| |
| |||||||
Log-Analyse und Auswertung: System Progressive Protection...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.01.2013, 22:06
| #1 |
 |  System Progressive Protection... Hallo zusammen Heute hat sich bei mir der System Progressive Protection installiert. Ich habe, wie in einem Beitrag geschrieben, den rkill gestartet und mit Malwarebytes das System durchsucht. Hier der Log vom Quick-Scan Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ***:: *** [Administrator] Schutz: Aktiviert 10.01.2013 21:33:02 mbam-log-2013-01-10 (21-33-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230316 Laufzeit: 16 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> 3976 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|6472A497FCFAC9BE00006472402ACED0 (Trojan.LameShield.GI) -> Daten: C:\ProgramData\6472A497FCFAC9BE00006472402ACED0\6472A497FCFAC9BE00006472402ACED0.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> Keine Aktion durchgeführt. C:\ProgramData\6472A497FCFAC9BE00006472402ACED0\6472A497FCFAC9BE00006472402ACED0.exe (Trojan.LameShield.GI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank schon mal für die Hilfe! Geändert von sensa (10.01.2013 um 22:52 Uhr) |
|
11.01.2013, 00:29
| #2 |
| /// Malware-holic   | System Progressive Protection... Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
11.01.2013, 20:47
| #3 |
| | System Progressive Protection... Also, hier nun die gewünschten Daten.
__________________OTL Code:
ATTFilter OTL logfile created on: 11.01.2013 19:42:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.95 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 37.46% Memory free 3.89 Gb Paging File | 1.80 Gb Available in Paging File | 46.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.65 Gb Total Space | 72.96 Gb Free Space | 32.91% Space Free | Partition Type: NTFS Drive Q: | 9.77 Gb Total Space | 1.85 Gb Free Space | 18.92% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 45.21% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\divx\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\DTS.exe () PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe (Lenovo) PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\NCH Software\ExpressZip\ezcm.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll () MOD - C:\Program Files\divx\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\divx\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll () MOD - C:\Program Files\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll () MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMROV.DLL () MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll () MOD - C:\Program Files\Lenovo\Camera Center\bin\de\LocalizationWrapper.resources.dll () MOD - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll () MOD - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll () MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (HTCMonitorService) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (dtsvc) -- C:\Windows\System32\DTS.exe () SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe () SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (5U875UVC) -- C:\Windows\System32\drivers\5U875.sys (Ricoh co.,Ltd.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (s117nd5) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.taekwondo.ch/bern/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=LENIE&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={592C111F-1ED1-49e1-8E63-7A40B616A18B} IE - HKCU\..\SearchScopes\{30E97D08-462C-40B1-B406-10D72154D73B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local*.unibe.ch;130.92.*;<local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=proxy.unibe.ch:80 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Users\***\AppData\Roaming\Juniper Networks\Network Connect 6.3.0\instantproxy.pac ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=hp&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH" FF - prefs.js..extensions.enabledAddons: admin@proxy-listen.de:1.0.1 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.10.0.1 FF - prefs.js..extensions.enabledAddons: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1 FF - prefs.js..extensions.enabledAddons: {94366e2c-9923-431c-b0d6-747447dd0f2b}:1.0.0.12 FF - prefs.js..extensions.enabledAddons: ytvdw@pgport.com:1.1.10 FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1 FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.2 FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2 FF - prefs.js..keyword.URL: "hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=kwd&qsrc=2869&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH&q=" FF - prefs.js..network.proxy.backup.ftp: "88.80.208.22" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.socks: "88.80.208.22" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "88.80.208.22" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "88.80.208.224" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "88.80.208.224" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.80.208.224" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "88.80.208.224" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 16:37:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.19 20:06:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 16:37:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009.11.29 20:23:14 | 000,000,000 | ---D | M] [2010.03.04 00:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.04 00:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.07.10 16:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions [2012.03.07 13:58:10 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2012.07.10 16:44:14 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2011.06.16 13:33:05 | 000,014,778 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\himt3oew.default\extensions\admin@proxy-listen.de.xpi [2012.03.09 19:44:37 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\himt3oew.default\extensions\ytvdw@pgport.com.xpi [2012.08.25 20:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.06.28 07:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_5_2 File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN [2012.09.19 20:06:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIMT3OEW.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIMT3OEW.DEFAULT\EXTENSIONS\{94366E2C-9923-431C-B0D6-747447DD0F2B} [2009.11.29 20:28:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.03.07 14:15:13 | 000,002,274 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=48 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=48 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: NCH DE = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\2.3.15.10_0\ O1 HOSTS File: ([2009.11.03 21:01:11 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL () O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe () O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-ch.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.unibe.ch/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DFFC059-A6D1-49CD-8D00-02C6035D3C6F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk Q:\ O32 - Unable to obtain root file information for disk S:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 18:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.10 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EurekaLog [2013.01.10 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.01.10 22:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2013.01.10 22:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware [2013.01.10 21:46:08 | 258,580,296 | ---- | C] (Emsisoft GmbH ) -- C:\Users\***\Desktop\EmsisoftAntiMalwareSetup.exe [2013.01.10 21:43:27 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\rkill.com [2013.01.10 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.10 21:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.10 21:31:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.10 21:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.10 21:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.10 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.10 21:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\6472A497FCFAC9BE00006472402ACED0 [2013.01.05 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Arbeiten Nadja [2013.01.05 17:53:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ALS ========== Files - Modified Within 30 Days ========== [2013.01.11 19:45:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.11 19:40:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.11 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.11 19:00:21 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2013.01.11 18:30:11 | 000,011,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 18:30:10 | 000,011,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 18:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.11 18:15:52 | 000,001,024 | ---- | M] () -- C:\Users\***\.rnd [2013.01.11 18:12:47 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_***.job [2013.01.11 18:12:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.11 18:11:33 | 1566,597,120 | -HS- | M] () -- C:\hiberfil.sys [2013.01.11 17:42:34 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.10 22:16:49 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.01.10 21:51:05 | 258,580,296 | ---- | M] (Emsisoft GmbH ) -- C:\Users\***\Desktop\EmsisoftAntiMalwareSetup.exe [2013.01.10 21:43:29 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\rkill.com [2013.01.10 21:31:22 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 18:05:01 | 000,704,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.10 18:05:01 | 000,665,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.10 18:05:01 | 000,148,772 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.10 18:05:01 | 000,124,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.05 11:14:04 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_***.job [2012.12.22 10:15:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_***.job [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.01.10 22:16:49 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.01.10 21:31:22 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.15 11:12:23 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_***.job [2012.12.15 11:10:51 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_***.job [2012.12.15 11:10:49 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_***.job [2012.09.22 10:45:47 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd [2012.07.10 16:44:06 | 000,045,765 | ---- | C] () -- C:\Users\Sonja\AppData\Roaming\ExpressZip.dmp [2011.06.15 19:05:40 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.05.24 08:36:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.21 17:16:01 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.02.07 13:19:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2010.12.21 08:06:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.21 07:15:03 | 000,000,166 | ---- | C] () -- C:\Users\***\20080418.rm [2010.03.23 20:21:59 | 001,714,146 | ---- | C] () -- C:\Users\***\Backup_of_Programm10_3seitig.cdr [2010.03.23 20:17:44 | 003,669,538 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.cdr [2010.03.23 20:16:05 | 003,148,809 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.pdf [2010.03.23 20:15:28 | 001,713,256 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitig.cdr [2010.03.23 20:12:59 | 003,669,684 | ---- | C] () -- C:\Users\***\Programm10_3seitigkurvig.cdr [2010.03.23 20:06:52 | 003,118,733 | ---- | C] () -- C:\Users\***\Programm10_3seitig.cdr [2009.12.22 16:12:59 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure [2013.01.10 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2012.08.19 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haowes [2012.07.04 12:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC [2012.07.04 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC Sync [2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks [2009.11.29 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.11.29 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo [2009.10.12 22:29:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.02.07 20:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic [2012.08.19 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ryvao [2010.07.28 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.05.23 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2012.08.19 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Urruer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.11.29 19:53:09 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2009.11.29 21:54:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.11.29 20:56:02 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2009.11.29 17:34:26 | 000,000,000 | -H-D | M] -- C:\A [2012.02.28 20:34:34 | 000,000,000 | ---D | M] -- C:\a96e4b101ec97134f8ce [2009.05.23 22:32:03 | 000,000,000 | ---D | M] -- C:\AuthLog [2013.01.11 19:41:44 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.26 15:24:44 | 000,000,000 | ---D | M] -- C:\DRIVERS [2009.05.23 22:06:27 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.24 15:11:16 | 000,000,000 | ---D | M] -- C:\KAV [2009.05.23 21:05:50 | 000,000,000 | ---D | M] -- C:\mfg [2009.05.23 22:38:14 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.10 22:51:46 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.10 21:31:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2009.11.29 17:34:26 | 000,000,000 | RHSD | M] -- C:\RRbackups [2009.11.29 17:34:22 | 000,000,000 | ---D | M] -- C:\SWShare [2009.08.24 15:00:55 | 000,000,000 | ---D | M] -- C:\SWTOOLS [2009.08.24 10:21:04 | 000,000,000 | ---D | M] -- C:\swwork [2013.01.11 18:59:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.07 13:59:02 | 000,000,000 | ---D | M] -- C:\Temp [2009.11.29 20:47:55 | 000,000,000 | R--D | M] -- C:\Users [2013.01.10 21:13:35 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.05.23 22:28:18 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.05.24 13:41:17 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.05.24 13:41:19 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.02.07 13:19:52 | 000,000,254 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job [2012.03.30 12:03:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.15 11:10:49 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_***.job [2012.12.15 11:10:51 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_***.job [2012.12.15 11:12:23 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_***.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\DRIVERS\other\IaStor.sys [2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys [2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\drivers\iaStor.sys [2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3ffc2247bd763e9e\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2013.01.11 18:15:52 | 000,001,024 | ---- | M] () -- C:\Users\***\.rnd [2010.04.21 07:15:04 | 000,000,166 | ---- | M] () -- C:\Users\***\20080418.rm [2010.03.23 20:06:58 | 001,714,146 | ---- | M] () -- C:\Users\***\Backup_of_Programm10_3seitig.cdr [2013.01.11 19:53:48 | 005,767,168 | -HS- | M] () -- C:\Users\***\ntuser.dat [2013.01.11 19:53:48 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2009.11.29 20:18:38 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2010.06.13 13:18:19 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TM.blf [2010.06.13 13:18:19 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms [2010.06.13 13:18:19 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms [2011.04.06 21:51:07 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TM.blf [2011.04.06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TMContainer00000000000000000001.regtrans-ms [2011.04.06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TMContainer00000000000000000002.regtrans-ms [2009.11.29 20:18:39 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.11.29 20:18:39 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.11.29 20:18:39 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.01.21 18:13:29 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TM.blf [2011.01.21 18:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms [2011.01.21 18:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms [2011.03.17 10:00:33 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TM.blf [2011.03.17 10:00:33 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms [2011.03.17 10:00:33 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms [2011.03.17 10:28:36 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TM.blf [2011.03.17 10:28:36 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms [2011.03.17 10:28:36 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms [2012.09.19 20:58:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TM.blf [2012.09.19 20:58:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms [2012.09.19 20:58:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms [2009.11.29 21:15:12 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2010.03.23 20:22:04 | 003,118,733 | ---- | M] () -- C:\Users\***\Programm10_3seitig.cdr [2010.03.23 20:13:10 | 003,669,684 | ---- | M] () -- C:\Users\***\Programm10_3seitigkurvig.cdr [2010.03.23 20:15:33 | 001,713,256 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitig.cdr [2010.03.23 20:17:44 | 003,669,538 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.cdr [2010.03.23 20:16:12 | 003,148,809 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.pdf [2011.03.01 16:18:57 | 000,052,224 | -HS- | M] () -- C:\Users\***\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 18:31:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
1.95 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.96% Memory free
3.89 Gb Paging File | 1.90 Gb Available in Paging File | 48.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 73.71 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.85 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FA6A0F-1AC2-4C58-BD2B-6FE234CD8458}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{0AAE132C-4E59-4976-8F9E-B9271351B679}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B909B47-11DA-4FB7-A828-9648C6242EB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E2DBB7-0809-424A-AE2A-3F360340BE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A96ED1E-3AE3-4648-B8A6-43A59000CD69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D097B58-7AD4-44DC-8F60-CAD7951C431A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6B1CD13E-C1CD-4DD7-B2E6-73F9A2000D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{711890D8-BE0E-49A5-86CC-54D5D4AB8C1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7264B98D-735A-44B5-AEA4-06DB7FB83308}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8654053B-9ADF-4DED-8874-57EC77DCD6B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{88FD1137-2A18-4867-B6C1-7EA9FEA506F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8A472A98-5528-4119-97B0-55886EE5F16B}" = lport=137 | protocol=17 | dir=in | app=system |
"{918405AA-A71F-4DB6-84F5-0122CB56A583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{963CB90F-4A1F-4E45-B47C-4EA5E7B0CC15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B6519FD-5A51-4C3C-9E2A-2B8190F79D8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEFB8904-DDE5-45D8-AFDA-E20E811B569A}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF76901C-4E28-4DCD-934D-3A74435E0891}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B00C654C-9C41-4DAC-A417-9A5E0E897A48}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB9BFB2A-253A-430C-B3D9-5BCD7F6A5115}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0FB4142-F4FD-41AE-BB34-98353C9C3152}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC4865C2-F8E2-48CE-B68F-23589EF8A32E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD4F2839-56B7-48F7-8B5B-FC4FCDDB5B14}" = rport=137 | protocol=17 | dir=out | app=system |
"{DA6E41BC-49E3-4C94-92BF-D6BE087FA7C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB179DB5-7407-4A3B-913B-E448B5383887}" = lport=445 | protocol=6 | dir=in | app=system |
"{E18D9EA9-A8AA-466F-95D7-80E6BEA37D66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E30353D2-2F65-4825-B732-E5B5B68D1A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F55FD117-E091-49F9-8544-DEFF8C163ACC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035B6248-1E99-41A6-B159-77908B39EB86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0D2C2DDF-302F-4F7E-B6B9-DFA20A435EEF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0E7CC784-5C4D-43B6-B6B4-7F6F3686D73F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1379036A-A392-4DF4-9E93-D1C58D1EFAC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16E0CEEA-5DCB-4542-9680-B1F3A453A101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{172F78FC-F723-4991-B4B1-9ED913E737FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{20C10EDD-410C-4722-8662-23104921F376}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2155B6D0-7651-4AA9-AC75-926BC2E94F7D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{27250648-06C2-4398-9206-3168BC89A392}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{288CDD0C-613C-491A-B321-5C2F172EBD3C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{2E2528CC-2944-4BED-8ABA-7D50C610A27E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33EB7F11-3CAF-4299-8225-BC12024896CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3938D084-F0AF-4EBB-B8EE-21D6747B19B8}" = dir=in | app=c:\program files\htc\htc sync manager\htc sync\htcsyncloader.exe |
"{39C95B22-91BE-486E-9B05-6A37F48CD822}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{39D6EEEF-85B0-4BF4-9D20-404EA73CFD2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3C8FBEBB-70DE-4C69-A4D3-B08A8D8BA386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475AEEA6-A7D5-48EE-8242-85F485F18494}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57760483-7AE0-44C6-92D6-D46D7E68A8CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{61F4F797-E501-43E4-B99E-210015BFFDE2}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{67F6FB12-69B5-45F0-BA14-AE187C778B64}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6B63646E-938B-467C-A381-D180F45B3B50}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{74D90D38-4608-44F6-8A51-7FC5EA81A1EA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{7A15F5F7-F67E-4834-8801-9A6505479B4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7A47F128-4B4D-4FD8-90BF-42D296C94F19}" = dir=in | app=c:\users\sonja\appdata\local\temp\7zs10c2\ojj4600_basic_13\setup\hpznui01.exe |
"{7C3B5D81-5399-4B2D-BB9E-1237B8D1F6CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83640CB4-9197-4192-8FDC-D9909FAAA409}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{853BF420-C4C6-4939-BB08-2A8AC8938AE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A8FCC34-3AB7-4189-86E1-5E5A270886C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AB635C4-710D-4484-9CC0-A72CB8E3D339}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9248C12D-0299-443C-AF51-93BE8EE4F600}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{98FD6607-D97A-400C-B41E-1EFC31687BD8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{99B3FB7B-E454-4C09-8933-B0E48C63FE8F}" = protocol=6 | dir=out | app=system |
"{9B0A0EA2-F4D9-471B-A171-9A87361FA080}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9BD9DE94-9089-4436-A8F7-1F6590DE3D42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D5CD5A0-EC30-431F-BCE1-683FBA98DDE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9DC19387-0EA1-4334-8236-8521962434C4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9F7F0640-5AEC-4989-BB7A-28D1C46E553B}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{ABBACBBD-8876-4474-8C03-4B0EA37CF119}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC8C3AC9-1580-4FDB-9ED0-3CFC5A182EDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7380227-40E7-40EA-A0B7-47B6548029D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBB5BB80-9B90-46A8-8EED-874DDF520C54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E51612D7-ED86-4A94-806C-A7F1A930F2D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E856E6A9-C23C-49AE-ADB0-73AE626E87DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC5E7769-B61C-44EE-9040-44227F9D1587}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{ED3DF7CE-60F2-4F45-ADED-321D7C16218B}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F1C4D7C5-4870-415E-924C-4ED3AAC3297A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F54D7C3C-8180-4567-B6A4-988ADF6A478F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9841F34-C254-4029-A585-0AC808A5B714}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel(R) PROSet/Wireless WiFi Software
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = Integrated Camera Driver Installer Package Ver.1.18.500.0
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63d32065-045d-4328-a459-6d4c56540208}" = Microsoft Office Language Pack 2007 – Deutsch (für Office Outlook 2007 mit Business Contact Manager SP1)
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8776d074-2ff7-440b-b904-1836be70bd75}" = Microsoft Office Language Pack 2007 – Italiano (per Office Outlook 2007 con Business Contact Manager SP1)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{ab3ef3f3-02df-47fe-ad89-26004ae29462}" = Module linguistique de Microsoft Office 2007 – French/Français (pour Office Outlook 2007 avec le Gestionnaire de contacts professionnels SP1)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT für Internet Explorer
"{C7EE261A-06E9-402D-B504-9967F8FC6F0C}" = Mobile Broadband Connect
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951" = Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"ExpressZip" = Express Zip Dateikomprimierungs-Software
"F47257BFD82AA5BBF9668FC2EE9A258601FCE833" = Windows Driver Package - Intel (iaStor) hdc (11/03/2008 8.6.3.1004)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PC-Doctor for Windows" = Lenovo System Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Search Guard Plus" = Search Guard Plus (My Tattoons)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Tattoons)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3227804131-1792914278-699631089-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 12:43:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 16:15:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 16:17:05 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 17:09:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 17:54:11 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e70 Startzeit: 01cdef7729e487e9 Endzeit: 220 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 10.01.2013 18:34:10 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: xul.dll, Version: 1.9.0.3506,
Zeitstempel: 0x4a7c9d7b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0051f3b7 ID des fehlerhaften
Prozesses: 0x1fd4 Startzeit der fehlerhaften Anwendung: 0x01cdef7e232acf8c Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\xul.dll
Berichtskennung:
d96d6d7f-5b75-11e2-beef-0022680e28bc
Error - 11.01.2013 12:44:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 12:59:59 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1638 Startzeit: 01cdf01c54775325 Endzeit: 31 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 11.01.2013 13:13:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 13:30:36 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: edc Startzeit:
01cdf020d479bc64 Endzeit: 16 Anwendungspfad: C:\Users\***\Desktop\OTL.exe Berichts-ID:
[ System Events ]
Error - 11.01.2013 13:10:20 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst PCToolsSSDMonitorSvc erreicht.
Error - 11.01.2013 13:12:26 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Cisco Systems Inc. IPSec Driver" ist von folgendem Dienst
abhängig: DNE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.01.2013 13:12:58 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TVT Backup Protection Service erreicht.
Error - 11.01.2013 13:12:58 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TVT Backup Service erreicht.
Error - 11.01.2013 13:12:59 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TVT Scheduler erreicht.
Error - 11.01.2013 13:13:40 | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 11.01.2013 13:14:53 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
Error - 11.01.2013 13:15:04 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Cisco Systems Inc. IPSec Driver" ist von folgendem Dienst
abhängig: DNE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.01.2013 13:16:47 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 11.01.2013 13:17:39 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ThinkVantage Registry Monitor Service erreicht.
< End of report >
|
|
11.01.2013, 20:49
| #4 |
| | System Progressive Protection... gelöscht Geändert von sensa (11.01.2013 um 20:55 Uhr) Grund: da doppelt gepostet |
|
11.01.2013, 21:14
| #5 |
| /// Malware-holic | System Progressive Protection... hi öffne mal c:\benutzer\name\eigene dokumente\antimalware\reports und poste, falls vorhanden logs mit Funden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 21:25
| #6 |
| | System Progressive Protection...Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 10.01.2013 22:20:11
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\, S:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 10.01.2013 22:29:34
C:\Program Files\Free Offers from Freeze.com\ gefunden: Trace.File.Freeze (A)
C:\Program Files\SGPSA gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\Tmp gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com gefunden: Trace.File.Freeze (A)
C:\Program Files\Search Guard Plus\fbsProtection.xml gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\SGPU.ico gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.exe gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.xml gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com\control.txt gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico gefunden: Trace.File.Freeze (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> Disable gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> ProgramPath gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> toolbar_id gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> v gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> Version gefunden: Trace.Registry.els.mywebtattoo.com (A)
Gescannt 317054
Gefunden 24
Scan Ende: 10.01.2013 22:50:54
Scan Zeit: 0:21:20
C:\Program Files\SGPSA Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\Tmp Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsProtection.xml Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\SGPU.ico Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.exe Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.xml Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com\ Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\control.txt Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico Quarantäne Trace.File.Freeze (A)
Quarantäne 31
|
|
11.01.2013, 21:29
| #7 |
| /// Malware-holic | System Progressive Protection...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 21:43
| #8 |
| | System Progressive Protection... ok, ist erledigt. |
|
11.01.2013, 21:50
| #9 |
| /// Malware-holic | System Progressive Protection... Fein. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 22:02
| #10 |
| | System Progressive Protection...Code:
ATTFilter 21:53:13.0022 7252 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:53:13.0432 7252 ============================================================
21:53:13.0432 7252 Current date / time: 2013/01/11 21:53:13.0432
21:53:13.0432 7252 SystemInfo:
21:53:13.0432 7252
21:53:13.0432 7252 OS Version: 6.1.7601 ServicePack: 1.0
21:53:13.0432 7252 Product type: Workstation
21:53:13.0432 7252 ComputerName: ***
21:53:13.0432 7252 UserName: ***
21:53:13.0432 7252 Windows directory: C:\Windows
21:53:13.0432 7252 System windows directory: C:\Windows
21:53:13.0432 7252 Processor architecture: Intel x86
21:53:13.0432 7252 Number of processors: 2
21:53:13.0432 7252 Page size: 0x1000
21:53:13.0432 7252 Boot type: Normal boot
21:53:13.0432 7252 ============================================================
21:53:16.0122 7252 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:53:16.0242 7252 ============================================================
21:53:16.0242 7252 \Device\Harddisk0\DR0:
21:53:16.0242 7252 MBR partitions:
21:53:16.0242 7252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:53:16.0242 7252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BB4E7F8
21:53:16.0242 7252 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
21:53:16.0242 7252 ============================================================
21:53:16.0302 7252 C: <-> \Device\Harddisk0\DR0\Partition2
21:53:16.0342 7252 S: <-> \Device\Harddisk0\DR0\Partition1
21:53:16.0392 7252 Q: <-> \Device\Harddisk0\DR0\Partition3
21:53:16.0392 7252 ============================================================
21:53:16.0392 7252 Initialize success
21:53:16.0392 7252 ============================================================
21:53:50.0118 0172 ============================================================
21:53:50.0118 0172 Scan started
21:53:50.0118 0172 Mode: Manual; SigCheck; TDLFS;
21:53:50.0118 0172 ============================================================
21:53:52.0110 0172 ================ Scan system memory ========================
21:53:52.0110 0172 System memory - ok
21:53:52.0110 0172 ================ Scan services =============================
21:53:52.0350 0172 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:53:52.0612 0172 1394ohci - ok
21:53:52.0662 0172 [ 37E62B1D2BA075E3AD7AB30C873CEFA6 ] 5U875UVC C:\Windows\system32\DRIVERS\5U875.sys
21:53:52.0762 0172 5U875UVC - ok
21:53:52.0932 0172 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
21:53:53.0042 0172 a2acc - ok
21:53:53.0242 0172 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
21:53:53.0442 0172 a2AntiMalware - ok
21:53:53.0482 0172 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
21:53:53.0512 0172 A2DDA - ok
21:53:53.0542 0172 [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
21:53:53.0552 0172 a2injectiondriver - ok
21:53:53.0602 0172 [ 2DA26EB05B5495D3B2EE36456C239FB7 ] a2util C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
21:53:53.0612 0172 a2util - ok
21:53:53.0663 0172 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:53:53.0683 0172 ACPI - ok
21:53:53.0783 0172 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:53:53.0903 0172 AcpiPmi - ok
21:53:53.0983 0172 [ DB639006452E21796534B818CCBDA90A ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:53:54.0023 0172 AcPrfMgrSvc - ok
21:53:54.0053 0172 [ 929CDB87810A6C89DF8E9A5A7EC3C2EB ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
21:53:54.0073 0172 AcSvc - ok
21:53:54.0103 0172 [ FB0BE3B9EBC6219270E7E507582CF0FF ] ADMonitor C:\Windows\system32\ADMonitor.exe
21:53:54.0133 0172 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0133 0172 ADMonitor - detected UnsignedFile.Multi.Generic (1)
21:53:54.0223 0172 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:53:54.0273 0172 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0273 0172 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
21:53:54.0363 0172 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:54.0413 0172 AdobeFlashPlayerUpdateSvc - ok
21:53:54.0473 0172 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:53:54.0533 0172 adp94xx - ok
21:53:54.0563 0172 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:53:54.0603 0172 adpahci - ok
21:53:54.0633 0172 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:53:54.0664 0172 adpu320 - ok
21:53:54.0704 0172 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:53:54.0854 0172 AeLookupSvc - ok
21:53:54.0914 0172 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:53:55.0014 0172 AFD - ok
21:53:55.0065 0172 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:53:55.0076 0172 agp440 - ok
21:53:55.0136 0172 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:53:55.0156 0172 aic78xx - ok
21:53:55.0206 0172 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:53:55.0276 0172 ALG - ok
21:53:55.0316 0172 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:53:55.0336 0172 aliide - ok
21:53:55.0436 0172 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:53:55.0476 0172 amdagp - ok
21:53:55.0516 0172 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:53:55.0526 0172 amdide - ok
21:53:55.0576 0172 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:53:55.0636 0172 AmdK8 - ok
21:53:55.0656 0172 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:53:55.0687 0172 AmdPPM - ok
21:53:55.0727 0172 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:53:55.0767 0172 amdsata - ok
21:53:55.0809 0172 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:53:55.0819 0172 amdsbs - ok
21:53:55.0839 0172 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:53:55.0849 0172 amdxata - ok
21:53:56.0079 0172 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:53:56.0149 0172 AntiVirSchedulerService - ok
21:53:56.0209 0172 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:53:56.0219 0172 AntiVirService - ok
21:53:56.0269 0172 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:53:57.0539 0172 AppID - ok
21:53:57.0599 0172 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:53:57.0669 0172 AppIDSvc - ok
21:53:57.0710 0172 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:53:57.0760 0172 Appinfo - ok
21:53:57.0840 0172 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:53:57.0860 0172 Apple Mobile Device - ok
21:53:57.0920 0172 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:53:58.0000 0172 AppMgmt - ok
21:53:58.0070 0172 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:53:58.0100 0172 arc - ok
21:53:58.0110 0172 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:53:58.0140 0172 arcsas - ok
21:53:58.0200 0172 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:58.0400 0172 AsyncMac - ok
21:53:58.0470 0172 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:53:58.0480 0172 atapi - ok
21:53:58.0550 0172 [ 6A0F37BC6E960E4BAA47048D6D877D3C ] ATService C:\Windows\system32\AtService.exe
21:53:58.0650 0172 ATService - ok
21:53:58.0710 0172 [ 40E3212DA94ACF9E120C30ACEBC6EA80 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
21:53:58.0760 0172 ATSwpWDF - ok
21:53:58.0830 0172 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:53:58.0910 0172 AudioEndpointBuilder - ok
21:53:58.0940 0172 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:53:58.0990 0172 Audiosrv - ok
21:53:59.0050 0172 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:53:59.0080 0172 avgntflt - ok
21:53:59.0130 0172 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:53:59.0150 0172 avipbb - ok
21:53:59.0190 0172 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:53:59.0200 0172 avkmgr - ok
21:53:59.0270 0172 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:53:59.0410 0172 AxInstSV - ok
21:53:59.0490 0172 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:53:59.0580 0172 b06bdrv - ok
21:53:59.0630 0172 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:53:59.0680 0172 b57nd60x - ok
21:53:59.0740 0172 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:53:59.0760 0172 BcmSqlStartupSvc - ok
21:53:59.0820 0172 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:53:59.0930 0172 BDESVC - ok
21:53:59.0970 0172 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:54:00.0010 0172 Beep - ok
21:54:00.0140 0172 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:54:00.0200 0172 BFE - ok
21:54:00.0240 0172 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:54:00.0300 0172 BITS - ok
21:54:00.0340 0172 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:00.0370 0172 blbdrive - ok
21:54:00.0460 0172 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:54:00.0510 0172 Bonjour Service - ok
21:54:00.0560 0172 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:54:00.0620 0172 bowser - ok
21:54:00.0640 0172 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:00.0730 0172 BrFiltLo - ok
21:54:00.0750 0172 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:00.0800 0172 BrFiltUp - ok
21:54:00.0850 0172 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:54:00.0920 0172 Browser - ok
21:54:00.0960 0172 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:54:01.0070 0172 Brserid - ok
21:54:01.0090 0172 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:01.0120 0172 BrSerWdm - ok
21:54:01.0150 0172 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:01.0180 0172 BrUsbMdm - ok
21:54:01.0210 0172 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:01.0270 0172 BrUsbSer - ok
21:54:01.0290 0172 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:01.0340 0172 BTHMODEM - ok
21:54:01.0390 0172 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:54:01.0450 0172 bthserv - ok
21:54:01.0530 0172 [ 97689D6A5C74226071A8B19F68CB0D35 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:54:01.0580 0172 btwdins - ok
21:54:01.0630 0172 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:54:01.0690 0172 cdfs - ok
21:54:01.0740 0172 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:54:01.0780 0172 cdrom - ok
21:54:01.0830 0172 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:54:01.0870 0172 CertPropSvc - ok
21:54:01.0910 0172 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:54:01.0930 0172 circlass - ok
21:54:01.0980 0172 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:54:02.0030 0172 CLFS - ok
21:54:02.0130 0172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:02.0170 0172 clr_optimization_v2.0.50727_32 - ok
21:54:02.0280 0172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:02.0310 0172 clr_optimization_v4.0.30319_32 - ok
21:54:02.0330 0172 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:02.0350 0172 CmBatt - ok
21:54:02.0380 0172 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:54:02.0400 0172 cmdide - ok
21:54:02.0430 0172 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:54:02.0470 0172 CNG - ok
21:54:02.0550 0172 [ 726803D911045D283509D3CDD91D8E52 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:54:02.0620 0172 CnxtHdAudService - ok
21:54:02.0670 0172 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:54:02.0690 0172 Compbatt - ok
21:54:02.0740 0172 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:54:02.0790 0172 CompositeBus - ok
21:54:02.0800 0172 COMSysApp - ok
21:54:02.0810 0172 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:02.0820 0172 crcdisk - ok
21:54:02.0870 0172 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:54:02.0960 0172 CryptSvc - ok
21:54:03.0010 0172 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:54:03.0060 0172 CSC - ok
21:54:03.0100 0172 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:54:03.0190 0172 CscService - ok
21:54:03.0300 0172 [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:54:03.0410 0172 CVPND - ok
21:54:03.0450 0172 [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:54:03.0490 0172 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:54:03.0490 0172 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:54:03.0530 0172 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:54:03.0630 0172 DcomLaunch - ok
21:54:03.0670 0172 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:54:03.0720 0172 defragsvc - ok
21:54:03.0760 0172 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:54:03.0810 0172 DfsC - ok
21:54:03.0860 0172 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:54:03.0930 0172 Dhcp - ok
21:54:03.0960 0172 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:54:04.0000 0172 discache - ok
21:54:04.0050 0172 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:54:04.0070 0172 Disk - ok
21:54:04.0110 0172 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:54:04.0160 0172 Dnscache - ok
21:54:04.0200 0172 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:54:04.0250 0172 dot3svc - ok
21:54:04.0300 0172 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:54:04.0370 0172 Dot4 - ok
21:54:04.0420 0172 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
21:54:04.0480 0172 Dot4Print - ok
21:54:04.0520 0172 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:54:04.0560 0172 dot4usb - ok
21:54:04.0600 0172 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:54:04.0700 0172 DPS - ok
21:54:04.0750 0172 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:54:04.0810 0172 drmkaud - ok
21:54:04.0900 0172 [ CD5102D11D59B62F4C21A66711220095 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
21:54:04.0950 0172 dsNcService - ok
21:54:04.0990 0172 [ 13F36B3CB0F73AD0A0B89A6AFEC97954 ] dtsvc C:\Windows\system32\DTS.exe
21:54:05.0020 0172 dtsvc ( UnsignedFile.Multi.Generic ) - warning
21:54:05.0020 0172 dtsvc - detected UnsignedFile.Multi.Generic (1)
21:54:05.0070 0172 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:54:05.0110 0172 DXGKrnl - ok
21:54:05.0170 0172 [ C90CE29DF8B9836CC6514CE9F53D0EB5 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
21:54:05.0190 0172 e1yexpress - ok
21:54:05.0230 0172 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:54:05.0280 0172 EapHost - ok
21:54:05.0400 0172 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:54:05.0590 0172 ebdrv - ok
21:54:05.0630 0172 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:54:05.0721 0172 EFS - ok
21:54:05.0811 0172 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:54:05.0941 0172 ehRecvr - ok
21:54:05.0971 0172 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:54:06.0061 0172 ehSched - ok
21:54:06.0121 0172 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:54:06.0151 0172 elxstor - ok
21:54:06.0201 0172 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:54:06.0261 0172 ErrDev - ok
21:54:06.0321 0172 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:54:06.0411 0172 EventSystem - ok
21:54:06.0511 0172 [ A1390C15F217204039F34C595DBD5087 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:54:06.0591 0172 EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:54:06.0591 0172 EvtEng - detected UnsignedFile.Multi.Generic (1)
21:54:06.0611 0172 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:54:06.0671 0172 exfat - ok
21:54:06.0691 0172 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:54:06.0741 0172 fastfat - ok
21:54:06.0801 0172 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:54:06.0891 0172 Fax - ok
21:54:06.0941 0172 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:54:06.0991 0172 fdc - ok
21:54:07.0031 0172 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:54:07.0131 0172 fdPHost - ok
21:54:07.0171 0172 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:54:07.0221 0172 FDResPub - ok
21:54:07.0241 0172 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:54:07.0261 0172 FileInfo - ok
21:54:07.0291 0172 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:54:07.0331 0172 Filetrace - ok
21:54:07.0361 0172 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:07.0391 0172 flpydisk - ok
21:54:07.0421 0172 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:54:07.0441 0172 FltMgr - ok
21:54:07.0501 0172 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:54:07.0611 0172 FontCache - ok
21:54:07.0681 0172 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:54:07.0701 0172 FontCache3.0.0.0 - ok
21:54:07.0731 0172 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:54:07.0751 0172 FsDepends - ok
21:54:07.0781 0172 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:54:07.0801 0172 Fs_Rec - ok
21:54:07.0851 0172 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:54:07.0871 0172 fvevol - ok
21:54:07.0901 0172 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:07.0911 0172 gagp30kx - ok
21:54:07.0951 0172 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:54:07.0991 0172 GEARAspiWDM - ok
21:54:08.0071 0172 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
21:54:08.0091 0172 getPlusHelper - ok
21:54:08.0151 0172 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
21:54:08.0191 0172 ggflt - ok
21:54:08.0251 0172 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
21:54:08.0291 0172 ggsemc - ok
21:54:08.0341 0172 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:54:08.0421 0172 gpsvc - ok
21:54:08.0541 0172 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:54:08.0571 0172 gupdate - ok
21:54:08.0611 0172 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:54:08.0623 0172 gupdatem - ok
21:54:08.0683 0172 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:08.0703 0172 gusvc - ok
21:54:08.0733 0172 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:54:08.0813 0172 hcw85cir - ok
21:54:08.0853 0172 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:54:08.0903 0172 HDAudBus - ok
21:54:08.0943 0172 [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI C:\Windows\system32\DRIVERS\HECI.sys
21:54:08.0983 0172 HECI - ok
21:54:09.0023 0172 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:09.0083 0172 HidBatt - ok
21:54:09.0103 0172 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:54:09.0153 0172 HidBth - ok
21:54:09.0193 0172 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:54:09.0223 0172 HidIr - ok
21:54:09.0263 0172 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:54:09.0293 0172 hidserv - ok
21:54:09.0353 0172 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:54:09.0373 0172 HidUsb - ok
21:54:09.0423 0172 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:54:09.0493 0172 hkmsvc - ok
21:54:09.0543 0172 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:54:09.0623 0172 HomeGroupListener - ok
21:54:09.0653 0172 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:54:09.0693 0172 HomeGroupProvider - ok
21:54:09.0773 0172 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:54:09.0803 0172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0803 0172 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:54:09.0833 0172 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:54:09.0863 0172 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0863 0172 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:54:09.0903 0172 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:54:09.0923 0172 HpSAMD - ok
21:54:09.0993 0172 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:54:10.0063 0172 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:54:10.0063 0172 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:54:10.0143 0172 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:54:10.0273 0172 HSF_DPV - ok
21:54:10.0293 0172 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:54:10.0333 0172 HSXHWAZL - ok
21:54:10.0383 0172 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:54:10.0453 0172 HTCAND32 - ok
21:54:10.0613 0172 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
21:54:10.0643 0172 HTCMonitorService - ok
21:54:10.0683 0172 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:54:10.0713 0172 htcnprot - ok
21:54:10.0793 0172 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:54:10.0863 0172 HTTP - ok
21:54:10.0893 0172 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:54:10.0923 0172 hwpolicy - ok
21:54:10.0973 0172 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:54:11.0043 0172 i8042prt - ok
21:54:11.0103 0172 [ 37769C28E1C6489C56E41DB7A32D58C5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:54:11.0113 0172 iaStor - ok
21:54:11.0173 0172 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:54:11.0243 0172 iaStorV - ok
21:54:11.0283 0172 [ 699052E165698013020D2AC693CD80C7 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:54:11.0293 0172 IBMPMDRV - ok
21:54:11.0313 0172 [ 5A92B2DC9CCA34105A4125BA8D0BA035 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:54:11.0323 0172 IBMPMSVC - ok
21:54:11.0403 0172 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:54:11.0443 0172 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:54:11.0443 0172 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:54:11.0513 0172 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:54:11.0603 0172 idsvc - ok
21:54:11.0933 0172 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:54:12.0265 0172 igfx - ok
21:54:12.0325 0172 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:54:12.0335 0172 iirsp - ok
21:54:12.0435 0172 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:54:12.0515 0172 IKEEXT - ok
21:54:12.0555 0172 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:54:12.0575 0172 intelide - ok
21:54:12.0625 0172 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:54:12.0645 0172 intelppm - ok
21:54:12.0695 0172 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:54:12.0725 0172 IPBusEnum - ok
21:54:12.0745 0172 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:12.0795 0172 IpFilterDriver - ok
21:54:12.0855 0172 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:54:12.0925 0172 iphlpsvc - ok
21:54:12.0965 0172 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:54:12.0975 0172 IPMIDRV - ok
21:54:13.0005 0172 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:54:13.0055 0172 IPNAT - ok
21:54:13.0145 0172 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:54:13.0195 0172 iPod Service - ok
21:54:13.0215 0172 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:54:13.0305 0172 IRENUM - ok
21:54:13.0325 0172 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:54:13.0345 0172 isapnp - ok
21:54:13.0385 0172 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:54:13.0425 0172 iScsiPrt - ok
21:54:13.0455 0172 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:54:13.0465 0172 IviRegMgr - ok
21:54:13.0515 0172 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:54:13.0575 0172 kbdclass - ok
21:54:13.0615 0172 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:54:13.0655 0172 kbdhid - ok
21:54:13.0675 0172 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:54:13.0705 0172 KeyIso - ok
21:54:13.0745 0172 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:54:13.0765 0172 KSecDD - ok
21:54:13.0785 0172 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:54:13.0815 0172 KSecPkg - ok
21:54:13.0865 0172 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:54:13.0935 0172 KtmRm - ok
21:54:13.0985 0172 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:54:14.0035 0172 LanmanServer - ok
21:54:14.0065 0172 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:54:14.0115 0172 LanmanWorkstation - ok
21:54:14.0175 0172 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
21:54:14.0185 0172 lenovo.smi - ok
21:54:14.0235 0172 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:54:14.0265 0172 lltdio - ok
21:54:14.0295 0172 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:54:14.0345 0172 lltdsvc - ok
21:54:14.0355 0172 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:54:14.0405 0172 lmhosts - ok
21:54:14.0455 0172 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:14.0475 0172 LSI_FC - ok
21:54:14.0495 0172 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:14.0505 0172 LSI_SAS - ok
21:54:14.0525 0172 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:14.0535 0172 LSI_SAS2 - ok
21:54:14.0545 0172 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:14.0565 0172 LSI_SCSI - ok
21:54:15.0026 0172 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:54:15.0056 0172 luafv - ok
21:54:15.0106 0172 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:54:15.0116 0172 MBAMProtector - ok
21:54:15.0186 0172 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:54:15.0206 0172 MBAMScheduler - ok
21:54:15.0226 0172 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:54:15.0256 0172 MBAMService - ok
21:54:15.0296 0172 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:54:15.0316 0172 Mcx2Svc - ok
21:54:15.0346 0172 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:54:15.0396 0172 mdmxsdk - ok
21:54:15.0426 0172 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:54:15.0446 0172 megasas - ok
21:54:15.0486 0172 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:15.0506 0172 MegaSR - ok
21:54:15.0536 0172 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:54:15.0636 0172 MMCSS - ok
21:54:15.0646 0172 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:54:15.0696 0172 Modem - ok
21:54:15.0736 0172 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:54:15.0766 0172 monitor - ok
21:54:15.0816 0172 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:54:15.0836 0172 mouclass - ok
21:54:15.0916 0172 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:54:15.0956 0172 mouhid - ok
21:54:15.0996 0172 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:54:16.0006 0172 mountmgr - ok
21:54:16.0036 0172 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:54:16.0056 0172 mpio - ok
21:54:16.0076 0172 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:54:16.0126 0172 mpsdrv - ok
21:54:16.0166 0172 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:54:16.0226 0172 MpsSvc - ok
21:54:16.0256 0172 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:54:16.0276 0172 MRxDAV - ok
21:54:16.0376 0172 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:16.0466 0172 mrxsmb - ok
21:54:16.0506 0172 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:16.0556 0172 mrxsmb10 - ok
21:54:16.0586 0172 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:16.0626 0172 mrxsmb20 - ok
21:54:16.0666 0172 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:54:16.0676 0172 msahci - ok
21:54:16.0736 0172 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:54:16.0746 0172 msdsm - ok
21:54:16.0776 0172 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:54:16.0806 0172 MSDTC - ok
21:54:16.0856 0172 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:54:16.0886 0172 Msfs - ok
21:54:16.0906 0172 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:54:16.0976 0172 mshidkmdf - ok
21:54:17.0006 0172 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:54:17.0016 0172 msisadrv - ok
21:54:17.0066 0172 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:54:17.0096 0172 MSiSCSI - ok
21:54:17.0106 0172 msiserver - ok
21:54:17.0156 0172 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:54:17.0196 0172 MSKSSRV - ok
21:54:17.0216 0172 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:17.0246 0172 MSPCLOCK - ok
21:54:17.0296 0172 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:54:17.0346 0172 MSPQM - ok
21:54:17.0366 0172 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:54:17.0376 0172 MsRPC - ok
21:54:17.0416 0172 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:54:17.0436 0172 mssmbios - ok
21:54:17.0496 0172 MSSQL$MSSMLBIZ - ok
21:54:17.0576 0172 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:54:17.0596 0172 MSSQLServerADHelper - ok
21:54:17.0666 0172 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:54:17.0706 0172 MSTEE - ok
21:54:17.0746 0172 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:17.0796 0172 MTConfig - ok
21:54:17.0826 0172 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:54:17.0836 0172 Mup - ok
21:54:17.0876 0172 [ C3DECE7A0E627750DE6B1A27427589C1 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:54:17.0916 0172 MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - warning
21:54:17.0916 0172 MyWiFiDHCPDNS - detected UnsignedFile.Multi.Generic (1)
21:54:17.0956 0172 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:54:18.0026 0172 napagent - ok
21:54:18.0086 0172 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:54:18.0116 0172 NativeWifiP - ok
21:54:18.0196 0172 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:54:18.0286 0172 NDIS - ok
21:54:18.0316 0172 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:18.0346 0172 NdisCap - ok
21:54:18.0386 0172 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:18.0446 0172 NdisTapi - ok
21:54:18.0476 0172 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:18.0516 0172 Ndisuio - ok
21:54:18.0546 0172 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:18.0586 0172 NdisWan - ok
21:54:18.0626 0172 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:54:18.0676 0172 NDProxy - ok
21:54:18.0746 0172 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:54:18.0756 0172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:54:18.0756 0172 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:54:18.0806 0172 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:54:18.0846 0172 NetBIOS - ok
21:54:18.0896 0172 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:54:18.0956 0172 NetBT - ok
21:54:18.0966 0172 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:54:18.0986 0172 Netlogon - ok
21:54:19.0036 0172 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:54:19.0136 0172 Netman - ok
21:54:19.0166 0172 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:54:19.0246 0172 netprofm - ok
21:54:19.0286 0172 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:54:19.0296 0172 NetTcpPortSharing - ok
21:54:19.0456 0172 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
21:54:19.0636 0172 netw5v32 - ok
21:54:19.0686 0172 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:19.0726 0172 nfrd960 - ok
21:54:19.0766 0172 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:54:19.0806 0172 NlaSvc - ok
21:54:19.0806 0172 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:54:19.0866 0172 Npfs - ok
21:54:19.0906 0172 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:54:19.0936 0172 nsi - ok
21:54:19.0976 0172 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:54:20.0026 0172 nsiproxy - ok
21:54:20.0106 0172 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:54:20.0216 0172 Ntfs - ok
21:54:20.0236 0172 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:54:20.0286 0172 Null - ok
21:54:20.0326 0172 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:54:20.0336 0172 nvraid - ok
21:54:20.0356 0172 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:54:20.0376 0172 nvstor - ok
21:54:20.0406 0172 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:54:20.0416 0172 nv_agp - ok
21:54:20.0496 0172 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:54:20.0526 0172 odserv - ok
21:54:20.0576 0172 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:54:20.0616 0172 ohci1394 - ok
21:54:20.0666 0172 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:20.0676 0172 ose - ok
21:54:20.0706 0172 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:54:20.0766 0172 p2pimsvc - ok
21:54:20.0806 0172 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:54:20.0846 0172 p2psvc - ok
21:54:20.0886 0172 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:54:20.0916 0172 Parport - ok
21:54:20.0966 0172 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:54:21.0006 0172 partmgr - ok
21:54:21.0026 0172 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:54:21.0056 0172 Parvdm - ok
21:54:21.0096 0172 [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:54:21.0126 0172 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:54:21.0126 0172 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:54:21.0176 0172 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:54:21.0216 0172 PcaSvc - ok
21:54:21.0266 0172 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:54:21.0276 0172 pci - ok
21:54:21.0326 0172 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:54:21.0336 0172 pciide - ok
21:54:21.0386 0172 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:21.0406 0172 pcmcia - ok
21:54:21.0516 0172 [ E6E503845208A148A9E3E7FAA63B97A4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:54:21.0546 0172 PCToolsSSDMonitorSvc - ok
21:54:21.0566 0172 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:54:21.0576 0172 pcw - ok
21:54:21.0616 0172 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:54:21.0656 0172 PEAUTH - ok
21:54:21.0716 0172 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:54:21.0826 0172 PeerDistSvc - ok
21:54:21.0906 0172 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:54:21.0996 0172 pla - ok
21:54:22.0056 0172 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:54:22.0106 0172 PlugPlay - ok
21:54:22.0146 0172 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:54:22.0166 0172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0166 0172 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:54:22.0186 0172 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:54:22.0216 0172 PNRPAutoReg - ok
21:54:22.0266 0172 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:54:22.0276 0172 PNRPsvc - ok
21:54:22.0316 0172 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:54:22.0376 0172 PolicyAgent - ok
21:54:22.0416 0172 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:54:22.0476 0172 Power - ok
21:54:22.0566 0172 [ 2804E582753985E6DEF08FF5B0B2C82E ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:54:22.0596 0172 Power Manager DBC Service - ok
21:54:22.0656 0172 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:54:22.0706 0172 PptpMiniport - ok
21:54:22.0726 0172 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:54:22.0756 0172 Processor - ok
21:54:22.0806 0172 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:54:22.0876 0172 ProfSvc - ok
21:54:22.0896 0172 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:54:22.0906 0172 ProtectedStorage - ok
21:54:22.0936 0172 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:54:22.0976 0172 Psched - ok
21:54:23.0016 0172 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:54:23.0036 0172 PxHelp20 - ok
21:54:23.0096 0172 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:54:23.0196 0172 ql2300 - ok
21:54:23.0246 0172 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:23.0296 0172 ql40xx - ok
21:54:23.0336 0172 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:54:23.0366 0172 QWAVE - ok
21:54:23.0386 0172 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:54:23.0406 0172 QWAVEdrv - ok
21:54:23.0416 0172 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:54:23.0486 0172 RasAcd - ok
21:54:23.0536 0172 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:23.0606 0172 RasAgileVpn - ok
21:54:23.0636 0172 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:54:23.0666 0172 RasAuto - ok
21:54:23.0727 0172 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:23.0797 0172 Rasl2tp - ok
21:54:23.0847 0172 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:54:23.0897 0172 RasMan - ok
21:54:23.0927 0172 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:23.0977 0172 RasPppoe - ok
21:54:24.0007 0172 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:54:24.0057 0172 RasSstp - ok
21:54:24.0097 0172 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:54:24.0167 0172 rdbss - ok
21:54:24.0207 0172 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:24.0237 0172 rdpbus - ok
21:54:24.0277 0172 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:24.0347 0172 RDPCDD - ok
21:54:24.0447 0172 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:54:24.0557 0172 RDPDR - ok
21:54:24.0597 0172 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:54:24.0657 0172 RDPENCDD - ok
21:54:24.0677 0172 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:54:24.0707 0172 RDPREFMP - ok
21:54:24.0737 0172 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:54:24.0827 0172 RDPWD - ok
21:54:24.0857 0172 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:54:24.0887 0172 rdyboost - ok
21:54:24.0917 0172 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:54:24.0977 0172 RemoteAccess - ok
21:54:25.0017 0172 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:54:25.0067 0172 RemoteRegistry - ok
21:54:25.0107 0172 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:54:25.0187 0172 rimmptsk - ok
21:54:25.0237 0172 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:54:25.0287 0172 rimsptsk - ok
21:54:25.0307 0172 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:54:25.0337 0172 rismxdp - ok
21:54:25.0387 0172 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:54:25.0427 0172 RpcEptMapper - ok
21:54:25.0467 0172 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:54:25.0497 0172 RpcLocator - ok
21:54:25.0537 0172 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:54:25.0567 0172 RpcSs - ok
21:54:25.0617 0172 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:54:25.0667 0172 rspndr - ok
21:54:25.0717 0172 [ 1F561844318914E7EB6E54673A4CC54C ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
21:54:25.0747 0172 s117bus - ok
21:54:25.0797 0172 [ BA93EEC3CDF6A63B77AE66221AA4F902 ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
21:54:25.0827 0172 s117mdfl - ok
21:54:25.0847 0172 [ CBA12FD8A8EE5B5CDFBBAE2381CD6703 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
21:54:25.0867 0172 s117mdm - ok
21:54:25.0897 0172 [ BD6483E64B1DA17E812B34BCDEFD9459 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
21:54:25.0907 0172 s117mgmt - ok
21:54:25.0927 0172 [ C7CA36C3054B4CD47A1F6611B046E2F9 ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
21:54:25.0937 0172 s117nd5 - ok
21:54:25.0957 0172 [ E290B3A6B58FB72CA97DD48D64E4FC1C ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
21:54:25.0987 0172 s117obex - ok
21:54:26.0017 0172 [ 5C4D1BA23C7511AC880E8BA7BAA80DBA ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
21:54:26.0027 0172 s117unic - ok
21:54:26.0047 0172 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:54:26.0117 0172 s3cap - ok
21:54:26.0137 0172 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:54:26.0157 0172 SamSs - ok
21:54:26.0207 0172 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:54:26.0237 0172 sbp2port - ok
21:54:26.0277 0172 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:54:26.0307 0172 SCardSvr - ok
21:54:26.0327 0172 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:54:26.0347 0172 scfilter - ok
21:54:26.0397 0172 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:54:26.0467 0172 Schedule - ok
21:54:26.0507 0172 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:54:26.0547 0172 SCPolicySvc - ok
21:54:26.0597 0172 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:54:26.0617 0172 sdbus - ok
21:54:26.0647 0172 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:54:26.0747 0172 SDRSVC - ok
21:54:26.0817 0172 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:54:26.0847 0172 SeaPort - ok
21:54:26.0897 0172 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:54:26.0937 0172 secdrv - ok
21:54:26.0967 0172 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:54:27.0007 0172 seclogon - ok
21:54:27.0047 0172 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
21:54:27.0087 0172 seehcri - ok
21:54:27.0127 0172 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:54:27.0167 0172 SENS - ok
21:54:27.0207 0172 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:54:27.0307 0172 SensrSvc - ok
21:54:27.0337 0172 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:54:27.0387 0172 Serenum - ok
21:54:27.0437 0172 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:54:27.0477 0172 Serial - ok
21:54:27.0517 0172 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:54:27.0547 0172 sermouse - ok
21:54:27.0597 0172 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:54:27.0647 0172 SessionEnv - ok
21:54:27.0677 0172 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:54:27.0717 0172 sffdisk - ok
21:54:27.0757 0172 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:54:27.0797 0172 sffp_mmc - ok
21:54:27.0827 0172 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:54:27.0837 0172 sffp_sd - ok
21:54:27.0907 0172 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:54:27.0917 0172 sfloppy - ok
21:54:27.0967 0172 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:54:28.0027 0172 SharedAccess - ok
21:54:28.0057 0172 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:54:28.0097 0172 ShellHWDetection - ok
21:54:28.0137 0172 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:54:28.0157 0172 sisagp - ok
21:54:28.0207 0172 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:54:28.0217 0172 SiSRaid2 - ok
21:54:28.0247 0172 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:54:28.0257 0172 SiSRaid4 - ok
21:54:28.0327 0172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:54:28.0337 0172 SkypeUpdate - ok
21:54:28.0367 0172 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:54:28.0387 0172 Smb - ok
21:54:28.0437 0172 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:54:28.0457 0172 SNMPTRAP - ok
21:54:28.0487 0172 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:54:28.0507 0172 spldr - ok
21:54:28.0557 0172 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:54:28.0637 0172 Spooler - ok
21:54:28.0767 0172 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:54:28.0937 0172 sppsvc - ok
21:54:28.0957 0172 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:54:29.0007 0172 sppuinotify - ok
21:54:29.0047 0172 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:54:29.0057 0172 SQLBrowser - ok
21:54:29.0087 0172 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:54:29.0097 0172 SQLWriter - ok
21:54:29.0127 0172 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:54:29.0207 0172 srv - ok
21:54:29.0227 0172 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:54:29.0277 0172 srv2 - ok
21:54:29.0307 0172 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:54:29.0347 0172 srvnet - ok
21:54:29.0397 0172 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:54:29.0457 0172 SSDPSRV - ok
21:54:29.0517 0172 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:54:29.0527 0172 ssmdrv - ok
21:54:29.0557 0172 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:54:29.0607 0172 SstpSvc - ok
21:54:29.0657 0172 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:54:29.0687 0172 stexstor - ok
21:54:29.0717 0172 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:54:29.0747 0172 StillCam - ok
21:54:29.0797 0172 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:54:29.0847 0172 StiSvc - ok
21:54:29.0877 0172 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:54:29.0897 0172 storflt - ok
21:54:29.0927 0172 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:54:29.0977 0172 StorSvc - ok
21:54:30.0027 0172 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:54:30.0047 0172 storvsc - ok
21:54:30.0137 0172 [ A5542490B61C8D8BDE2C8BAEACBD1613 ] SUService c:\Program Files\Lenovo\System Update\SUService.exe
21:54:30.0147 0172 SUService ( UnsignedFile.Multi.Generic ) - warning
21:54:30.0147 0172 SUService - detected UnsignedFile.Multi.Generic (1)
21:54:30.0187 0172 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:54:30.0207 0172 swenum - ok
21:54:30.0247 0172 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:54:30.0307 0172 swprv - ok
21:54:30.0357 0172 [ 130332E29759FD0EEFFBB143EDF4E8D3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:54:30.0377 0172 SynTP - ok
21:54:30.0467 0172 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:54:30.0537 0172 SysMain - ok
21:54:30.0577 0172 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:54:30.0617 0172 TabletInputService - ok
21:54:30.0657 0172 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:54:30.0707 0172 TapiSrv - ok
21:54:30.0737 0172 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:54:30.0777 0172 TBS - ok
21:54:30.0867 0172 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:54:30.0967 0172 Tcpip - ok
21:54:31.0027 0172 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:54:31.0067 0172 TCPIP6 - ok
21:54:31.0107 0172 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:54:31.0157 0172 tcpipreg - ok
21:54:31.0177 0172 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:54:31.0247 0172 TDPIPE - ok
21:54:31.0267 0172 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:54:31.0287 0172 TDTCP - ok
21:54:31.0337 0172 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:54:31.0387 0172 tdx - ok
21:54:31.0427 0172 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:54:31.0447 0172 TermDD - ok
21:54:31.0487 0172 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:54:31.0577 0172 TermService - ok
21:54:31.0607 0172 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:54:31.0647 0172 Themes - ok
21:54:31.0717 0172 [ EB90A37AABAEFD7B4F4F92BEFEA8C2E2 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:54:31.0788 0172 ThinkVantage Registry Monitor Service - ok
21:54:31.0808 0172 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:54:31.0848 0172 THREADORDER - ok
21:54:31.0878 0172 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
21:54:31.0908 0172 TPM - ok
21:54:31.0948 0172 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
21:54:31.0948 0172 TPPWRIF - ok
21:54:31.0988 0172 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:54:32.0068 0172 TrkWks - ok
21:54:32.0128 0172 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:54:32.0208 0172 TrustedInstaller - ok
21:54:32.0288 0172 [ 4A4FFDEB90A151B734A0BEA3D420FD3B ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
21:54:32.0348 0172 TSSCoreService - ok
21:54:32.0378 0172 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:32.0458 0172 tssecsrv - ok
21:54:32.0568 0172 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:54:32.0628 0172 TsUsbFlt - ok
21:54:32.0668 0172 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:54:32.0728 0172 tunnel - ok
21:54:32.0798 0172 [ 1A9F115D6F82FC0753D06599E42B2295 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
21:54:32.0828 0172 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
21:54:32.0828 0172 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
21:54:32.0868 0172 [ 43FFBB6AF7245C97865ADA74B8CEECF9 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:54:32.0938 0172 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:54:32.0938 0172 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
21:54:33.0048 0172 [ 58BC366538A8A1F252D2750C1F5193B6 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:54:33.0148 0172 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0148 0172 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
21:54:33.0188 0172 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
21:54:33.0218 0172 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0218 0172 tvtfilter - detected UnsignedFile.Multi.Generic (1)
21:54:33.0248 0172 [ 22A001F3FBB92E3811C3BFD8FDAD3ED3 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
21:54:33.0268 0172 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0278 0172 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)
21:54:33.0298 0172 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:54:33.0318 0172 uagp35 - ok
21:54:33.0338 0172 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:54:33.0398 0172 udfs - ok
21:54:33.0428 0172 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:54:33.0468 0172 UI0Detect - ok
21:54:33.0508 0172 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:54:33.0528 0172 uliagpkx - ok
21:54:33.0588 0172 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:54:33.0638 0172 umbus - ok
21:54:33.0668 0172 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:54:33.0688 0172 UmPass - ok
21:54:33.0718 0172 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:54:33.0758 0172 UmRdpService - ok
21:54:33.0788 0172 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:54:33.0828 0172 upnphost - ok
21:54:33.0888 0172 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:54:33.0918 0172 USBAAPL - ok
21:54:33.0948 0172 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:33.0978 0172 usbccgp - ok
21:54:34.0018 0172 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:54:34.0058 0172 usbcir - ok
21:54:34.0098 0172 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:54:34.0118 0172 usbehci - ok
21:54:34.0178 0172 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:54:34.0218 0172 usbhub - ok
21:54:34.0258 0172 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:54:34.0288 0172 usbohci - ok
21:54:34.0338 0172 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:54:34.0358 0172 usbprint - ok
21:54:34.0388 0172 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:54:34.0418 0172 usbscan - ok
21:54:34.0438 0172 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:34.0518 0172 USBSTOR - ok
21:54:34.0568 0172 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:54:34.0588 0172 usbuhci - ok
21:54:34.0628 0172 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:54:34.0698 0172 UxSms - ok
21:54:34.0718 0172 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:54:34.0748 0172 VaultSvc - ok
21:54:34.0788 0172 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:54:34.0798 0172 vdrvroot - ok
21:54:34.0848 0172 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:54:34.0938 0172 vds - ok
21:54:35.0008 0172 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:35.0038 0172 vga - ok
21:54:35.0078 0172 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:54:35.0108 0172 VgaSave - ok
21:54:35.0148 0172 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:54:35.0178 0172 vhdmp - ok
21:54:35.0228 0172 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:54:35.0248 0172 viaagp - ok
21:54:35.0278 0172 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:54:35.0308 0172 ViaC7 - ok
21:54:35.0358 0172 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:54:35.0368 0172 viaide - ok
21:54:35.0398 0172 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:54:35.0418 0172 vmbus - ok
21:54:35.0448 0172 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:54:35.0478 0172 VMBusHID - ok
21:54:35.0518 0172 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:54:35.0528 0172 volmgr - ok
21:54:35.0568 0172 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:54:35.0608 0172 volmgrx - ok
21:54:35.0648 0172 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:54:35.0688 0172 volsnap - ok
21:54:35.0738 0172 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:35.0748 0172 vsmraid - ok
21:54:35.0798 0172 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:54:35.0898 0172 VSS - ok
21:54:35.0918 0172 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:54:35.0948 0172 vwifibus - ok
21:54:35.0998 0172 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:54:36.0048 0172 W32Time - ok
21:54:36.0058 0172 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:54:36.0098 0172 WacomPen - ok
21:54:36.0148 0172 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:54:36.0238 0172 WANARP - ok
21:54:36.0248 0172 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:54:36.0288 0172 Wanarpv6 - ok
21:54:36.0388 0172 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:36.0468 0172 WatAdminSvc - ok
21:54:36.0528 0172 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:54:36.0638 0172 wbengine - ok
21:54:36.0681 0172 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:54:36.0770 0172 WbioSrvc - ok
21:54:36.0820 0172 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:54:36.0880 0172 wcncsvc - ok
21:54:36.0920 0172 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:54:36.0990 0172 WcsPlugInService - ok
21:54:37.0029 0172 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:54:37.0042 0172 Wd - ok
21:54:37.0092 0172 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:54:37.0142 0172 Wdf01000 - ok
21:54:37.0152 0172 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:54:37.0222 0172 WdiServiceHost - ok
21:54:37.0232 0172 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:54:37.0252 0172 WdiSystemHost - ok
21:54:37.0282 0172 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:54:37.0332 0172 WebClient - ok
21:54:37.0382 0172 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:54:37.0432 0172 Wecsvc - ok
21:54:37.0442 0172 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:54:37.0492 0172 wercplsupport - ok
21:54:37.0522 0172 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:54:37.0572 0172 WerSvc - ok
21:54:37.0622 0172 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:37.0682 0172 WfpLwf - ok
21:54:37.0712 0172 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:54:37.0732 0172 WimFltr - ok
21:54:37.0742 0172 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:54:37.0762 0172 WIMMount - ok
21:54:37.0812 0172 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:54:37.0902 0172 winachsf - ok
21:54:37.0982 0172 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:54:38.0062 0172 WinDefend - ok
21:54:38.0072 0172 WinHttpAutoProxySvc - ok
21:54:38.0142 0172 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:54:38.0242 0172 Winmgmt - ok
21:54:38.0362 0172 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:54:38.0452 0172 WinRM - ok
21:54:38.0502 0172 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:38.0542 0172 WinUsb - ok
21:54:38.0592 0172 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:54:38.0642 0172 Wlansvc - ok
21:54:38.0682 0172 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:54:38.0742 0172 WmiAcpi - ok
21:54:38.0782 0172 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:54:38.0812 0172 wmiApSrv - ok
21:54:38.0912 0172 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:54:39.0032 0172 WMPNetworkSvc - ok
21:54:39.0062 0172 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:54:39.0162 0172 WPCSvc - ok
21:54:39.0192 0172 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:54:39.0252 0172 WPDBusEnum - ok
21:54:39.0292 0172 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:54:39.0332 0172 ws2ifsl - ok
21:54:39.0362 0172 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:54:39.0382 0172 wscsvc - ok
21:54:39.0432 0172 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:54:39.0452 0172 WSDPrintDevice - ok
21:54:39.0452 0172 WSearch - ok
21:54:39.0552 0172 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:54:39.0672 0172 wuauserv - ok
21:54:39.0712 0172 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:54:39.0772 0172 WudfPf - ok
21:54:39.0812 0172 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:39.0832 0172 WUDFRd - ok
21:54:39.0872 0172 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:54:39.0892 0172 wudfsvc - ok
21:54:39.0942 0172 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:54:40.0032 0172 WwanSvc - ok
21:54:40.0084 0172 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:54:40.0114 0172 XAudio - ok
21:54:40.0134 0172 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:54:40.0174 0172 XAudioService - ok
21:54:40.0204 0172 ================ Scan global ===============================
21:54:40.0234 0172 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:54:40.0264 0172 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:54:40.0274 0172 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:54:40.0304 0172 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:54:40.0344 0172 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:54:40.0354 0172 [Global] - ok
21:54:40.0354 0172 ================ Scan MBR ==================================
21:54:40.0364 0172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:54:40.0774 0172 \Device\Harddisk0\DR0 - ok
21:54:40.0784 0172 ================ Scan VBR ==================================
21:54:40.0814 0172 [ 12D31D17B17360F54DE5C4F71F1D473D ] \Device\Harddisk0\DR0\Partition1
21:54:40.0814 0172 \Device\Harddisk0\DR0\Partition1 - ok
21:54:40.0834 0172 [ 057DBBCDD980C704FE99B2E8A0EBBB9B ] \Device\Harddisk0\DR0\Partition2
21:54:40.0844 0172 \Device\Harddisk0\DR0\Partition2 - ok
21:54:40.0874 0172 [ D6800D97591C85B65873820A1565E8F3 ] \Device\Harddisk0\DR0\Partition3
21:54:40.0874 0172 \Device\Harddisk0\DR0\Partition3 - ok
21:54:40.0874 0172 ============================================================
21:54:40.0874 0172 Scan finished
21:54:40.0874 0172 ============================================================
21:54:40.0894 3884 Detected object count: 19
21:54:40.0894 3884 Actual detected object count: 19
21:55:15.0766 3884 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0766 3884 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0766 3884 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0766 3884 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0766 3884 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0766 3884 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884 MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0776 3884 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0786 3884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0786 3884 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0786 3884 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0786 3884 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0786 3884 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0796 3884 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0796 3884 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:15.0796 3884 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0796 3884 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.01.2013, 22:14
| #11 | |
| /// Malware-holic | System Progressive Protection... combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 23:43
| #12 |
| | System Progressive Protection... endlich, endlich... Code:
ATTFilter ComboFix 13-01-11.02 - *** 11.01.2013 23:06:18.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.1992.586 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\Thumbs.db
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\***\AppData\Roaming\Haowes
c:\users\***\AppData\Roaming\Haowes\feti.abb
c:\users\***\AppData\Roaming\Urruer
c:\users\***\AppData\Roaming\Urruer\wovye.kax
Q:\AUTORUN.INF
S:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 ))))))))))))))))))))))))))))))
.
.
2013-01-11 22:21 . 2013-01-11 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 21:52 . 2013-01-10 21:52 -------- d-----w- c:\users\***\AppData\Roaming\EurekaLog
2013-01-10 21:15 . 2013-01-11 22:24 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-01-10 20:31 . 2013-01-10 20:31 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-01-10 20:31 . 2013-01-10 20:31 -------- d-----w- c:\programdata\Malwarebytes
2013-01-10 20:31 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-10 20:31 . 2013-01-10 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-10 20:31 . 2013-01-10 20:31 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-01-10 20:02 . 2013-01-10 20:50 -------- d-----w- c:\programdata\6472A497FCFAC9BE00006472402ACED0
2013-01-09 20:53 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 20:52 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 20:52 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:51 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:49 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-09 20:48 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:48 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-12-22 08:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:38 . 2012-03-30 11:03 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:38 . 2011-05-19 06:33 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 17:23 . 2012-12-09 17:16 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 17:23 . 2012-12-09 17:16 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-16 19:17 . 2012-12-09 17:16 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-12 22:19 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 22:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 22:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 22:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 22:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 22:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 19:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 19:13 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39 . 2012-11-28 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-29 177440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-03-07 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-23 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-10-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [x]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [x]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:38]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 12:41]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 12:41]
.
2012-09-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-12-22 c:\windows\Tasks\ReclaimerUpdateFiles_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
2013-01-05 c:\windows\Tasks\ReclaimerUpdateXML_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
2013-01-11 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-02-07 07:46]
.
2013-01-11 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.taekwondo.ch/bern/
uInternet Settings,ProxyOverride = *.local*.unibe.ch;130.92.*;<local>;*.local
uInternet Settings,ProxyServer = http=proxy.unibe.ch:80
uSearchURL,(Default) = hxxp://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(668)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\EhStorShell.dll
c:\windows\system32\SndVolSSO.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\wwapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-11 23:35:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-11 22:35
.
Vor Suchlauf: 21 Verzeichnis(se), 78'102'953'984 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 77'844'779'008 Bytes frei
.
- - End Of File - - 989190A253EA9FFCE81707B67303F485
|
|
14.01.2013, 16:35
| #13 |
| /// Malware-holic | System Progressive Protection... hi nutzt du das System für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 17:17
| #14 |
| | System Progressive Protection... Hallo Ich habs benutzt für onlinebanking (habe ich sperren lassen) und selten mal zum einkaufen. Beruflich gar nichts. |
|
14.01.2013, 21:27
| #15 |
| /// Malware-holic | System Progressive Protection... hi du hast hier das zero access rootkit, das kann man nicht 100 %ig sicher los werden, du machst aber onlinebanking, deswegen ist das nötig. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu System Progressive Protection... |
| administrator, anti-malware, appdata, autostart, code, dateien, desktop, explorer, explorer.exe, gelöscht, gen, guard, hilfe!, laptop, malwarebytes, microsoft, quarantäne, roaming, service, software, speicher, system, test, version |
Linear-Darstellung
