
ConvertHelper 2.2	DownloadHelper	02.09.2011								notwendig
CyberLink YouCam	CyberLink Corp.	28.11.2010	134MB	3.0.2626					unnötig
DivX-Setup	DivX, LLC	20.11.2011		2.6.0.34						notwendig
ElsterFormular-Update	Landesfinanzdirektion Thüringen	15.04.2012		1.0				notwendig
Energy Management	Lenovo	28.11.2010		5.4.2.0							notwendig
Google Chrome	Google Inc.	03.08.2012		23.0.1271.97						unnötig
Intel(R) Control Center	Intel Corporation	28.11.2010		1.2.1.1007				notwendig
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	23.02.2011		8.15.10.2119	notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	28.11.2010		9.6.0.1014		notwendig
IZArc 4.1.6	Ivan Zahariev	08.05.2011	13,3MB	4.1.6							unbekannt
Java 7 Update 9 (64-bit)	Oracle	16.12.2012	127MB	7.0.90						notwendig
Java(TM) 6 Update 29	Oracle	25.02.2011	97,0MB	6.0.290							notwendig
Lenovo Bluetooth with Enhanced Data Rate Software	Broadcom Corporation	28.11.2010	144MB	6.2.1.2100	notwendig
Lenovo DirectShare	ArcSoft	28.11.2010	37,8MB	1.0.1.38						unnötig
Lenovo EasyCamera	Vimicro	28.11.2010		2.10.0223.1						notwendig
Lenovo Games Console	Oberon Media Inc.	28.11.2010		0.38.389.2				unnötig
Lenovo MuteSync	Lenovo	28.11.2010	393KB	1.0.0.3								notwendig
Lenovo OneKey Recovery	CyberLink Corp.	28.11.2010		7.0.1230					notwendig
Lenovo ReadyComm 5	Lenovo	28.11.2010		5.1.1.20						notwendig
Lenovo_Wireless_Driver	Lenovo	28.11.2010		1.02.01							notwendig
LyX 2.0.2-1	LyX Team	30.12.2011		2.0.2-1							notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	03.01.2013	18,4MB	1.70.0.1100	notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.02.2011	38,8MB	4.0.30319		notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.02.2011	2,93MB	4.0.30319	notwendig
Microsoft Office 2010	Microsoft Corporation	28.11.2010	6,31MB	14.0.4763.1000				notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	14.09.2012	508KB	2.0.4024.1		notwendig
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	04.09.2011	416MB	10.0.6626.0	notwendig
Microsoft Silverlight	Microsoft Corporation	13.05.2012	50,6MB	5.1.10411.0				notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	28.11.2010	1,69MB	3.1.0000	notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.08.2011	300KB	8.0.56336	notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	28.11.2010	708KB	8.0.61000	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	25.02.2011	784KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	27.08.2011	788KB	9.0.30729.6161	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.02.2011	592KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	06.08.2011	600KB	9.0.30729.6161	notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.12.2012	16,5MB	10.0.40219	notwendig
MiKTeX 2.9	MiKTeX.org	30.12.2011		2.9		notwendig
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	13.12.2012	46,3MB	17.0.1	notwendig
Mozilla Maintenance Service	Mozilla	13.12.2012	329KB	17.0.1	notwendig
Nokia Connectivity Cable Driver		04.03.2011		6.80.5.1	unnötig
NVIDIA Display Control Panel	NVIDIA Corporation	28.11.2010	135MB	6.14.12.5970	notwendig
NVIDIA Drivers	NVIDIA Corporation	28.11.2010	63,0MB	1.10.62.40	notwendig
NVIDIA Stereoscopic 3D Driver	NVIDIA Corporation	28.11.2010		7.17.12.5970	notwendig
OneKey Recovery	CyberLink Corp.	28.11.2010		7.0.1230	notwendig
Onekey Theater	Lenovo	28.11.2010		2.0.1.7			unbekannt
OpenOffice.org 3.3	OpenOffice.org	25.02.2011	414MB	3.3.9567	notwendig
Power2Go	CyberLink Corp.	28.11.2010		5.6.0.4809d4		notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	28.11.2010		6.0.1.6093	notwendig
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	28.11.2010		6.1.7100.30098		notwendig
Skype Click to Call	Skype Technologies S.A.	19.02.2012	17,7MB	5.6.8442				notwendig
Skype™ 5.10	Skype Technologies S.A.	09.08.2012	19,4MB	5.10.116					notwendig
Smart PDF Converter 6.3.0.467	Smart Soft	09.01.2012	53,3MB	6.3.0.467				notwendig
Spotify	Spotify AB	16.12.2012		0.8.5.1333.g822e0de8						notwendig
SPSS Statistics 17.0	SPSS Inc.	24.09.2011	691MB	17.0.1						notwendig
Stata11	StataCorp LP	10.05.2011	214MB	11.0								notwendig
Visual Studio 2008 x64 Redistributables	AVG Technologies	26.04.2011	8,14MB	10.0.0.2		notwendig
Visual Studio 2010 x64 Redistributables	AVG Technologies	13.12.2012	12,4MB	13.0.0.1		notwendig
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)	Broadcom	28.11.2010		04/08/2010 6.3.5.430	notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	28.11.2010		07/28/2009 6.2.0.9800		notwendig
Windows Live Essentials	Microsoft Corporation	28.11.2010		15.4.3502.0922								notwendig
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	28.11.2010	5,57MB	15.4.5722.2	notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	28.11.2010	5,57MB	15.4.5722.2	notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	18.11.2012	296KB	1.0.0.8						notwendig
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)	Lenovo	28.11.2010		10/19/2009 5.4.0.1	notwendig
Zattoo4 4.0.5	Zattoo Inc.	03.08.2012		4.0.5									notwendig
         

Alt 05.01.2013, 18:31   #12
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
CyberLink
Google
IZArc
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Nokia

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 13:00   #13
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hallo Markus,

ich habe alle Programme deinstalliert bzw. neuinstalliert und auch den CC CLeaner schon laufen lassen. ADW CLeaner wird von meinem AVG als Trojerner erkannt und gibt mir die Option das entweder zu ignorieren oder auszuführen. Daher nur die kurze RÜckfrage - ist das "normal" und kann ich das unbesrogt ausführen? Der Trojaner wird unter folgendem Namen angezeigt: IDP.Trojan.97AC54E5

Außerdem habe ich festgestellt, dass manche Dateiordner jetzt schreibgeschützt auftauchen und dieser Schreibschutz sich auch nicht entfernen lässt. Ich weiß nicht, ob das eine Rolle spielt.

Danke und viele Grüße,
Claudia

Alt 06.01.2013, 16:22   #14
markusg
/// Malware-holic
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Hi
die Ordner waren schon immer da, nur versteckt, der Schreibschutz ist ok.
Deaktiviere mal AVG während ADWCleaner, dann gehts.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 16:35   #15
Grashälmchen
 
GVU Trojaner - Stand nach Systemwiederherstellung - Standard

GVU Trojaner - Stand nach Systemwiederherstellung



Gut, wollte nur sicher gehen. Hier der Log:

Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 06/01/2013 um 17:33:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Claudia - CLAUDIA-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Users\Claudia\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\g9xypjhb.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1517 octets] - [06/01/2013 17:33:32]

########## EOF - C:\AdwCleaner[R1].txt - [1577 octets] ##########
         

Antwort

Themen zu GVU Trojaner - Stand nach Systemwiederherstellung
administrator, adobe, avg, avg secure search, bho, bingbar, cid, datensicherung, dsgsdgdsgdsgw.pad, excel, explorer, festplatte, firefox, flash player, format, ftp, gvu trojaner, home, lenovo, logfile, mozilla, nvidia, nvpciflt.sys, realtek, registry, schannel.dll, secure search, security, software, spotify web helper, starten, trojaner, usb, windows 7 64 bit



Ähnliche Themen: GVU Trojaner - Stand nach Systemwiederherstellung


  1. wenn ich das pc anschalte zeigt es nach paar minuten stand da "anzeigetriber wurde nach dem fehler wieder hergestellt" also so in der richtu
    Alles rund um Windows - 09.08.2015 (3)
  2. akm trojaner nach systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (12)
  3. GVU Trojaner nach Systemwiederherstellung Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  4. GVU-Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (40)
  5. gvu trojaner nach systemwiederherstellung entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  6. GVU Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (12)
  7. Gvu trojaner nach systemwiederherstellung
    Log-Analyse und Auswertung - 07.11.2012 (15)
  8. GVU Trojaner - was tun nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (42)
  9. GVU Trojaner entfernen (nach Systemwiederherstellung)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (9)
  10. BKA-Trojaner: Logfiles nach Systemwiederherstellung
    Log-Analyse und Auswertung - 14.08.2012 (7)
  11. GVU-Trojaner entfernt nach Systemwiederherstellung
    Log-Analyse und Auswertung - 15.07.2012 (11)
  12. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. BKA-Trojaner/ Verhalten nach Systemwiederherstellung
    Log-Analyse und Auswertung - 30.03.2012 (5)
  14. BKA Trojaner nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  15. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  16. Trojaner nach Systemwiederherstellung noch auf PC?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (3)
  17. Probleme nach Trojaner und Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (40)

Zum Thema GVU Trojaner - Stand nach Systemwiederherstellung - Liebe Mitglieder des Trojaner-Boards, ich habe mir gestern Abend den GVU Trojaner eingefangen (Win 7, 64bit) und folgendes bisher unternommen: Nach erfolgreichem Starten im abgesicherten Modus habe ich eine Systemwiederherstellung - GVU Trojaner - Stand nach Systemwiederherstellung...
Archiv
Du betrachtest: GVU Trojaner - Stand nach Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.