|
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach Benutzer Login, Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.01.2013, 21:52 | #1 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Liebe Trojaner-Bekämpfer, seit heute Mittag ist auf meinem Windows 7 Laptop der Administrator-Account lahmgelegt. Nach dem Login erscheint ein weißer Bildschirm, die Applikationen laufen weiter, aber man sieht nichts mehr. Zuvor hatte ich in Opera nach Aufruf einer Webseite ebenfalls plötzlich einen weißen Schirm, allerdings mit einer Browser-Fehlermeldung in blauer Schrift, den genauen Inhalt erinnere ich nicht mehr. Gestern habe ich - als letzte Installations-Aktion - auf dem Rechner den PDF-Creator aktualisiert. Über einen anderen Account kann ich auf dem Rechner noch arbeiten. Malwarebytes hat einen Trojaner gefunden, da das in Eurer Anleitung aber nicht vorkam, habe ich nach dem Scan nichts verändert. Zur Info das Ergebnis in Kurzform: Files Detected: 1 C:\Users\***\AppData\Roaming\skype.dat (Trojan.Agent) -> No action taken. Bei Malwarebytes ist mir noch aufgefallen, dass der Button: "nach Updates suchen" ausgegraut war und nicht aktiviert werden konnte. Ist das neu und man muss dafür die Vollversion kaufen oder hat die Software auf andere Weise gemerkt, dass sie frisch installiert war? Die Ergebnisse der ersten Schritte Eurer Anleitung sind: 1. Defogger: Finished ohne Probleme 2. OTL: OTL.TXT Code:
ATTFilter OTL logfile created on: 16.01.2013 17:07:21 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Günter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,53% Memory free 15,77 Gb Paging File | 13,02 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,67 Gb Total Space | 259,09 Gb Free Space | 57,75% Space Free | Partition Type: NTFS Drive Q: | 15,62 Gb Total Space | 5,40 Gb Free Space | 34,58% Space Free | Partition Type: NTFS Computer Name: LTM_1 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Günter\Desktop\Defogger.exe () PRC - C:\Users\Günter\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe () PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Günter\Desktop\Defogger.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Programme\Lenovo\AutoLock\cv210.dll () MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll () MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (mfecore) -- C:\Programme\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (KlimaLogg Service) -- C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe () SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (McAWFwk) -- c:\Programme\McAfee\MSC\McAWFwk.exe (McAfee, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.) DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (l36wgps) -- C:\Windows\SysNative\drivers\l36wgps64.sys (Ericsson AB) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 46 63 A8 D9 EF CD 01 [binary data] IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.1:3128 IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP IE - HKU\S-1-5-21-2362343066-3472654345-1732029382-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.12.04 15:02:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.15 11:16:21 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://home.sweetim.com/?barid={CEDA22B9-EAD4-11E1-8F6F-028037EC0200} CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://home.sweetim.com/?barid={CEDA22B9-EAD4-11E1-8F6F-028037EC0200} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2362343066-3472654345-1732029382-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E166F0-5DD2-4D56-9C0A-EAB233E3E8D7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD94A71B-D120-40EB-97E6-CD884F4892EF}: DhcpNameServer = 192.168.0.2 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat () O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{696398c6-5b7d-11e1-8880-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{696398c6-5b7d-11e1-8880-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect [2013.01.15 11:34:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Kingston [2013.01.15 11:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2013.01.15 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files [2013.01.15 11:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.01.15 11:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.01.15 11:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.01.15 11:15:49 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2013.01.15 11:15:49 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2013.01.15 11:15:49 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.15 11:15:48 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2013.01.15 11:15:47 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2013.01.15 11:15:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2013.01.15 11:15:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2013.01.15 11:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.01.15 11:12:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.10 14:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTrack 3D [2013.01.10 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wintrack61 [2013.01.10 13:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stop Motion Pro v7 [2013.01.10 13:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stop Motion Pro v7 [2013.01.09 09:41:27 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 09:41:27 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 09:41:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 09:41:05 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 09:41:01 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 09:41:01 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 09:41:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 09:41:01 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 09:41:01 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 09:41:01 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 09:41:01 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 09:41:01 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 09:41:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 09:41:01 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 09:41:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 09:41:01 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 09:41:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 09:41:01 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 09:41:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 09:41:01 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 09:41:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 09:41:01 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 09:41:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 09:41:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 09:41:01 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 09:41:01 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 09:41:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 09:41:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 09:41:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 09:41:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 09:41:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 09:40:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 09:40:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 09:40:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 09:40:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 09:40:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 09:40:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 09:40:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 09:40:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 09:40:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 09:40:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 09:40:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 09:40:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 09:40:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 09:40:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 09:40:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 09:40:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 09:40:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 09:40:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 09:40:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 09:40:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.07 19:01:05 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013.01.07 19:00:07 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013.01.05 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinTrack [2013.01.04 13:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.04 13:51:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.01.04 13:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.04 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.04 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.01.04 13:12:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.03 16:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SMP7 [2013.01.03 15:28:11 | 000,000,000 | ---D | C] -- C:\My Documents [2013.01.03 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd [2012.12.23 03:00:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.23 03:00:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.23 03:00:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.23 03:00:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.16 17:09:25 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.01.16 16:35:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.16 16:32:59 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.16 16:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.16 16:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.16 14:35:43 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013.01.16 14:31:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.16 14:15:19 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 14:15:19 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 14:12:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.16 14:12:25 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.16 14:12:25 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.16 14:12:25 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.16 14:12:25 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.16 14:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.16 14:07:28 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys [2013.01.16 12:58:52 | 000,059,392 | ---- | M] () -- C:\Users\***\4985553.exe [2013.01.16 09:47:17 | 000,007,680 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.15 11:16:35 | 000,001,008 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk [2013.01.11 13:56:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2013.01.11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.10 13:45:32 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Stop Motion Pro v7.5 Action! HD.lnk [2013.01.10 03:23:30 | 000,376,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 09:13:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 09:13:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.08 07:40:17 | 000,000,905 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.01.05 22:40:16 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\PCD20522.L!C [2013.01.04 13:51:53 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.16 16:35:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.16 12:59:04 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.01.16 12:58:51 | 000,059,392 | ---- | C] () -- C:\Users\***\4985553.exe [2013.01.15 11:16:35 | 000,001,008 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk [2013.01.10 14:15:51 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2013.01.10 13:45:32 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Stop Motion Pro v7.5 Action! HD.lnk [2013.01.08 07:40:17 | 000,000,905 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.01.07 19:00:44 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2013.01.07 19:00:43 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2013.01.05 22:40:16 | 000,000,000 | ---- | C] () -- C:\Users\Public\Documents\PCD20522.L!C [2013.01.04 13:51:53 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.28 11:57:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.09.19 09:49:26 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.08.02 21:36:39 | 000,000,678 | ---- | C] () -- C:\Users\***\.jmf-resource [2012.07.21 21:40:25 | 000,007,680 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.13 21:14:25 | 000,002,399 | ---- | C] () -- C:\ProgramData\KlimaLogg.dat1 [2012.07.13 21:11:14 | 041,943,040 | ---- | C] () -- C:\ProgramData\KlimaLoggServiceDataStore [2012.05.12 22:21:11 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.05.11 15:52:23 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.05.10 22:42:56 | 000,059,392 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.dat [2012.02.20 14:25:28 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.02.20 06:01:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.20 06:01:12 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.20 06:01:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.20 06:00:19 | 000,034,463 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.16 14:44:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\APP_NAME_NON_STRING [2012.09.07 21:19:56 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Canon [2012.09.07 21:19:55 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Leadertech [2012.09.08 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Opera [2012.09.18 02:18:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\PwrMgr [2013.01.15 11:16:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2012.05.16 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.12.08 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.12.08 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.29 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoplus [2012.05.19 15:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.07.25 19:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoCar Consulting [2013.01.16 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kingston [2013.01.15 09:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KlimaLoggPro [2012.05.09 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.05.09 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo [2012.12.08 13:01:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.05.09 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.05.11 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr [2013.01.15 15:05:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2013.01.15 11:16:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.05.11 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr [2012.08.26 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland [2012.12.08 13:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.08.31 07:22:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2013.01.10 14:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack [2012.07.23 08:19:29 | 000,000,000 | ---D | M] -- C:\Users\Luca\AppData\Roaming\Canon [2012.07.23 08:10:04 | 000,000,000 | ---D | M] -- C:\Users\Luca\AppData\Roaming\Leadertech [2012.09.04 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Luca\AppData\Roaming\Opera [2012.07.23 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\Luca\AppData\Roaming\PwrMgr [2012.09.05 20:08:36 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Canon [2012.09.05 22:30:12 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\IrfanView [2012.05.09 20:22:56 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Leadertech [2012.09.04 22:46:11 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\Opera [2012.05.11 21:41:23 | 000,000,000 | ---D | M] -- C:\Users\Silke\AppData\Roaming\PwrMgr ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.01.2013 17:07:21 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Günter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,53% Memory free 15,77 Gb Paging File | 13,02 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,67 Gb Total Space | 259,09 Gb Free Space | 57,75% Space Free | Partition Type: NTFS Drive Q: | 15,62 Gb Total Space | 5,40 Gb Free Space | 34,58% Space Free | Partition Type: NTFS Computer Name: LTM_1 | User Name: Günter Lauven | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2362343066-3472654345-1732029382-1004\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Users\Günter\AppData\Local\Programs\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10A18052-D5AA-4C78-8358-8B28F23E6DCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{19DF02FE-A26A-4103-BA97-C6F3B0FC07CD}" = lport=137 | protocol=17 | dir=in | app=system | "{287E4918-DD7A-4034-894F-7E5E93E6B481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{54AC7ACA-9F94-447E-BA32-7D8B8F037CD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{553C8466-62B8-43F6-84F7-A679C8092D5C}" = rport=445 | protocol=6 | dir=out | app=system | "{7D27291E-6236-4174-BBAC-F0B053145944}" = lport=138 | protocol=17 | dir=in | app=system | "{8721304A-D9D7-4BFD-9A9F-D1FF1B993D11}" = rport=137 | protocol=17 | dir=out | app=system | "{9762D54B-7233-4445-B0C8-8709A15BBB5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9E2438E0-98BC-4A66-B74F-ED9BE8B61046}" = lport=139 | protocol=6 | dir=in | app=system | "{B567EB35-5DA1-4861-B53C-491009DC67A2}" = rport=138 | protocol=17 | dir=out | app=system | "{D26BFA67-0F42-41F4-81BF-42BE4112FA66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DE11BF6D-EEC0-4D82-93A7-21254C8FCFE8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{ED8F71E1-7A1C-46B5-A160-AEC4808206A0}" = lport=445 | protocol=6 | dir=in | app=system | "{EE35AA1C-9118-40AB-AD55-B353A143F054}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F2440A07-C33E-4562-935D-95969C2D34BA}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00604E45-A1E0-427D-8E2B-4EE2C026F7BA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{0068AA97-495E-475E-83C0-2CC838E0A3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{00DB2687-D3E6-4CCE-8A3C-A0AC9B4ACA11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{118AE9C2-F845-453E-A257-BF0D89403FD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{318617FD-30A3-4B15-8B37-AD9336A6EE22}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{40080DC2-B9ED-443B-82D1-F65B9698D2DB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{418D356C-D1CC-413A-AE0E-1F24CDF906A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4292E9BA-3EA9-42F3-A3D0-4B926340E747}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{46A0984F-7D67-4B03-A744-85F6F2B5E72B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{4ED3CC73-4350-4F70-91C9-46D7FDD5E2B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{54C0C001-EA03-4B43-AD12-DEAD11D781A8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{54E5CD5D-A813-4303-B2ED-E295543431A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5840267A-9EFB-4A20-9D03-726A507E8175}" = protocol=17 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs4a47\hpdiagnosticcoreui.exe | "{62FC93B5-6617-4EC4-9DCC-688ED862B267}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{65B92F77-01F6-40FF-BC51-A8DE9F9E3088}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{66FFFDDB-980A-4D88-9ADF-AC32CEC27E30}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{687F42B2-DAD2-4402-B0FB-5E9BC8A07F6E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78C23B9F-C4B8-4788-B095-6939FE090EC6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{7BE8E06E-C2AE-42C2-A5C8-F12175E556B0}" = protocol=6 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs4a47\hpdiagnosticcoreui.exe | "{807B6485-298E-4BA0-9F96-60F95F0ED7B0}" = dir=in | app=c:\program files\itunes\itunes.exe | "{8398353B-9796-419D-B722-BA4324FA3276}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{A31A78E9-0537-4D31-9637-B412F3FB0179}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{A346EC68-C774-4F9C-ADE5-06A3F89852AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{ABB2F503-63CB-48C0-8173-4859EC3D88CF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{AE7B5F44-1144-4CBC-A950-398CE79B0BEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C344B1C4-B81B-4F10-97D8-7CA7012DF43F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C51A6E87-166A-4CC0-99DA-57AC5E6A07EE}" = protocol=17 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs489f\hppiw.exe | "{CAF0EA57-A43E-4394-A749-56E01C3E1936}" = protocol=17 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs6dfe\hppiw.exe | "{E124657B-A695-4234-950A-000D9416B5FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E7A42DE0-854C-4632-B6B1-41BE3A8561E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{EC70C410-EF42-47A2-9527-62E5CBD30D76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F4E54247-5636-4927-B574-A9E6D35EB0A0}" = protocol=6 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs6dfe\hppiw.exe | "{F84F79E0-8256-499C-8C1C-514FE9DDFAC4}" = protocol=6 | dir=in | app=c:\users\günter lauven\appdata\local\temp\7zs489f\hppiw.exe | "{F9D568DD-E560-4C27-ADBA-CD365559D96D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{FC9AB9E5-A03D-46AC-AB0E-C156D911904B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FD083A3C-4493-4284-A5F2-4F643025C59C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{39969C3E-B297-41E5-9A7B-E252B504B21B}" = Lenovo SimpleTap "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}" = LEGO MINDSTORMS NXT x64 Driver "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) "43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) "6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) "8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "9B84710FFAE6C50914FCE568B59E426F1386E7F6" = Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "GIMP-2_is1" = GIMP 2.8.0 "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09531CAE-B186-49A9-B44F-C607CC54FA2A}" = PDF Architect "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package "{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93552E73-A357-4D96-A3AF-2B00B50B719A}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147 "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFF9B672-09C0-41E6-BA77-2EC668B427F2}" = LEGO MINDSTORMS NXT x64 Driver Support "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers "{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F1D03978-38C5-43F7-8FEF-F4DCDFF26EA5}" = LEGO MINDSTORMS NXT Software v2.0 "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC43A698-C7B1-461D-9C2A-91E65D334924}" = LEGO MINDSTORMS NXT Patch v2.0f3 "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Aquaria" = Aquaria "CanonSolutionMenuEX" = Canon Solution Menu EX "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.36.1201 "Google Chrome" = Google Chrome "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "IrfanView" = IrfanView (remove only) "KlimaLogg Pro_is1" = KlimaLogg Pro "Lenovo Welcome_is1" = Lenovo Welcome "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Virtual Technician" = McAfee Virtual Technician "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MSC" = McAfee AntiVirus Plus "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OpenAL" = OpenAL "Opera 12.12.1707" = Opera 12.12 "ProInst" = Intel PROSet Wireless "Stop Motion Pro v7.5 Action! HD Edition_is1" = Stop Motion Pro v7.5 Action! HD Edition "Sweet Home 3D_is1" = Sweet Home 3D version 3.5 "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials "wintrack6_is1" = WinTrack Version 11.0 3D "XMind" = XMind ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2362343066-3472654345-1732029382-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Opera 12.02.1578" = Opera 12.02 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.12.2012 19:40:09 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3027 Error - 29.12.2012 19:40:10 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.12.2012 19:40:10 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4025 Error - 29.12.2012 19:40:10 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4025 Error - 29.12.2012 19:40:11 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.12.2012 19:40:11 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5195 Error - 29.12.2012 19:40:11 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5195 Error - 30.12.2012 07:01:07 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 30.12.2012 07:01:07 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 40860999 Error - 30.12.2012 07:01:07 | Computer Name = LTM_1 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 40860999 [ Lenovo-Message Center Plus/Admin Events ] Error - 15.12.2012 09:52:41 | Computer Name = LTM_1 | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Error - 15.12.2012 14:08:12 | Computer Name = LTM_1 | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. [ System Events ] Error - 23.12.2012 20:33:10 | Computer Name = LTM_1 | Source = DCOM | ID = 10010 Description = Error - 29.12.2012 04:00:13 | Computer Name = LTM_1 | Source = DCOM | ID = 10010 Description = Error - 30.12.2012 16:16:29 | Computer Name = LTM_1 | Source = DCOM | ID = 10010 Description = Error - 03.01.2013 07:14:31 | Computer Name = LTM_1 | Source = DCOM | ID = 10005 Description = Error - 03.01.2013 07:14:31 | Computer Name = LTM_1 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 Error - 04.01.2013 08:13:28 | Computer Name = LTM_1 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 04.01.2013 08:14:00 | Computer Name = LTM_1 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 04.01.2013 08:15:00 | Computer Name = LTM_1 | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 04.01.2013 08:50:41 | Computer Name = LTM_1 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 05.01.2013 11:32:06 | Computer Name = LTM_1 | Source = DCOM | ID = 10010 Description = < End of report > GMER.TXT ist als .ZIP angehängt. Vielen Dank für Eure Unterstützung im Voraus! Gruß Gep |
16.01.2013, 22:19 | #2 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Ich bin´s nochmal: Die gmer-Ergebnisse habe ich deshalb gezipt angehängt, weil sie für einen code-insert zu groß waren. Jedenfalls hat der Checker gemeckert :-).
__________________Gruß gep |
16.01.2013, 22:23 | #3 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 hi
__________________*** im Script durch deinen Nutzernamen ersetzen. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O20 - HKU\S-1-5-21-2362343066-3472654345-1732029382-1001 Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat () :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
17.01.2013, 08:27 | #4 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, vielen Dank für Deine Hilfe. Beim Fix habe ich einen Fehler gemacht: Ich habe nur die ersten "***" durch meinen Klarnamen ersetzt und erst im Ergebnis von OTL gesehen, dass es am Ende der langen Zeile noch eine zweite Stelle gab. Kann ich den Fix entsprechend korrigiert einfach nochmal laufen lassen? Hier das Ergebnis des Fix (Achtung: ich habe den Klarnamen im Ergebnis jetzt durch YYY ersetzt, so dass man den Unterschied zum nicht ersetzten *** sehen kann): HTML-Code: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\YYY\AppData\Roaming\skype.dat deleted successfully. File C:\Users\***\AppData\Roaming\skype.dat not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Günter ->Flash cache emptied: 1543 bytes User: YYY ->Flash cache emptied: 5436 bytes User: Luca ->Flash cache emptied: 3159 bytes User: Public User: Silke ->Flash cache emptied: 492 bytes User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Günter ->Temp folder emptied: 110189004 bytes ->Temporary Internet Files folder emptied: 14402169 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 1905008 bytes ->Opera cache emptied: 52877223 bytes ->Flash cache emptied: 0 bytes User: YYY ->Temp folder emptied: 79510560 bytes ->Temporary Internet Files folder emptied: 8830755 bytes ->Java cache emptied: 22853 bytes ->Google Chrome cache emptied: 6158133 bytes ->Opera cache emptied: 7688096 bytes ->Flash cache emptied: 0 bytes User: Luca ->Temp folder emptied: 1558630 bytes ->Temporary Internet Files folder emptied: 24355729 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 7079295 bytes ->Flash cache emptied: 0 bytes User: Public User: Silke ->Temp folder emptied: 19568 bytes ->Temporary Internet Files folder emptied: 4020721 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 2333066 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 189242879 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes RecycleBin emptied: 415460494 bytes Total Files Cleaned = 883,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01172013_081123 gep |
17.01.2013, 14:47 | #5 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 hi ja bitte, und den Upload noch mal durchführen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 15:23 | #6 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, danke, scheint geklappt zu haben, allerdings hat sich dieses Mal mein McAfee den infizierten File "geschnappt" und in Quarantäne gestellt, so das er nach dem Reboot für OTL nicht mehr zu finden war. Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2362343066-3472654345-1732029382-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\skype.dat deleted successfully. File C:\Users\***\AppData\Roaming\skype.dat not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Günter ->Flash cache emptied: 1543 bytes User: *** ->Flash cache emptied: 5436 bytes User: Luca ->Flash cache emptied: 3159 bytes User: Public User: Silke ->Flash cache emptied: 492 bytes User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Günter ->Temp folder emptied: 110189004 bytes ->Temporary Internet Files folder emptied: 14402169 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 1905008 bytes ->Opera cache emptied: 52877223 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 79510560 bytes ->Temporary Internet Files folder emptied: 8830755 bytes ->Java cache emptied: 22853 bytes ->Google Chrome cache emptied: 6158133 bytes ->Opera cache emptied: 7688096 bytes ->Flash cache emptied: 0 bytes User: Luca ->Temp folder emptied: 1558630 bytes ->Temporary Internet Files folder emptied: 24355729 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 7079295 bytes ->Flash cache emptied: 0 bytes User: Public User: Silke ->Temp folder emptied: 19568 bytes ->Temporary Internet Files folder emptied: 4020721 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 2333066 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 189242879 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes RecycleBin emptied: 415460494 bytes Total Files Cleaned = 883,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01172013_081123 Files\Folders moved on Reboot... File move failed. C:\Users\Günter\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Der betroffene Account geht jetzt wieder, der weiße Bildschirm tritt nicht mehr auf. Vielen, vielen Dank, Du und Deine Kollegen (und Kolleginnen) Ihr seid spitze!!! Eine paar Fragen hätte ich noch: Wie kann man sich so einen Trojaner einfangen? Reicht der Besuch einer entsprechend bösartigen Internetseite oder muss dazu eine Datei auf dem Rechner ausgeführt werden? Könnte das etwas mit dem PDF Creator Update zu tun haben? Warum hat der McAfee den Befall nicht bemerkt? Skype habe ich übrigens seit Monaten nicht benutzt, aber ich vermute, das ist ohnehin nur ein Tarnname. Den Upload habe ich erfolgreich durchgeführt. Viele Grüße, gep |
17.01.2013, 16:50 | #7 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 17:12 | #8 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, den TDSS Killer von Kaspersky habe ich laufen lassen mit folgendem Ergebnis: Code:
ATTFilter 16:59:23.0492 7592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:59:25.0495 7592 ============================================================ 16:59:25.0495 7592 Current date / time: 2013/01/17 16:59:25.0495 16:59:25.0495 7592 SystemInfo: 16:59:25.0495 7592 16:59:25.0495 7592 OS Version: 6.1.7601 ServicePack: 1.0 16:59:25.0495 7592 Product type: Workstation 16:59:25.0496 7592 ComputerName: LTM_1 16:59:25.0496 7592 UserName: *** 16:59:25.0496 7592 Windows directory: C:\Windows 16:59:25.0496 7592 System windows directory: C:\Windows 16:59:25.0496 7592 Running under WOW64 16:59:25.0496 7592 Processor architecture: Intel x64 16:59:25.0496 7592 Number of processors: 4 16:59:25.0496 7592 Page size: 0x1000 16:59:25.0496 7592 Boot type: Normal boot 16:59:25.0496 7592 ============================================================ 16:59:26.0282 7592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:59:26.0287 7592 ============================================================ 16:59:26.0287 7592 \Device\Harddisk0\DR0: 16:59:26.0287 7592 MBR partitions: 16:59:26.0288 7592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000 16:59:26.0288 7592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38157000 16:59:26.0288 7592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000 16:59:26.0288 7592 ============================================================ 16:59:26.0305 7592 C: <-> \Device\Harddisk0\DR0\Partition2 16:59:26.0353 7592 Q: <-> \Device\Harddisk0\DR0\Partition3 16:59:26.0353 7592 ============================================================ 16:59:26.0353 7592 Initialize success 16:59:26.0353 7592 ============================================================ 17:00:11.0082 2080 ============================================================ 17:00:11.0082 2080 Scan started 17:00:11.0082 2080 Mode: Manual; SigCheck; TDLFS; 17:00:11.0082 2080 ============================================================ 17:00:12.0888 2080 ================ Scan system memory ======================== 17:00:12.0888 2080 System memory - ok 17:00:12.0889 2080 ================ Scan services ============================= 17:00:12.0980 2080 0283021358430311mcinstcleanup - ok 17:00:13.0076 2080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 17:00:13.0208 2080 1394ohci - ok 17:00:13.0260 2080 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 17:00:13.0301 2080 5U877 - ok 17:00:13.0326 2080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:00:13.0378 2080 ACPI - ok 17:00:13.0394 2080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:00:13.0453 2080 AcpiPmi - ok 17:00:13.0539 2080 [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 17:00:13.0568 2080 AcPrfMgrSvc - ok 17:00:13.0608 2080 [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 17:00:13.0636 2080 AcSvc - ok 17:00:13.0735 2080 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:00:13.0760 2080 AdobeARMservice - ok 17:00:13.0859 2080 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:00:13.0893 2080 AdobeFlashPlayerUpdateSvc - ok 17:00:13.0932 2080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:00:13.0989 2080 adp94xx - ok 17:00:14.0030 2080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:00:14.0104 2080 adpahci - ok 17:00:14.0130 2080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:00:14.0172 2080 adpu320 - ok 17:00:14.0193 2080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:00:14.0250 2080 AeLookupSvc - ok 17:00:14.0287 2080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:00:14.0317 2080 AFD - ok 17:00:14.0334 2080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:00:14.0371 2080 agp440 - ok 17:00:14.0393 2080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:00:14.0435 2080 ALG - ok 17:00:14.0461 2080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:00:14.0499 2080 aliide - ok 17:00:14.0506 2080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:00:14.0544 2080 amdide - ok 17:00:14.0556 2080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:00:14.0609 2080 AmdK8 - ok 17:00:14.0620 2080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:00:14.0670 2080 AmdPPM - ok 17:00:14.0694 2080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:00:14.0735 2080 amdsata - ok 17:00:14.0749 2080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:00:14.0787 2080 amdsbs - ok 17:00:14.0803 2080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:00:14.0839 2080 amdxata - ok 17:00:14.0873 2080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:00:15.0013 2080 AppID - ok 17:00:15.0023 2080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:00:15.0100 2080 AppIDSvc - ok 17:00:15.0106 2080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:00:15.0160 2080 Appinfo - ok 17:00:15.0225 2080 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:00:15.0286 2080 Apple Mobile Device - ok 17:00:15.0330 2080 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 17:00:15.0446 2080 AppMgmt - ok 17:00:15.0467 2080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 17:00:15.0510 2080 arc - ok 17:00:15.0521 2080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:00:15.0559 2080 arcsas - ok 17:00:15.0581 2080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:00:15.0631 2080 AsyncMac - ok 17:00:15.0642 2080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:00:15.0680 2080 atapi - ok 17:00:15.0719 2080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:00:15.0796 2080 AudioEndpointBuilder - ok 17:00:15.0816 2080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:00:15.0863 2080 AudioSrv - ok 17:00:15.0899 2080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:00:15.0990 2080 AxInstSV - ok 17:00:16.0014 2080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 17:00:16.0062 2080 b06bdrv - ok 17:00:16.0077 2080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:00:16.0132 2080 b57nd60a - ok 17:00:16.0147 2080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:00:16.0194 2080 BDESVC - ok 17:00:16.0204 2080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:00:16.0260 2080 Beep - ok 17:00:16.0310 2080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:00:16.0407 2080 BFE - ok 17:00:16.0442 2080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:00:16.0567 2080 BITS - ok 17:00:16.0591 2080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:00:16.0627 2080 blbdrive - ok 17:00:16.0678 2080 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:00:16.0738 2080 Bonjour Service - ok 17:00:16.0756 2080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:00:16.0797 2080 bowser - ok 17:00:16.0818 2080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:00:16.0875 2080 BrFiltLo - ok 17:00:16.0887 2080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:00:16.0937 2080 BrFiltUp - ok 17:00:16.0980 2080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:00:17.0048 2080 Browser - ok 17:00:17.0067 2080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:00:17.0128 2080 Brserid - ok 17:00:17.0139 2080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:00:17.0184 2080 BrSerWdm - ok 17:00:17.0202 2080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:00:17.0252 2080 BrUsbMdm - ok 17:00:17.0265 2080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:00:17.0304 2080 BrUsbSer - ok 17:00:17.0365 2080 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:00:17.0469 2080 BthEnum - ok 17:00:17.0484 2080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:00:17.0563 2080 BTHMODEM - ok 17:00:17.0588 2080 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:00:17.0673 2080 BthPan - ok 17:00:17.0706 2080 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:00:17.0824 2080 BTHPORT - ok 17:00:17.0857 2080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:00:17.0945 2080 bthserv - ok 17:00:17.0959 2080 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:00:18.0008 2080 BTHUSB - ok 17:00:18.0053 2080 [ 8834F87A6A745872894DF8223201A6C3 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 17:00:18.0187 2080 BTWAMPFL - ok 17:00:18.0202 2080 [ 9863D82ECBEC6106D377ED73680D99D8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 17:00:18.0261 2080 btwaudio - ok 17:00:18.0284 2080 [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 17:00:18.0326 2080 btwavdt - ok 17:00:18.0375 2080 [ EB4AFE08FB39BB444F221D7D501E0915 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 17:00:18.0467 2080 btwdins - ok 17:00:18.0487 2080 [ 382DC5A631CED0462EA09B7EB898BDBF ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 17:00:18.0522 2080 btwl2cap - ok 17:00:18.0531 2080 [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 17:00:18.0570 2080 btwrchid - ok 17:00:18.0578 2080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:00:18.0621 2080 cdfs - ok 17:00:18.0654 2080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:00:18.0691 2080 cdrom - ok 17:00:18.0724 2080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:00:18.0778 2080 CertPropSvc - ok 17:00:18.0849 2080 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys 17:00:18.0892 2080 cfwids - ok 17:00:18.0919 2080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 17:00:19.0005 2080 circlass - ok 17:00:19.0031 2080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:00:19.0080 2080 CLFS - ok 17:00:19.0137 2080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:00:19.0212 2080 clr_optimization_v2.0.50727_32 - ok 17:00:19.0253 2080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:00:19.0336 2080 clr_optimization_v2.0.50727_64 - ok 17:00:19.0378 2080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:00:19.0432 2080 clr_optimization_v4.0.30319_32 - ok 17:00:19.0466 2080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:00:19.0495 2080 clr_optimization_v4.0.30319_64 - ok 17:00:19.0522 2080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:00:19.0560 2080 CmBatt - ok 17:00:19.0570 2080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:00:19.0607 2080 cmdide - ok 17:00:19.0643 2080 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:00:19.0810 2080 CNG - ok 17:00:19.0880 2080 [ DB6F09464C57606892BF6D2458483417 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 17:00:19.0954 2080 CnxtHdAudService - ok 17:00:19.0983 2080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 17:00:20.0046 2080 Compbatt - ok 17:00:20.0065 2080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:00:20.0097 2080 CompositeBus - ok 17:00:20.0108 2080 COMSysApp - ok 17:00:20.0117 2080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:00:20.0154 2080 crcdisk - ok 17:00:20.0200 2080 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:00:20.0229 2080 CryptSvc - ok 17:00:20.0245 2080 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 17:00:20.0280 2080 CSC - ok 17:00:20.0308 2080 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 17:00:20.0350 2080 CscService - ok 17:00:20.0360 2080 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 17:00:20.0436 2080 CxAudMsg - ok 17:00:20.0463 2080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:00:20.0511 2080 DcomLaunch - ok 17:00:20.0532 2080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:00:20.0586 2080 defragsvc - ok 17:00:20.0600 2080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:00:20.0652 2080 DfsC - ok 17:00:20.0679 2080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:00:20.0719 2080 Dhcp - ok 17:00:20.0734 2080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:00:20.0795 2080 discache - ok 17:00:20.0822 2080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 17:00:20.0857 2080 Disk - ok 17:00:20.0869 2080 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 17:00:20.0914 2080 dmvsc - ok 17:00:20.0938 2080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:00:20.0974 2080 Dnscache - ok 17:00:20.0988 2080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:00:21.0078 2080 dot3svc - ok 17:00:21.0153 2080 [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 17:00:21.0220 2080 DozeSvc - ok 17:00:21.0239 2080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:00:21.0320 2080 DPS - ok 17:00:21.0342 2080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:00:21.0385 2080 drmkaud - ok 17:00:21.0406 2080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:00:21.0440 2080 DXGKrnl - ok 17:00:21.0476 2080 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys 17:00:21.0580 2080 DzHDD64 - ok 17:00:21.0607 2080 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 17:00:21.0636 2080 e1cexpress - ok 17:00:21.0672 2080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:00:21.0730 2080 EapHost - ok 17:00:21.0810 2080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 17:00:21.0998 2080 ebdrv - ok 17:00:22.0027 2080 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys 17:00:22.0051 2080 ecnssndis - ok 17:00:22.0062 2080 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys 17:00:22.0090 2080 ecnssndisfltr - ok 17:00:22.0107 2080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:00:22.0141 2080 EFS - ok 17:00:22.0178 2080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:00:22.0297 2080 ehRecvr - ok 17:00:22.0307 2080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:00:22.0350 2080 ehSched - ok 17:00:22.0381 2080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:00:22.0442 2080 elxstor - ok 17:00:22.0454 2080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:00:22.0497 2080 ErrDev - ok 17:00:22.0532 2080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:00:22.0579 2080 EventSystem - ok 17:00:22.0660 2080 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 17:00:22.0731 2080 EvtEng - ok 17:00:22.0755 2080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:00:22.0838 2080 exfat - ok 17:00:22.0853 2080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:00:22.0944 2080 fastfat - ok 17:00:22.0970 2080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:00:23.0000 2080 Fax - ok 17:00:23.0012 2080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 17:00:23.0060 2080 fdc - ok 17:00:23.0080 2080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:00:23.0160 2080 fdPHost - ok 17:00:23.0171 2080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:00:23.0259 2080 FDResPub - ok 17:00:23.0281 2080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:00:23.0318 2080 FileInfo - ok 17:00:23.0321 2080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:00:23.0399 2080 Filetrace - ok 17:00:23.0413 2080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:00:23.0455 2080 flpydisk - ok 17:00:23.0466 2080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:00:23.0511 2080 FltMgr - ok 17:00:23.0542 2080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:00:23.0613 2080 FontCache - ok 17:00:23.0650 2080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:00:23.0677 2080 FontCache3.0.0.0 - ok 17:00:23.0684 2080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:00:23.0722 2080 FsDepends - ok 17:00:23.0743 2080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:00:23.0779 2080 Fs_Rec - ok 17:00:23.0806 2080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:00:23.0875 2080 fvevol - ok 17:00:23.0901 2080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:00:23.0941 2080 gagp30kx - ok 17:00:23.0987 2080 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:00:24.0032 2080 GEARAspiWDM - ok 17:00:24.0062 2080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:00:24.0121 2080 gpsvc - ok 17:00:24.0155 2080 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:00:24.0183 2080 gupdate - ok 17:00:24.0187 2080 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:00:24.0216 2080 gupdatem - ok 17:00:24.0228 2080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:00:24.0270 2080 hcw85cir - ok 17:00:24.0296 2080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:00:24.0347 2080 HdAudAddService - ok 17:00:24.0376 2080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:00:24.0413 2080 HDAudBus - ok 17:00:24.0419 2080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:00:24.0461 2080 HidBatt - ok 17:00:24.0472 2080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:00:24.0523 2080 HidBth - ok 17:00:24.0546 2080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 17:00:24.0587 2080 HidIr - ok 17:00:24.0602 2080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:00:24.0686 2080 hidserv - ok 17:00:24.0710 2080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:00:24.0737 2080 HidUsb - ok 17:00:24.0783 2080 [ 852681A14AFEE00C0C3179429A08C868 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 17:00:24.0861 2080 HipShieldK - ok 17:00:24.0874 2080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:00:24.0972 2080 hkmsvc - ok 17:00:24.0989 2080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:00:25.0033 2080 HomeGroupListener - ok 17:00:25.0049 2080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:00:25.0090 2080 HomeGroupProvider - ok 17:00:25.0188 2080 [ 389BC447DF363450A78845D35DBA0047 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 17:00:25.0265 2080 HomeNetSvc - ok 17:00:25.0289 2080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:00:25.0334 2080 HpSAMD - ok 17:00:25.0385 2080 HPSLPSVC - ok 17:00:25.0432 2080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:00:25.0541 2080 HTTP - ok 17:00:25.0552 2080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:00:25.0590 2080 hwpolicy - ok 17:00:25.0620 2080 [ E935C8099F9196BF19224D9EE4808612 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 17:00:25.0646 2080 HyperW7Svc - ok 17:00:25.0671 2080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:00:25.0700 2080 i8042prt - ok 17:00:25.0730 2080 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys 17:00:25.0759 2080 iaStor - ok 17:00:25.0805 2080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:00:25.0893 2080 iaStorV - ok 17:00:25.0912 2080 [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 17:00:25.0936 2080 IBMPMDRV - ok 17:00:25.0947 2080 [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 17:00:26.0019 2080 IBMPMSVC - ok 17:00:26.0074 2080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:00:26.0202 2080 idsvc - ok 17:00:26.0440 2080 [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:00:26.0560 2080 igfx - ok 17:00:26.0572 2080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:00:26.0611 2080 iirsp - ok 17:00:26.0641 2080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:00:26.0711 2080 IKEEXT - ok 17:00:26.0726 2080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:00:26.0766 2080 intelide - ok 17:00:26.0785 2080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:00:26.0813 2080 intelppm - ok 17:00:26.0822 2080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:00:26.0902 2080 IPBusEnum - ok 17:00:26.0916 2080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:00:26.0996 2080 IpFilterDriver - ok 17:00:27.0041 2080 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:00:27.0073 2080 iphlpsvc - ok 17:00:27.0087 2080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:00:27.0130 2080 IPMIDRV - ok 17:00:27.0138 2080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:00:27.0216 2080 IPNAT - ok 17:00:27.0270 2080 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:00:27.0342 2080 iPod Service - ok 17:00:27.0353 2080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:00:27.0409 2080 IRENUM - ok 17:00:27.0424 2080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:00:27.0462 2080 isapnp - ok 17:00:27.0480 2080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:00:27.0522 2080 iScsiPrt - ok 17:00:27.0607 2080 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 17:00:27.0692 2080 jhi_service - ok 17:00:27.0712 2080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:00:27.0767 2080 kbdclass - ok 17:00:27.0794 2080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:00:27.0860 2080 kbdhid - ok 17:00:27.0863 2080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:00:27.0891 2080 KeyIso - ok 17:00:27.0944 2080 [ A5A8D96A1B88D082DA50AF78F455804E ] KlimaLogg Service C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe 17:00:28.0003 2080 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - warning 17:00:28.0003 2080 KlimaLogg Service - detected UnsignedFile.Multi.Generic (1) 17:00:28.0020 2080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:00:28.0084 2080 KSecDD - ok 17:00:28.0096 2080 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:00:28.0138 2080 KSecPkg - ok 17:00:28.0147 2080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:00:28.0200 2080 ksthunk - ok 17:00:28.0228 2080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:00:28.0321 2080 KtmRm - ok 17:00:28.0354 2080 [ C864875E87E6B790471516856FC1F5C2 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys 17:00:28.0382 2080 l36wgps - ok 17:00:28.0417 2080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:00:28.0476 2080 LanmanServer - ok 17:00:28.0497 2080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:00:28.0551 2080 LanmanWorkstation - ok 17:00:28.0582 2080 [ 56B74943929BC575914631EDC0E72220 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 17:00:28.0631 2080 LENOVO.CAMMUTE - ok 17:00:28.0680 2080 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 17:00:28.0743 2080 LENOVO.MICMUTE - ok 17:00:28.0750 2080 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 17:00:28.0778 2080 lenovo.smi - ok 17:00:28.0781 2080 [ F9B51B2A5DA1222A910021C71E9EA559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 17:00:28.0804 2080 LENOVO.TPKNRSVC - ok 17:00:28.0816 2080 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 17:00:28.0844 2080 Lenovo.VIRTSCRLSVC - ok 17:00:28.0877 2080 [ 606DA892A53FA863B67F8D3F8FF016A0 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys 17:00:28.0916 2080 LenovoRd - ok 17:00:28.0946 2080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:00:28.0999 2080 lltdio - ok 17:00:29.0011 2080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:00:29.0100 2080 lltdsvc - ok 17:00:29.0136 2080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:00:29.0196 2080 lmhosts - ok 17:00:29.0241 2080 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:00:29.0303 2080 LMS - ok 17:00:29.0325 2080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:00:29.0366 2080 LSI_FC - ok 17:00:29.0382 2080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:00:29.0419 2080 LSI_SAS - ok 17:00:29.0433 2080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:00:29.0471 2080 LSI_SAS2 - ok 17:00:29.0485 2080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:00:29.0525 2080 LSI_SCSI - ok 17:00:29.0534 2080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:00:29.0589 2080 luafv - ok 17:00:29.0620 2080 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 17:00:29.0706 2080 LVRS64 - ok 17:00:29.0834 2080 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 17:00:30.0105 2080 LVUVC64 - ok 17:00:30.0148 2080 [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys 17:00:30.0206 2080 Mbm3CBus - ok 17:00:30.0225 2080 [ 01E60917101B309E15F30DA26ACF64F6 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 17:00:30.0254 2080 Mbm3DevMt - ok 17:00:30.0269 2080 [ 6350A2CA21FB7B14432EFFDC61863AED ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 17:00:30.0295 2080 Mbm3mdfl - ok 17:00:30.0303 2080 [ 9FC3A8713D148E15D0472E1C44DD0FDA ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 17:00:30.0333 2080 Mbm3Mdm - ok 17:00:30.0398 2080 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 17:00:30.0471 2080 McAfee SiteAdvisor Service - ok 17:00:30.0511 2080 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe 17:00:30.0581 2080 McAWFwk - ok 17:00:30.0607 2080 [ 389BC447DF363450A78845D35DBA0047 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 17:00:30.0654 2080 McMPFSvc - ok 17:00:30.0673 2080 [ 389BC447DF363450A78845D35DBA0047 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 17:00:30.0706 2080 McNaiAnn - ok 17:00:30.0754 2080 [ 93432FAEA699F7A2B4F4AC5949D0B6AB ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 17:00:30.0811 2080 McODS - ok 17:00:30.0825 2080 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 17:00:30.0853 2080 McOobeSv - ok 17:00:30.0871 2080 [ 389BC447DF363450A78845D35DBA0047 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 17:00:30.0898 2080 mcpltsvc - ok 17:00:30.0921 2080 [ 389BC447DF363450A78845D35DBA0047 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 17:00:30.0949 2080 McProxy - ok 17:00:30.0964 2080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:00:31.0013 2080 Mcx2Svc - ok 17:00:31.0044 2080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 17:00:31.0133 2080 megasas - ok 17:00:31.0149 2080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:00:31.0189 2080 MegaSR - ok 17:00:31.0216 2080 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 17:00:31.0242 2080 MEIx64 - ok 17:00:31.0287 2080 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 17:00:31.0346 2080 mfeapfk - ok 17:00:31.0372 2080 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 17:00:31.0406 2080 mfeavfk - ok 17:00:31.0424 2080 mfeavfk01 - ok 17:00:31.0507 2080 [ 38D1F23EE031B615A8CA51DD1E523579 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe 17:00:31.0567 2080 mfecore - ok 17:00:31.0622 2080 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 17:00:31.0699 2080 mfefire - ok 17:00:31.0718 2080 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 17:00:31.0753 2080 mfefirek - ok 17:00:31.0808 2080 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 17:00:31.0914 2080 mfehidk - ok 17:00:31.0931 2080 [ 9C9FC3770BD600B2D761D666234C244D ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys 17:00:31.0974 2080 mfencbdc - ok 17:00:31.0999 2080 [ 93241CC8509B622B47EEA1B8505CF511 ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys 17:00:32.0028 2080 mfencrk - ok 17:00:32.0050 2080 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe 17:00:32.0078 2080 mfevtp - ok 17:00:32.0091 2080 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 17:00:32.0127 2080 mfewfpk - ok 17:00:32.0147 2080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:00:32.0200 2080 MMCSS - ok 17:00:32.0212 2080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:00:32.0267 2080 Modem - ok 17:00:32.0285 2080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:00:32.0326 2080 monitor - ok 17:00:32.0353 2080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:00:32.0382 2080 mouclass - ok 17:00:32.0404 2080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:00:32.0436 2080 mouhid - ok 17:00:32.0456 2080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:00:32.0496 2080 mountmgr - ok 17:00:32.0507 2080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:00:32.0547 2080 mpio - ok 17:00:32.0561 2080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:00:32.0605 2080 mpsdrv - ok 17:00:32.0634 2080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:00:32.0684 2080 MpsSvc - ok 17:00:32.0694 2080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:00:32.0741 2080 MRxDAV - ok 17:00:32.0758 2080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:00:32.0796 2080 mrxsmb - ok 17:00:32.0810 2080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:00:32.0839 2080 mrxsmb10 - ok 17:00:32.0852 2080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:00:32.0881 2080 mrxsmb20 - ok 17:00:32.0896 2080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:00:32.0931 2080 msahci - ok 17:00:32.0944 2080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:00:32.0984 2080 msdsm - ok 17:00:33.0000 2080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:00:33.0045 2080 MSDTC - ok 17:00:33.0072 2080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:00:33.0129 2080 Msfs - ok 17:00:33.0150 2080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:00:33.0228 2080 mshidkmdf - ok 17:00:33.0249 2080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:00:33.0284 2080 msisadrv - ok 17:00:33.0312 2080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:00:33.0405 2080 MSiSCSI - ok 17:00:33.0407 2080 msiserver - ok 17:00:33.0415 2080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:00:33.0497 2080 MSKSSRV - ok 17:00:33.0512 2080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:00:33.0590 2080 MSPCLOCK - ok 17:00:33.0597 2080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:00:33.0684 2080 MSPQM - ok 17:00:33.0704 2080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:00:33.0749 2080 MsRPC - ok 17:00:33.0757 2080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:00:33.0783 2080 mssmbios - ok 17:00:33.0793 2080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:00:33.0875 2080 MSTEE - ok 17:00:33.0885 2080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:00:33.0927 2080 MTConfig - ok 17:00:33.0941 2080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:00:33.0979 2080 Mup - ok 17:00:34.0004 2080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:00:34.0115 2080 napagent - ok 17:00:34.0146 2080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:00:34.0199 2080 NativeWifiP - ok 17:00:34.0231 2080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:00:34.0342 2080 NDIS - ok 17:00:34.0353 2080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:00:34.0433 2080 NdisCap - ok 17:00:34.0452 2080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:00:34.0494 2080 NdisTapi - ok 17:00:34.0501 2080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:00:34.0546 2080 Ndisuio - ok 17:00:34.0563 2080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:00:34.0612 2080 NdisWan - ok 17:00:34.0627 2080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:00:34.0686 2080 NDProxy - ok 17:00:34.0697 2080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:00:34.0745 2080 NetBIOS - ok 17:00:34.0759 2080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:00:34.0805 2080 NetBT - ok 17:00:34.0820 2080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:00:34.0846 2080 Netlogon - ok 17:00:34.0877 2080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:00:34.0987 2080 Netman - ok 17:00:35.0006 2080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:00:35.0076 2080 netprofm - ok 17:00:35.0098 2080 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:00:35.0140 2080 NetTcpPortSharing - ok 17:00:35.0331 2080 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 17:00:35.0447 2080 NETwNs64 - ok 17:00:35.0477 2080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:00:35.0540 2080 nfrd960 - ok 17:00:35.0580 2080 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:00:35.0639 2080 NlaSvc - ok 17:00:35.0650 2080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:00:35.0694 2080 Npfs - ok 17:00:35.0701 2080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:00:35.0752 2080 nsi - ok 17:00:35.0761 2080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:00:35.0819 2080 nsiproxy - ok 17:00:35.0900 2080 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:00:36.0055 2080 Ntfs - ok 17:00:36.0075 2080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:00:36.0118 2080 Null - ok 17:00:36.0364 2080 [ E2C13F0BC48BBF7FEC12AEE77F3D3E26 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:00:36.0532 2080 nvlddmkm - ok 17:00:36.0544 2080 [ 2E6C975AE61742DC8A31B9E260D8AF1D ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 17:00:36.0579 2080 nvpciflt - ok 17:00:36.0600 2080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:00:36.0640 2080 nvraid - ok 17:00:36.0660 2080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:00:36.0699 2080 nvstor - ok 17:00:36.0726 2080 [ ADE4D6E9335F1746016D3533F177C694 ] NVSvc C:\Windows\system32\nvvsvc.exe 17:00:36.0764 2080 NVSvc - ok 17:00:36.0837 2080 [ E9200F89EA2885B9B8151AA9D7B480EB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 17:00:36.0913 2080 nvUpdatusService - ok 17:00:36.0918 2080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:00:36.0956 2080 nv_agp - ok 17:00:36.0969 2080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:00:37.0019 2080 ohci1394 - ok 17:00:37.0061 2080 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:00:37.0099 2080 ose - ok 17:00:37.0225 2080 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:00:37.0396 2080 osppsvc - ok 17:00:37.0421 2080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:00:37.0475 2080 p2pimsvc - ok 17:00:37.0501 2080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:00:37.0553 2080 p2psvc - ok 17:00:37.0579 2080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 17:00:37.0619 2080 Parport - ok 17:00:37.0636 2080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:00:37.0676 2080 partmgr - ok 17:00:37.0685 2080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:00:37.0719 2080 PcaSvc - ok 17:00:37.0735 2080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:00:37.0774 2080 pci - ok 17:00:37.0788 2080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:00:37.0827 2080 pciide - ok 17:00:37.0838 2080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:00:37.0879 2080 pcmcia - ok 17:00:37.0890 2080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:00:37.0926 2080 pcw - ok 17:00:38.0031 2080 [ B1078DE6104E20BC4CA9591D17CDD5C3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe 17:00:38.0105 2080 PDF Architect Helper Service - ok 17:00:38.0124 2080 [ 256D740E98DB5B86CB248EACADC5DBEC ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe 17:00:38.0160 2080 PDF Architect Service - ok 17:00:38.0180 2080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:00:38.0236 2080 PEAUTH - ok 17:00:38.0267 2080 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:00:38.0413 2080 PeerDistSvc - ok 17:00:38.0481 2080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:00:38.0576 2080 PerfHost - ok 17:00:38.0592 2080 [ 52C9F4359AF4A25969B882AECC6F3BDA ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 17:00:38.0616 2080 PHCORE - ok 17:00:38.0644 2080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:00:38.0772 2080 pla - ok 17:00:38.0802 2080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:00:38.0842 2080 PlugPlay - ok 17:00:38.0857 2080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:00:38.0907 2080 PNRPAutoReg - ok 17:00:38.0922 2080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:00:38.0952 2080 PNRPsvc - ok 17:00:38.0980 2080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:00:39.0072 2080 PolicyAgent - ok 17:00:39.0097 2080 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 17:00:39.0133 2080 Power - ok 17:00:39.0189 2080 [ 0BF1D6B41E4D4376BE4E4FA31D1A88C0 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 17:00:39.0338 2080 Power Manager DBC Service - ok 17:00:39.0378 2080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:00:39.0462 2080 PptpMiniport - ok 17:00:39.0472 2080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 17:00:39.0520 2080 Processor - ok 17:00:39.0546 2080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:00:39.0579 2080 ProfSvc - ok 17:00:39.0589 2080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:00:39.0615 2080 ProtectedStorage - ok 17:00:39.0640 2080 [ B8035AF9CC0CCBA9A09AC0A0D9801797 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 17:00:39.0666 2080 psadd - ok 17:00:39.0691 2080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:00:39.0746 2080 Psched - ok 17:00:39.0767 2080 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 17:00:39.0794 2080 PSI_SVC_2 - ok 17:00:39.0818 2080 [ D20BF8B293EB90E3C4ED2F38B51948A1 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 17:00:39.0915 2080 PwmEWSvc - ok 17:00:39.0975 2080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:00:40.0140 2080 ql2300 - ok 17:00:40.0160 2080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:00:40.0200 2080 ql40xx - ok 17:00:40.0226 2080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:00:40.0277 2080 QWAVE - ok 17:00:40.0287 2080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:00:40.0347 2080 QWAVEdrv - ok 17:00:40.0353 2080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:00:40.0434 2080 RasAcd - ok 17:00:40.0467 2080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:00:40.0534 2080 RasAgileVpn - ok 17:00:40.0547 2080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:00:40.0640 2080 RasAuto - ok 17:00:40.0653 2080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:00:40.0702 2080 Rasl2tp - ok 17:00:40.0717 2080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:00:40.0801 2080 RasMan - ok 17:00:40.0813 2080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:00:40.0865 2080 RasPppoe - ok 17:00:40.0875 2080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:00:40.0920 2080 RasSstp - ok 17:00:40.0935 2080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:00:40.0991 2080 rdbss - ok 17:00:41.0005 2080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:00:41.0036 2080 rdpbus - ok 17:00:41.0052 2080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:00:41.0095 2080 RDPCDD - ok 17:00:41.0114 2080 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:00:41.0157 2080 RDPDR - ok 17:00:41.0167 2080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:00:41.0221 2080 RDPENCDD - ok 17:00:41.0232 2080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:00:41.0278 2080 RDPREFMP - ok 17:00:41.0307 2080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:00:41.0361 2080 RDPWD - ok 17:00:41.0388 2080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:00:41.0427 2080 rdyboost - ok 17:00:41.0479 2080 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 17:00:41.0550 2080 RegSrvc - ok 17:00:41.0569 2080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:00:41.0650 2080 RemoteAccess - ok 17:00:41.0678 2080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:00:41.0765 2080 RemoteRegistry - ok 17:00:41.0791 2080 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:00:41.0880 2080 RFCOMM - ok 17:00:41.0916 2080 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys 17:00:41.0966 2080 risdxc - ok 17:00:41.0976 2080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:00:42.0049 2080 RpcEptMapper - ok 17:00:42.0073 2080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:00:42.0115 2080 RpcLocator - ok 17:00:42.0128 2080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:00:42.0174 2080 RpcSs - ok 17:00:42.0204 2080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:00:42.0276 2080 rspndr - ok 17:00:42.0290 2080 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 17:00:42.0337 2080 s3cap - ok 17:00:42.0353 2080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:00:42.0381 2080 SamSs - ok 17:00:42.0383 2080 SAService - ok 17:00:42.0395 2080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:00:42.0433 2080 sbp2port - ok 17:00:42.0443 2080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:00:42.0499 2080 SCardSvr - ok 17:00:42.0511 2080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:00:42.0558 2080 scfilter - ok 17:00:42.0585 2080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:00:42.0654 2080 Schedule - ok 17:00:42.0682 2080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:00:42.0725 2080 SCPolicySvc - ok 17:00:42.0753 2080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:00:42.0784 2080 SDRSVC - ok 17:00:42.0805 2080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:00:42.0855 2080 secdrv - ok 17:00:42.0864 2080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:00:42.0940 2080 seclogon - ok 17:00:42.0948 2080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:00:43.0006 2080 SENS - ok 17:00:43.0031 2080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:00:43.0133 2080 SensrSvc - ok 17:00:43.0149 2080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 17:00:43.0223 2080 Serenum - ok 17:00:43.0247 2080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 17:00:43.0297 2080 Serial - ok 17:00:43.0305 2080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:00:43.0355 2080 sermouse - ok 17:00:43.0377 2080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:00:43.0461 2080 SessionEnv - ok 17:00:43.0465 2080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:00:43.0507 2080 sffdisk - ok 17:00:43.0510 2080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:00:43.0553 2080 sffp_mmc - ok 17:00:43.0556 2080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:00:43.0605 2080 sffp_sd - ok 17:00:43.0615 2080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:00:43.0655 2080 sfloppy - ok 17:00:43.0685 2080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:00:43.0804 2080 SharedAccess - ok 17:00:43.0822 2080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:00:43.0871 2080 ShellHWDetection - ok 17:00:43.0900 2080 [ E2FC046D4EDABFE3B5EF7DA06406277D ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 17:00:43.0931 2080 Shockprf - ok 17:00:43.0939 2080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:00:43.0975 2080 SiSRaid2 - ok 17:00:43.0979 2080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:00:44.0017 2080 SiSRaid4 - ok 17:00:44.0042 2080 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:00:44.0069 2080 SkypeUpdate - ok 17:00:44.0089 2080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:00:44.0170 2080 Smb - ok 17:00:44.0216 2080 [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 17:00:44.0277 2080 smihlp - ok 17:00:44.0301 2080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:00:44.0351 2080 SNMPTRAP - ok 17:00:44.0358 2080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:00:44.0396 2080 spldr - ok 17:00:44.0442 2080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:00:44.0474 2080 Spooler - ok 17:00:44.0563 2080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:00:44.0735 2080 sppsvc - ok 17:00:44.0751 2080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:00:44.0829 2080 sppuinotify - ok 17:00:44.0849 2080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:00:44.0887 2080 srv - ok 17:00:44.0910 2080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:00:44.0949 2080 srv2 - ok 17:00:44.0966 2080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:00:44.0994 2080 srvnet - ok 17:00:45.0012 2080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:00:45.0056 2080 SSDPSRV - ok 17:00:45.0064 2080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:00:45.0144 2080 SstpSvc - ok 17:00:45.0178 2080 [ 9F16DDF670705ECAE9169E6E3130E50B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 17:00:45.0209 2080 Stereo Service - ok 17:00:45.0227 2080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:00:45.0265 2080 stexstor - ok 17:00:45.0299 2080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:00:45.0367 2080 stisvc - ok 17:00:45.0391 2080 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 17:00:45.0428 2080 storflt - ok 17:00:45.0437 2080 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 17:00:45.0491 2080 StorSvc - ok 17:00:45.0499 2080 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 17:00:45.0535 2080 storvsc - ok 17:00:45.0587 2080 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 17:00:45.0633 2080 SUService ( UnsignedFile.Multi.Generic ) - warning 17:00:45.0633 2080 SUService - detected UnsignedFile.Multi.Generic (1) 17:00:45.0641 2080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:00:45.0666 2080 swenum - ok 17:00:45.0684 2080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:00:45.0748 2080 swprv - ok 17:00:45.0811 2080 [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 17:00:45.0870 2080 SynTP - ok 17:00:45.0900 2080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:00:45.0969 2080 SysMain - ok 17:00:45.0986 2080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:00:46.0047 2080 TabletInputService - ok 17:00:46.0078 2080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:00:46.0127 2080 TapiSrv - ok 17:00:46.0153 2080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:00:46.0231 2080 TBS - ok 17:00:46.0305 2080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:00:46.0460 2080 Tcpip - ok 17:00:46.0524 2080 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:00:46.0598 2080 TCPIP6 - ok 17:00:46.0645 2080 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:00:46.0728 2080 tcpipreg - ok 17:00:46.0759 2080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:00:46.0831 2080 TDPIPE - ok 17:00:46.0851 2080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:00:46.0892 2080 TDTCP - ok 17:00:46.0909 2080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:00:46.0962 2080 tdx - ok 17:00:46.0979 2080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:00:47.0005 2080 TermDD - ok 17:00:47.0024 2080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:00:47.0143 2080 TermService - ok 17:00:47.0153 2080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:00:47.0184 2080 Themes - ok 17:00:47.0204 2080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:00:47.0250 2080 THREADORDER - ok 17:00:47.0268 2080 [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 17:00:47.0294 2080 TPDIGIMN - ok 17:00:47.0307 2080 [ F0684C62ED8FD3061CD488ECFC851022 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 17:00:47.0336 2080 TPHDEXLGSVC - ok 17:00:47.0367 2080 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 17:00:47.0392 2080 TPHKLOAD - ok 17:00:47.0407 2080 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 17:00:47.0432 2080 TPHKSVC - ok 17:00:47.0458 2080 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 17:00:47.0493 2080 TPM - ok 17:00:47.0504 2080 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 17:00:47.0529 2080 TPPWRIF - ok 17:00:47.0543 2080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:00:47.0597 2080 TrkWks - ok 17:00:47.0645 2080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:00:47.0745 2080 TrustedInstaller - ok 17:00:47.0758 2080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:00:47.0844 2080 tssecsrv - ok 17:00:47.0851 2080 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:00:47.0889 2080 TsUsbFlt - ok 17:00:47.0901 2080 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 17:00:47.0939 2080 TsUsbGD - ok 17:00:47.0959 2080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:00:48.0013 2080 tunnel - ok 17:00:48.0046 2080 [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys 17:00:48.0074 2080 TVTI2C - ok 17:00:48.0078 2080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:00:48.0116 2080 uagp35 - ok 17:00:48.0132 2080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:00:48.0214 2080 udfs - ok 17:00:48.0235 2080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:00:48.0286 2080 UI0Detect - ok 17:00:48.0342 2080 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 17:00:48.0465 2080 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning 17:00:48.0465 2080 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1) 17:00:48.0487 2080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:00:48.0526 2080 uliagpkx - ok 17:00:48.0540 2080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:00:48.0579 2080 umbus - ok 17:00:48.0591 2080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 17:00:48.0637 2080 UmPass - ok 17:00:48.0656 2080 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 17:00:48.0700 2080 UmRdpService - ok 17:00:48.0735 2080 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 17:00:48.0764 2080 UMVPFSrv - ok 17:00:48.0862 2080 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 17:00:48.0925 2080 UNS - ok 17:00:48.0946 2080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:00:48.0991 2080 upnphost - ok 17:00:49.0020 2080 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:00:49.0085 2080 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 17:00:49.0085 2080 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 17:00:49.0118 2080 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:00:49.0167 2080 usbaudio - ok 17:00:49.0185 2080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:00:49.0223 2080 usbccgp - ok 17:00:49.0241 2080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:00:49.0289 2080 usbcir - ok 17:00:49.0300 2080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:00:49.0334 2080 usbehci - ok 17:00:49.0357 2080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:00:49.0396 2080 usbhub - ok 17:00:49.0416 2080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:00:49.0487 2080 usbohci - ok 17:00:49.0498 2080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:00:49.0572 2080 usbprint - ok 17:00:49.0594 2080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:00:49.0656 2080 usbscan - ok 17:00:49.0677 2080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:00:49.0740 2080 USBSTOR - ok 17:00:49.0751 2080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:00:49.0800 2080 usbuhci - ok 17:00:49.0821 2080 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:00:49.0879 2080 usbvideo - ok 17:00:49.0904 2080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:00:49.0963 2080 UxSms - ok 17:00:49.0976 2080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:00:50.0002 2080 VaultSvc - ok 17:00:50.0021 2080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:00:50.0058 2080 vdrvroot - ok 17:00:50.0080 2080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:00:50.0191 2080 vds - ok 17:00:50.0204 2080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:00:50.0248 2080 vga - ok 17:00:50.0257 2080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:00:50.0307 2080 VgaSave - ok 17:00:50.0322 2080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:00:50.0363 2080 vhdmp - ok 17:00:50.0372 2080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:00:50.0413 2080 viaide - ok 17:00:50.0431 2080 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 17:00:50.0470 2080 vmbus - ok 17:00:50.0482 2080 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 17:00:50.0531 2080 VMBusHID - ok 17:00:50.0548 2080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:00:50.0585 2080 volmgr - ok 17:00:50.0604 2080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:00:50.0649 2080 volmgrx - ok 17:00:50.0665 2080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:00:50.0708 2080 volsnap - ok 17:00:50.0734 2080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:00:50.0772 2080 vsmraid - ok 17:00:50.0813 2080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:00:50.0899 2080 VSS - ok 17:00:50.0908 2080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:00:50.0949 2080 vwifibus - ok 17:00:50.0958 2080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:00:50.0990 2080 vwififlt - ok 17:00:51.0005 2080 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:00:51.0047 2080 vwifimp - ok 17:00:51.0081 2080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:00:51.0224 2080 W32Time - ok 17:00:51.0235 2080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:00:51.0285 2080 WacomPen - ok 17:00:51.0307 2080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:00:51.0363 2080 WANARP - ok 17:00:51.0373 2080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:00:51.0417 2080 Wanarpv6 - ok 17:00:51.0477 2080 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 17:00:51.0606 2080 WatAdminSvc - ok 17:00:51.0645 2080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:00:51.0793 2080 wbengine - ok 17:00:51.0816 2080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:00:51.0848 2080 WbioSrvc - ok 17:00:51.0856 2080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:00:51.0924 2080 wcncsvc - ok 17:00:51.0938 2080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:00:51.0978 2080 WcsPlugInService - ok 17:00:51.0982 2080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 17:00:52.0019 2080 Wd - ok 17:00:52.0053 2080 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:00:52.0123 2080 Wdf01000 - ok 17:00:52.0137 2080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:00:52.0179 2080 WdiServiceHost - ok 17:00:52.0195 2080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:00:52.0229 2080 WdiSystemHost - ok 17:00:52.0240 2080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:00:52.0291 2080 WebClient - ok 17:00:52.0308 2080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:00:52.0405 2080 Wecsvc - ok 17:00:52.0419 2080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:00:52.0463 2080 wercplsupport - ok 17:00:52.0487 2080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:00:52.0534 2080 WerSvc - ok 17:00:52.0555 2080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:00:52.0597 2080 WfpLwf - ok 17:00:52.0611 2080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:00:52.0650 2080 WIMMount - ok 17:00:52.0663 2080 WinDefend - ok 17:00:52.0667 2080 WinHttpAutoProxySvc - ok 17:00:52.0714 2080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:00:52.0821 2080 Winmgmt - ok 17:00:52.0882 2080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:00:53.0111 2080 WinRM - ok 17:00:53.0135 2080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 17:00:53.0175 2080 WinUsb - ok 17:00:53.0198 2080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:00:53.0242 2080 Wlansvc - ok 17:00:53.0279 2080 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:00:53.0316 2080 wlcrasvc - ok 17:00:53.0435 2080 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:00:53.0513 2080 wlidsvc - ok 17:00:53.0539 2080 WMCoreService - ok 17:00:53.0561 2080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:00:53.0590 2080 WmiAcpi - ok 17:00:53.0620 2080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:00:53.0670 2080 wmiApSrv - ok 17:00:53.0681 2080 WMPNetworkSvc - ok 17:00:53.0715 2080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:00:53.0754 2080 WPCSvc - ok 17:00:53.0765 2080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:00:53.0797 2080 WPDBusEnum - ok 17:00:53.0807 2080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:00:53.0887 2080 ws2ifsl - ok 17:00:53.0895 2080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 17:00:53.0927 2080 wscsvc - ok 17:00:53.0930 2080 WSearch - ok 17:00:53.0984 2080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:00:54.0036 2080 wuauserv - ok 17:00:54.0080 2080 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:00:54.0151 2080 WudfPf - ok 17:00:54.0180 2080 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:00:54.0235 2080 WUDFRd - ok 17:00:54.0254 2080 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:00:54.0299 2080 wudfsvc - ok 17:00:54.0315 2080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:00:54.0363 2080 WwanSvc - ok 17:00:54.0388 2080 [ AA0A3A08A501237CD5BC4CFBFB64B3D6 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 17:00:54.0416 2080 WwanUsbServ - ok 17:00:54.0442 2080 ================ Scan global =============================== 17:00:54.0463 2080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:00:54.0500 2080 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 17:00:54.0515 2080 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 17:00:54.0544 2080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:00:54.0567 2080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:00:54.0574 2080 [Global] - ok 17:00:54.0575 2080 ================ Scan MBR ================================== 17:00:54.0588 2080 [ E9914FA4BCE611BA2428893EAB488616 ] \Device\Harddisk0\DR0 17:00:54.0961 2080 \Device\Harddisk0\DR0 - ok 17:00:54.0962 2080 ================ Scan VBR ================================== 17:00:54.0967 2080 [ 01A8B17651729FAFC59E388AD635D502 ] \Device\Harddisk0\DR0\Partition1 17:00:54.0970 2080 \Device\Harddisk0\DR0\Partition1 - ok 17:00:55.0004 2080 [ 2DF0A3E7F58F542F126B2712BFFCA6B7 ] \Device\Harddisk0\DR0\Partition2 17:00:55.0009 2080 \Device\Harddisk0\DR0\Partition2 - ok 17:00:55.0043 2080 [ CA6E36990036A03700F8D7B76F39CD58 ] \Device\Harddisk0\DR0\Partition3 17:00:55.0047 2080 \Device\Harddisk0\DR0\Partition3 - ok 17:00:55.0048 2080 ============================================================ 17:00:55.0048 2080 Scan finished 17:00:55.0048 2080 ============================================================ 17:00:55.0068 5340 Detected object count: 4 17:00:55.0068 5340 Actual detected object count: 4 17:02:54.0815 5340 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:54.0815 5340 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:54.0818 5340 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:54.0818 5340 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:54.0820 5340 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:54.0821 5340 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:02:54.0823 5340 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 17:02:54.0823 5340 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip Die anderen drei Dateien sagen mir nichts. Gruß gep |
17.01.2013, 17:40 | #9 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 hi das log is ok aber: ist das nen Firmen PC, wenn ja, habt ihr eine IT Abteilung?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 17:49 | #10 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, ich bin selbständiger Ingenieur und das ist mein Laptop, den ich privat wie beruflich nutze. Eine IT Abteilung habe ich leider nicht. Gibt es etwas, auf das ich speziell achten sollte? Viele Grüße, gep |
17.01.2013, 17:52 | #11 | |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 Hi, normalerweise reinigen wir keine Firmen PC's, da du aber keine IT-Abteilung hst, und selbstständig bist, passt das. ich hoffe, du nutzt mit deinem Firmen gerät keine illegalen Streams wie Kinox.to, oder Pornoseiten, das ist kein vorwurf, sondern aus Erfahrung die häufigsten infektionsquellen. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 19:04 | #12 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, combofix steht bei "Fertiggestellt Stufe_4" und macht aus meiner Sicht nichts mehr. Ein Logfile habe ich nicht entdeckt. Was soll ich tun? Gruß gep Ein möglicher Grund könnte sein, dass sich der McAfee nach 15 Minuten wieder selber aktiviert hat und dazwischengefunkt hat. Soll ich das offene DOS-Fenster schließen und combofix nochmals laufen lassen? Gruß gep |
17.01.2013, 21:58 | #13 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 hi ja schließen dann neustarten, f8 drücken abgesicherter modus wählen in deinem Konto anmelden, cf ausführen. wenn fertig neustarten, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 23:38 | #14 |
| Weißer Bildschirm nach Benutzer Login, Windows 7 Hallo Markus, jetzt scheint alles funktioniert zu haben. Hier ist das Logfile: Code:
ATTFilter ComboFix 13-01-17.03 - *** 17.01.2013 23:14:11.2.4 - x64 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8075.6979 [GMT 1:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\KlimaLogg.dat1.tmp c:\programdata\Roaming C:\root c:\root\wpfdot.exe c:\users\Silke\ofps_setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-17 bis 2013-01-17 )))))))))))))))))))))))))))))) . . 2013-01-17 22:25 . 2013-01-17 22:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-17 22:25 . 2013-01-17 22:25 -------- d-----w- c:\users\Silke\AppData\Local\temp 2013-01-17 22:25 . 2013-01-17 22:25 -------- d-----w- c:\users\Luca\AppData\Local\temp 2013-01-16 13:44 . 2013-01-16 13:44 -------- d-----w- c:\users\Günter\AppData\Roaming\APP_NAME_NON_STRING 2013-01-16 13:11 . 2013-01-16 13:11 -------- d-----w- c:\users\Günter\AppData\Roaming\Malwarebytes 2013-01-15 14:05 . 2013-01-15 14:05 -------- d-----w- c:\users\***\AppData\Roaming\PDF Architect 2013-01-15 10:34 . 2013-01-16 08:57 -------- d-----w- c:\users\***\AppData\Roaming\Kingston 2013-01-15 10:16 . 2013-01-15 10:16 -------- d-----w- c:\users\***\AppData\Roaming\APP_NAME_NON_STRING 2013-01-15 10:16 . 2013-01-15 10:16 -------- d-----w- c:\program files (x86)\PDF Architect 2013-01-15 10:15 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2013-01-15 10:15 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-01-15 10:15 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-01-15 10:15 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL 2013-01-15 10:15 . 2013-01-15 10:25 -------- d-----w- c:\program files (x86)\PDFCreator 2013-01-15 10:15 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-01-15 10:15 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2013-01-15 10:15 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2013-01-15 10:12 . 2013-01-15 10:12 -------- d-----w- c:\users\***\AppData\Local\Programs 2013-01-15 08:56 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{914084FF-6177-4E19-8B42-E81757048A05}\mpengine.dll 2013-01-10 13:12 . 2013-01-10 13:16 -------- d-----w- c:\program files (x86)\wintrack61 2013-01-10 12:45 . 2013-01-10 12:45 -------- d-----w- c:\program files (x86)\Stop Motion Pro v7 2013-01-09 08:40 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-07 18:01 . 2012-05-28 09:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-01-07 18:00 . 2012-11-09 05:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2013-01-05 21:33 . 2013-01-10 13:38 -------- d-----w- c:\users\***\AppData\Roaming\WinTrack 2013-01-04 12:51 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-01-04 12:51 . 2013-01-04 12:51 -------- d-----w- c:\program files\iPod 2013-01-04 12:51 . 2013-01-04 12:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-04 12:51 . 2013-01-04 12:51 -------- d-----w- c:\program files\iTunes 2013-01-03 15:14 . 2013-01-03 15:17 -------- d-----w- c:\programdata\SMP7 2013-01-03 14:28 . 2013-01-03 14:28 -------- d-----w- C:\My Documents 2013-01-03 14:26 . 2013-01-03 14:26 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2012-12-23 02:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 02:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-23 02:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-23 02:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 02:02 . 2012-05-11 20:38 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-09 08:13 . 2012-05-10 21:59 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 08:13 . 2012-05-10 21:59 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 15:49 . 2012-08-23 21:09 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 08:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-14 02:01 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-14 02:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-14 02:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-14 02:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-14 02:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-14 02:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-14 02:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-14 02:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-14 02:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-14 02:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-14 02:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-14 02:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-14 02:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-14 02:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-14 02:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-14 02:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-14 02:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-14 02:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-14 02:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-14 02:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-14 02:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-14 02:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 22:39 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 05:40 . 2012-11-09 05:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 05:37 . 2012-11-09 05:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 05:35 . 2012-11-09 05:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 05:34 . 2012-11-09 05:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 05:34 . 2012-11-09 05:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 05:33 . 2012-11-09 05:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-09 04:42 . 2012-12-12 22:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 22:37 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 22:37 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-11-02 00:46 . 2012-11-02 00:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2012-11-02 00:46 . 2012-11-02 00:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2012-11-02 00:46 . 2012-11-02 00:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}] 2012-12-14 15:26 92384 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-12-14 732384] . [HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}] [HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}] [HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 0283021358430311mcinstcleanup;McAfee Application Installer Cleanup (0283021358430311);c:\windows\TEMP\028302~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] R4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-01 25960] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944] S2 KlimaLogg Service;KlimaLogg Service;c:\program files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2012-01-16 545280] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-25 378472] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-23 26664] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-23 30248] S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2011-02-28 101416] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016] S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-13 419400] S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-13 430664] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-13 19528] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-13 483400] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-04-06 286248] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-15 12:46 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Inhalt des "geplante Tasks" Ordners . 2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 08:13] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 05:14] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 05:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TpShocks"="TpShocks.exe" [2010-12-09 380776] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 192.168.0.1:3128 IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to iPod Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\SysWOW64\SAsrv.exe c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Lenovo\System Update\SUService.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-01-17 23:31:57 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-01-17 22:31 . Vor Suchlauf: 13 Verzeichnis(se), 278.750.756.864 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 278.021.296.128 Bytes frei . - - End Of File - - A016941A08992E94FB0AF9E74453D25E gep |
18.01.2013, 18:53 | #15 |
/// Malware-holic | Weißer Bildschirm nach Benutzer Login, Windows 7 hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Weißer Bildschirm nach Benutzer Login, Windows 7 |
7-zip, antivirus, ausgegraut, autorun, bho, bildschirm, bonjour, canon, converter, error, festplatte, firefox, flash player, format, helper, home, homepage, install.exe, lenovo, logfile, msiexec.exe, nvidia update, nvpciflt.sys, object, plug-in, popup, pwmtr64v.dll, registry, rundll, saving, scan, siteadvisor, software, svchost.exe, updates, windows, wrapper |