Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.03.2013, 03:30   #1
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hallo,

ich habe folgendes Problem:

nachdem ich meinen usb drive an einem anderen Rechner verwendet habe, wurde mir auf dem usb drive nur noch eine Verknüpfung zu selbigem drive angezeigt, über welchen ich auf meine Daten zugreifen konnte. Dasselbe passierte auf meiner externen Festplatte, die ich am Rechner angeschlossen hatte um ein backup meiner Daten zu machen.

Nach einem scan mit AVG antivirus konnte ich die Verknüpfung nicht mehr öffnen und komme nicht mehr an meine Dateien. (Bericht sh Anhang)
Es wurde während des scans automatisch gelöscht:
"Objektname";"C:\Windows\SysWOW64\svchost.exe (8220)"
"Erkennungsname";"Trojaner: Defiler.G"
"Objekttyp";"Prozess"
"SDK-Typ";"Kern"
"Ergebnis";"Gelöscht"

Ein anschließender Scan des Computers mit Malwarbytes ergab (sh auch Anhang):
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Raquel\LOCALS~1\Temp\msakou.cmd -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Raquel\LOCALS~1\Temp\msakou.cmd -> Keine Aktion durchgeführt.

Auf einer Internet Seite wurde roquekiller empfohlen hxxp://forums.malwarebytes.org/index.php?showtopic=118394, das mit Erfolg verwendet wurde.

AVG antivirus hat auch Alarm geschlagen beim öffnen meines Thunderbird Email Programms undeine verdächtige Dateien in Quaratäne verschoben und damit alle meine gesendeten Emails und Entwürfe gelöscht bzw unzugänglich gemacht-Bericht dazu:
"Malware"; "IDP.Program.D1B0A5C0";"C:\USERS\RAQUEL\APPDATA\LOCAL\TEMP\PEFUVUJIXIZ.EXE"


Mir wäre wichtig Hilfe zu bekommen dazu, wie ich meine Dateien auf meinem Rechner, die ich aufgrund des Viruses noch nicht auf meine befallene externe Festplatte speichern konnte, sichern kann, ohne damit auch den Virus zu speichern bzw wieder auf meinen dann wieder sauberen Rechner zu infizieren, wie ich den Virus von meinem Rechner entfernen kann und wie ich meine externe Festplatte wieder virusfrei bekomme.

Vielen Dank im voraus!
Raquel
Angehängte Dateien
Dateityp: txt MBAM-log-2013-02-28 (23-45-10).txt (2,7 KB, 149x aufgerufen)
Dateityp: xlsx Scan AVG AntiVirus_28.02.13.xlsx (10,1 KB, 173x aufgerufen)

Alt 10.03.2013, 19:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.03.2013, 15:29   #3
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hallo Cosinus,

Danke für Deine Antwort!

Ich habe ausser den angegebenen kiene weiteren Scans gemacht. Allerdings habe ich, wie unter http://www.trojaner-board.de/69886-a...-beachten.html
beschrieben, defogger und OTL laufen lassen. Falls es relevant, hier der Bericht
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2013 18:43:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raquel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,12% Memory free
7,78 Gb Paging File | 5,70 Gb Available in Paging File | 73,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,96 Gb Total Space | 342,96 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 6,38 Gb Free Space | 40,83% Space Free | Partition Type: NTFS
 
Computer Name: RAQUEL-THINK | User Name: Raquel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0248FC73-3B56-4271-BE8A-518DD027F16C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F196AE6-12FA-437B-A812-5346C8587970}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{222B48BD-5F91-4B7C-99C7-1A668BF2B8F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28008ED2-BF4C-4FFC-8F84-A33A1FFE4FA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{34B59AA5-98D4-4FEA-AD20-86DAED791571}" = lport=137 | protocol=17 | dir=in | app=system | 
"{39393CBB-4DB5-460D-AE0F-F29D85E61514}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D1F5AC0-3E2D-4496-83A8-EEEE1D2860CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DBC60D3-786D-4FDA-B62A-2A31C180BCAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44BD10D0-8763-432F-931C-5F6DBC1729C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4D300DB5-C1E5-4C8F-BBC9-7B44083652A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E60E12B-A2C4-4688-A1C6-D3EF20CB0D4E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{52A0805D-4496-4AEE-880A-0E1F2D12C3F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C1DC529-BF91-42BB-8124-A2016E671F4D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65B8E5CC-D88F-4FA9-9295-D4FCEB2AE3D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A6443CE-DB16-4F9F-9E4E-F23FD25536E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9123B696-25C2-4DF1-A360-E7A1BFD12A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{92B3FB71-9231-4B2D-842A-993F32136A0C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{99BB461C-1F8C-4A04-9CCF-5A83D84AF4D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9EDD8FFE-A456-49EB-AC02-DE0C2C4008DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1138DCC-AA42-4B97-9955-B25F6117EC0C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{B788C25B-C556-4367-B771-D7DA373BFC00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA268370-0196-4180-A8C0-D71943A9FE75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5A9D360-61EF-406E-9F5C-64F72431EADC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D2195FC2-0D0E-438D-A9D5-12E14CF35477}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E74E2772-978C-413B-A6B0-A0EAE335DF90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EEC66AB4-ED57-499D-8CEE-FA8A3FAD2201}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036D9745-C3D7-47E2-A5FD-6E45269D238D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{04DF5424-E40C-4154-9EAA-77758D558A43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07A80C55-A386-4843-8D9D-124B440AC455}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs53cd.tmp\symnrt.exe | 
"{0963D1CF-7355-48D4-A008-86E86C239BAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EBAD378-C5AA-4156-841E-C80CA8D83ED5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0EE6EAA9-0261-462E-9028-E62F8B2DCD12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{11B6650A-A25B-438D-9E31-EFDB004D2AB2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1F87ADCF-6217-4D75-AE69-0DA9225EF4E2}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs53cd.tmp\symnrt.exe | 
"{2373174F-E26F-4C83-AB34-110E7A2EC4CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{2510C5D4-800C-4770-91B2-13AC391D29B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3031524D-2586-44BA-A935-1B5D03820B12}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{341CDCE8-C0A1-45EC-BD81-5287B72CE6C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{35462FB2-E977-48D7-B435-1AEF7872EB93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{36849C0B-EF2D-450D-828C-32426FF3998B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{36BDE82D-E575-4871-96BA-1FBCDBB46A26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{36FF32C3-C41B-4639-A6C2-14E6DDB371D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{38ADB759-0B97-4CBC-A5C7-C393EBC4170D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{398EC6E3-67BC-408F-8040-0E0969D9B16F}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs58ad.tmp\symnrt.exe | 
"{3EC4AACD-CA60-47ED-98FC-2AC3D589C731}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{3ED140CB-16A6-4D3E-A39E-C08AF510437E}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs1db0.tmp\symnrt.exe | 
"{3EF8E7E9-65A4-416E-A0BE-F773D973BE2B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4FD6604B-B90A-4C04-8DFA-0F8B3C35581E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{5C6E908D-90F5-4484-8B54-AED4C9965415}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs829a.tmp\symnrt.exe | 
"{5D45A12B-0FE8-4199-A2F1-275ACD82BD3E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5EE59D45-8569-474E-969F-9884CEC57290}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{6C36B5EE-AE24-4B9C-A368-E59A04EA98F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E12DF2E-50FF-4452-94C0-69BA6DD43843}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{751B24A2-21AC-4CD4-B24A-C6764A7BBFF1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{752C09EE-1BA2-4522-9CA3-71FCB844FB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{768691BC-2182-49BA-876D-03A526916CA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80BFAC68-3CA6-4EDB-A1DD-45EF7166CBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{968447D6-D49D-4A58-8D29-8DB961136CCE}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs829a.tmp\symnrt.exe | 
"{994AFA8A-7142-4643-9CFB-9B59C522C570}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{9A3BA1B9-909A-4A81-9348-C39D55A0D081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{9A8B4FC3-095F-43A8-BE66-948131A8F1E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{A5DDE404-0C53-49E0-B18F-8C2B22F695D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A880D85B-456E-4B71-AA8F-762A804D51C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{ABCC4D6A-4EE9-42F5-BA2A-046F1CD71B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{ABE6518B-FD6D-4EC2-9171-6793B800AB79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B0A39D6D-BB66-48E1-BE16-DDDF87757A19}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs1db0.tmp\symnrt.exe | 
"{B0A413A6-1D4D-4402-AE5E-419641651125}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B525B185-D85E-47FB-A116-D25807D3EC3F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{BF419916-5F55-44D8-8A10-9FB6904CF619}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{BFD1F3EA-CF50-4A16-87A9-D6811F8C7C79}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C109C479-4D2A-4EDE-A24E-A02F7CF18460}" = protocol=6 | dir=out | app=system | 
"{C282B5CB-7FFB-4108-AC0C-FBF8AFE1F718}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4259C3F-D0F6-4335-9406-AC162D436DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{D74C663E-4346-4411-8079-B579E5C72FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE189351-B284-46C7-B881-76017A0A7A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3591F68-2030-4D60-808A-BFA70EEBFB9E}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs58ad.tmp\symnrt.exe | 
"{E4DFEF55-263E-4626-958B-4DA93942B35E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3354231-850F-4753-A8FD-8634CEFB9624}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{F39FDDDF-4113-489A-A9A4-7BEF10ADCA04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FC55EF38-9070-4E4B-94E7-052762556B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD0FC4BC-39AA-441B-BF30-33629F3620E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"TCP Query User{20B9B3A1-3076-437B-804D-E685BF36D79D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{22AD0804-41A7-4919-900D-AECE50F3E2CC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{9A5827AF-EA59-4A60-9226-ADCB248D21C7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AA223C59-3299-4AFA-A097-2CC7B28EF8C9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032EB049-BDA1-450E-967C-4DB2AC660DAB}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10940C91-59FD-48D4-BE53-1A30A0C3235B}" = AVG 2011
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.02
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows-Treiberpaket - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"AVG" = AVG 2011
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010
"{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010
"{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1500000-0000-0000-0000-074957833700}" = ABBYY Lingvo x5
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BAAE49C1-2844-4614-BCB9-1485569E344D}" = pdfforge Toolbar v6.9
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 2.0.3
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine 
"Dialog Mobile Broadband" = Dialog Mobile Broadband
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.ru-ru" = Microsoft Office Language Pack 2010 - Russian/русский
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Paragon Software Slovoed 7" = Paragon Software Slovoed 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 04:25:38 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 07:43:02 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2013 11:47:34 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 04:35:39 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 21:31:02 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.02.2013 23:27:11 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 12:49:56 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 21:22:04 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.02.2013 10:07:10 | Computer Name = Raquel-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NvXDSync.exe, Version: 7.17.12.6802,
 Zeitstempel: 0x4d962ef2  Name des fehlerhaften Moduls: NVXDApiX.dll, Version: 7.17.12.6802,
 Zeitstempel: 0x4d9632cd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004beff
ID
 des fehlerhaften Prozesses: 0x5fc  Startzeit der fehlerhaften Anwendung: 0x01ce0a519fb99ab8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll
Berichtskennung:
 fcbf0fb4-7778-11e2-bf08-ec55f9ee5b16
 
Error - 15.02.2013 22:21:39 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 06.10.2011 01:26:28 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 06.10.2011 01:26:28 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\start.do
 does not have a Lenovo Digital Signature. The file will be deleted
 
Error - 03.03.2013 09:14:03 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 03.03.2013 09:14:05 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\coova.html
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ System Events ]
Error - 17.01.2013 03:28:05 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Driver Helper Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 20.01.2013 04:08:00 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 NVIDIA Driver Helper Service erreicht.
 
Error - 20.01.2013 04:08:00 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Driver Helper Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 23.01.2013 01:08:43 | Computer Name = Raquel-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 23.01.2013 12:58:22 | Computer Name = Raquel-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR7 gefunden.
 
Error - 23.01.2013 12:58:23 | Computer Name = Raquel-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR7 gefunden.
 
Error - 24.01.2013 02:03:11 | Computer Name = Raquel-THINK | Source = DCOM | ID = 10005
Description = 
 
Error - 24.01.2013 02:03:11 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 24.01.2013 21:37:11 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 NVIDIA Driver Helper Service erreicht.
 
Error - 24.01.2013 21:37:11 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Driver Helper Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
Dank im voraus für weitere Hilfe!
__________________

Alt 11.03.2013, 15:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 15:49   #5
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hallo Cosinus,

warum Windows professional habe, kann ich nicht mal beantworten. Ich habe den Rechner mit Windows gekauft und mir wurde nicht die Wahl gelassen. Es ist ein Arbeitsrechner, wenn auch mein eigener und nicht von einem Büro.

Ich habe alle Schritte wie beschrieben durchgeführt.

Gmer Log:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-12 19:57:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Raquel\AppData\Local\Temp\kwroipob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                            000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                          00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                          00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                          0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\kernel32.dll!RegSetValueExA                                   00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                               000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                           000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                    000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                             000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                 000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                              000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                            000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\ole32.dll!CoCreateInstance                                    000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                   000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                      000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                    00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                    00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                    0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\kernel32.dll!RegSetValueExA                             00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                         000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                     000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                              000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                       000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                           000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                        000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                      000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                   0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[3132] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                              0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                     000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                     00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                     00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                       00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3584] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                         000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                       00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                       00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                       0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                            000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                                        000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                 000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                          000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                              000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Windows\system32\Dwm.exe[3680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                         000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                               0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                      000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                      00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                      00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                        00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                           000000007525130f 5 bytes JMP 0000000171722450
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                         00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                             0000000075252097 5 bytes JMP 0000000171722520
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                        000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                          000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                               0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000077641465 2 bytes [64, 77]
.text  C:\ProgramData\DatacardService\DCSHelper.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                               000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                               00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                               00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                 00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                 000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                         0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000077641465 2 bytes [64, 77]
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                             000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                             00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                             00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                               00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                       00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                               000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                 000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4376] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                       0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                        0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW               000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx               00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation               00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                 00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                    000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                  00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                      0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                         00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                 000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                   000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                        0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4460] C:\Windows\syswow64\ole32.dll!CoCreateInstance                         0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                       000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                     00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                     00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                     0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\kernel32.dll!RegSetValueExA                                              00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                          000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                      000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                               000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                        000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                            000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                         000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                       000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\ole32.dll!CoCreateInstance                                               000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4716] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                              000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Windows\System32\TpShocks.exe[4728] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\System32\TpShocks.exe[4728] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\System32\TpShocks.exe[4728] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\System32\TpShocks.exe[4728] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\System32\TpShocks.exe[4728] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                           00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                     000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                   00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                   00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                   0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\kernel32.dll!RegSetValueExA                                            00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                        000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                    000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                             000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                      000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                          000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                       000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                     000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                           00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                                   000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\ole32.dll!CoCreateInstance                                                            000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Windows\System32\igfxpers.exe[4812] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                           000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                       000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                       00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                       00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                         00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                 00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                         000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                           000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                 0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000077641465 2 bytes [64, 77]
.text  C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                              0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                     000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                     00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                     00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                       00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                          000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                        00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                            0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                               00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                       000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                         000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                              0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                               0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000077641465 2 bytes [64, 77]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                              0000000074b711a8 2 bytes [B7, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                        0000000074b713a8 2 bytes [B7, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                            0000000074b71422 2 bytes [B7, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                     0000000074b71498 2 bytes [B7, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                          0000000074b81b41 2 bytes [B8, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                          0000000074b81be8 2 bytes [B8, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                          0000000074b81c20 2 bytes [B8, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                          0000000074b81cd2 2 bytes [B8, 74]
.text  C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4852] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                          0000000074b81cf2 2 bytes [B8, 74]
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                    0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                           000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                           00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                           00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                             00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                              00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                  0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                     00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                             000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                               000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                    0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Windows\vsnpstd3.exe[4940] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                     0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                             000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                           00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                           00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                           0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\kernel32.dll!RegSetValueExA                                    00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                            000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                     000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                              000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                  000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                               000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                             000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\ole32.dll!CoCreateInstance                                     000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4984] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                    000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                        0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW               000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx               00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation               00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                 00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                    000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                  00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                      0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                         00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                 000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                   000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                        0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[5024] C:\Windows\syswow64\ole32.dll!CoCreateInstance                         0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                    000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                  00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                  00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                  0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\kernel32.dll!RegSetValueExA                           00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                       000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                   000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                            000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                     000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                         000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                      000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[5100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                    000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                   0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                          000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                          00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                          00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                            00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                               000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                             00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                 0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                    00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                            000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                              000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                   0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Windows\FixCamera.exe[3972] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                    0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                    0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                           000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                           00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                           00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                             00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                              00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                  0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                     00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                             000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Windows\tsnpstd3.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                               000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                              0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                     000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                     00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                     00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                       00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                          000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                        00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                            0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                               00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                       000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                         000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                              0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\ole32.dll!CoCreateInstance                               0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                         0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                  00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                     000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                   00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                       0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                          00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                  000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                    000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                         0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe[4608] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                          0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\kernel32.dll!RegSetValueExA              0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW     000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx     00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation     00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW       00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW          000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW        00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW            0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary               00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList       000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo         000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                       000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                     00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                     00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                     0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\kernel32.dll!RegSetValueExA                                              00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                          000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                      000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                               000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                        000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                            000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                         000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                       000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\ole32.dll!CoCreateInstance                                               000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5172] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                              000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                              00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                              00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                              0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\kernel32.dll!RegSetValueExA                                       00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                   000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                               000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                        000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                 000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                     000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                  000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe[5232] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                     000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                   00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                   00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                   0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                            00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                        000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                                    000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                             000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                      000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                          000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                       000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Windows\SysWOW64\ResStub.exe[6000] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                     000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                  0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                         000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                         00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                         00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                           00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                              000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                            00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                   00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                           000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                             000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                  0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                   0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000077641465 2 bytes [64, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000077641465 2 bytes [64, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                               000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                               00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                               00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                 00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                 000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                         0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000077641465 2 bytes [64, 77]
.text  C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                             000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                             00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                             00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                               00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  000000007525130f 5 bytes JMP 0000000171722450
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000075252097 5 bytes JMP 0000000171722520
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                       00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                               000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                 000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                       0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000077641465 2 bytes [64, 77]
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[5984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[5984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                             000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[5984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[5984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[5984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                      000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                    00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                    00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                    0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\kernel32.dll!RegSetValueExA                             00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                         000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                     000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                              000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                       000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                           000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                        000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                      000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\ole32.dll!CoCreateInstance                              000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[2992] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                             000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                       000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                   000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                            000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                     000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                         000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                      000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6300] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                    000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW           000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx         00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation         00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW         0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\kernel32.dll!RegSetValueExA                  00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo             000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList           000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\ole32.dll!CoCreateInstance                   000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe[6652] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                  000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                     0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW            000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx            00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation            00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW              00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                 000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW               00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                   0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                      00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList              000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                     0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\ole32.dll!CoCreateInstance                      0000000074f39d0b 5 bytes JMP 0000000171721c70
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000077641465 2 bytes [64, 77]
.text  C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000077641465 2 bytes [64, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000776414bb 2 bytes [64, 77]
.text  ...                                                                                                                                              * 2
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                     000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                   00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                   00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                   0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                            00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                        000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                                    000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                             000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                      000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                          000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                       000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                     000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\ole32.dll!CoCreateInstance                                                             000007fefea77490 11 bytes JMP 000007fffd0c0228
.text  C:\Windows\system32\taskeng.exe[6504] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                            000007fefea8bf00 7 bytes JMP 000007fffd0c0260
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    000000007725efc0 5 bytes JMP 000000016fff0148
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000772899a0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000772994c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  0000000077299630 5 bytes JMP 000000016fff0110
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                           00000000772ba4f0 7 bytes JMP 000000016fff01b8
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefd113450 1 byte JMP 000007fffd0c00d8
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2                                                   000007fefd113452 5 bytes {JMP 0xfffffffffffacc88}
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefd119180 5 bytes JMP 000007fffd0c0180
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefd119320 5 bytes JMP 000007fffd0c0110
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefd11c5e0 6 bytes JMP 000007fffd0c0148
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefe7289e0 8 bytes JMP 000007fffd0c01f0
.text  C:\Windows\System32\dinotify.exe[6680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefe72be40 8 bytes JMP 000007fffd0c01b8
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                 0000000075151411 7 bytes JMP 0000000171721e90
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                        000000007516b203 5 bytes JMP 0000000171721da0
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        00000000751e88dc 7 bytes JMP 0000000171721d90
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                        00000000751e8961 5 bytes JMP 0000000171721e80
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          00000000751e8cb7 5 bytes JMP 0000000171721e10
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             000000007525130f 5 bytes JMP 0000000171722450
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                           00000000752513bd 5 bytes JMP 00000001717224b0
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000075252097 5 bytes JMP 0000000171722520
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  00000000752522fd 5 bytes JMP 0000000171722620
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          000000007554e9a2 5 bytes JMP 0000000171721a00
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            000000007554ebdc 5 bytes JMP 0000000171721a90
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                 0000000074f05ea5 5 bytes JMP 0000000171721ce0
.text  C:\Users\Raquel\Desktop\gmer_2.1.19155.exe[1792] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                  0000000074f39d0b 5 bytes JMP 0000000171721c70

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9ee5b16                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9ee5b16 (not active ControlSet)                                                  

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
Malwarebytes Anti-rootkit, erster Durchlauf:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raquel :: RAQUEL-THINK [administrator]

12.03.2013 20:23:05
mbar-log-2013-03-12 (20-23-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31231
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\Raquel\LOCALS~1\Temp\msakou.cmd -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\Raquel\LOCALS~1\Temp\msakou.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Malwarebytes Anti rootkit, zweiter Durchlauf, nach RE-booten:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raquel :: RAQUEL-THINK [administrator]

12.03.2013 20:56:37
mbar-log-2013-03-12 (20-56-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31220
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Bin ich den Virus nun los?

Muss ich nun was rückgängig machen, was ich mit defogger oder OTL abgeschaltet habe? (bitte entschuldige die ungenaue Frage - ich habe nicht recht verstanden, was die Programme gemacht haben). Gibt es eine Möglichkeit, meine externe Festplatte,wieder zu verwenden, ohne den Virus wieder auf dem REchner zu haben? Wenn ja, wie komme ich an die Daten? Es erschien ja zumächst nur eine Verknüpfung zur Festplatte selbst, die nach Verschieben von Dateien in Quarantäre nicht mehr zu öffnen war. Vielen Dank!


Alt 12.03.2013, 16:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind

Alt 13.03.2013, 01:00   #7
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Bevor ich mich an die nächsten Schritte mache noch eine Frage: kann ich die externe Festplatte bei den genzen Schritten miteinbeziehen? Oder kann ich, wenn überhaupt möglich, eine Reinigung der Platte und Wiederherstellung der Daten erst im Anschluss an die von Dir beschriebenen Schritte angehen?
Vielen, vielen Dank!

Alt 13.03.2013, 09:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hm, ich denke ich es reicht wenn du die externen Datenträger anschließt wenn wir fast durch sind, also die Kontrollscans mit MBAM und ESET kommen, das aber später
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 23:56   #9
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Ich hab mehrfach versucht, aswMBR.exe laufen zu lassen, aber das Programm stürzt immer ab.

Bei
C.\windows\assembly\GAC_MSIL\microsoft.visualstudio.Tools.Applications
kommt die Meldung, dass das Programm nicht mehr funktioniert und nach einer Lösung gesucht wird.

Bei einem Durchlauf ist windows komplett abgestürzt.

Die vorhergehenden Schritte habe ich durchgeführt:
download der aktuellen Virendefinition, abschelten der Internetverbindung und abschalten meines Virenschutzprogrammes.

TDSSKiller habe ich noch nicht laufen lassen, da ich annahm, die Reihehenfolge der Programme könnte wichtig sein.

Alt 14.03.2013, 14:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.03.2013, 00:20   #11
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Danke, so hat es geklappt!
Hier der Log des aswMBR scans:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 22:19:03
-----------------------------
22:19:03.943    OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:03.943    Number of processors: 4 586 0x2A07
22:19:03.943    ComputerName: RAQUEL-THINK  UserName: Raquel
22:19:06.875    Initialize success
22:19:16.033    AVAST engine defs: 13031300
22:22:38.903    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:22:38.918    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:22:38.949    Disk 0 MBR read successfully
22:22:38.949    Disk 0 MBR scan
22:22:38.965    Disk 0 unknown MBR code
22:22:38.981    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
22:22:38.996    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459737 MB offset 2459648
22:22:39.043    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16000 MB offset 944003072
22:22:39.090    Disk 0 scanning C:\Windows\system32\drivers
22:22:52.459    Service scanning
22:23:17.216    Modules scanning
22:23:17.232    Disk 0 trace - called modules:
22:23:17.294    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
22:23:17.809    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cb060]
22:23:17.809    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003ca6320]
22:23:17.825    5 ACPI.sys[fffff88000ed67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ad0050]
22:23:17.825    Scan finished successfully
22:23:35.172    Disk 0 MBR has been saved successfully to "C:\Users\Raquel\Desktop\MBR.dat"
22:23:35.172    The log file has been saved successfully to "C:\Users\Raquel\Desktop\aswMBR_14.03.13.txt"
         
und des TDSSKiller scans:
Code:
ATTFilter
07:11:01.0359 2156  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:11:01.0390 2156  ============================================================
07:11:01.0390 2156  Current date / time: 2013/03/15 07:11:01.0390
07:11:01.0390 2156  SystemInfo:
07:11:01.0390 2156  
07:11:01.0390 2156  OS Version: 6.1.7601 ServicePack: 1.0
07:11:01.0390 2156  Product type: Workstation
07:11:01.0390 2156  ComputerName: RAQUEL-THINK
07:11:01.0390 2156  UserName: Raquel
07:11:01.0390 2156  Windows directory: C:\Windows
07:11:01.0390 2156  System windows directory: C:\Windows
07:11:01.0390 2156  Running under WOW64
07:11:01.0390 2156  Processor architecture: Intel x64
07:11:01.0390 2156  Number of processors: 4
07:11:01.0390 2156  Page size: 0x1000
07:11:01.0390 2156  Boot type: Normal boot
07:11:01.0390 2156  ============================================================
07:11:01.0843 2156  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:11:01.0858 2156  ============================================================
07:11:01.0858 2156  \Device\Harddisk0\DR0:
07:11:01.0858 2156  MBR partitions:
07:11:01.0858 2156  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
07:11:01.0858 2156  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x381ECFF8
07:11:01.0858 2156  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
07:11:01.0858 2156  ============================================================
07:11:01.0874 2156  C: <-> \Device\Harddisk0\DR0\Partition2
07:11:01.0921 2156  Q: <-> \Device\Harddisk0\DR0\Partition3
07:11:01.0921 2156  ============================================================
07:11:01.0921 2156  Initialize success
07:11:01.0921 2156  ============================================================
07:11:14.0026 0256  ============================================================
07:11:14.0042 0256  Scan started
07:11:14.0042 0256  Mode: Manual; SigCheck; TDLFS; 
07:11:14.0042 0256  ============================================================
07:11:14.0510 0256  ================ Scan system memory ========================
07:11:14.0510 0256  System memory - ok
07:11:14.0510 0256  ================ Scan services =============================
07:11:14.0666 0256  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:11:14.0837 0256  1394ohci - ok
07:11:14.0884 0256  [ FE2ED67C35700FEFD3FA0916AC82215D ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
07:11:14.0962 0256  5U877 - ok
07:11:15.0103 0256  [ 079DCB269B6236CA57C7C8AFD62CAE00 ] ABBYY.Licensing.Lingvo.Desktop.15.0 C:\Program Files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe
07:11:15.0165 0256  ABBYY.Licensing.Lingvo.Desktop.15.0 - ok
07:11:15.0227 0256  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:11:15.0259 0256  ACPI - ok
07:11:15.0337 0256  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:11:15.0430 0256  AcpiPmi - ok
07:11:15.0524 0256  [ A517CDE8710262981CEB233EE569BE75 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
07:11:15.0539 0256  AcPrfMgrSvc - ok
07:11:15.0586 0256  [ 312B232B7B9E7C2710FD784F4B2D08AE ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
07:11:15.0617 0256  AcSvc - ok
07:11:15.0664 0256  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
07:11:15.0711 0256  adfs - ok
07:11:15.0805 0256  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:11:15.0836 0256  AdobeARMservice - ok
07:11:15.0929 0256  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:11:15.0961 0256  AdobeFlashPlayerUpdateSvc - ok
07:11:16.0007 0256  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:11:16.0054 0256  adp94xx - ok
07:11:16.0085 0256  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:11:16.0117 0256  adpahci - ok
07:11:16.0132 0256  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:11:16.0163 0256  adpu320 - ok
07:11:16.0179 0256  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:11:16.0366 0256  AeLookupSvc - ok
07:11:16.0429 0256  [ D5B031C308A409A0A576BFF4CF083D30 ] AFD             C:\Windows\system32\drivers\afd.sys
07:11:16.0522 0256  AFD - ok
07:11:16.0553 0256  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:11:16.0585 0256  agp440 - ok
07:11:16.0616 0256  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
07:11:16.0709 0256  ALG - ok
07:11:16.0709 0256  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:11:16.0741 0256  aliide - ok
07:11:16.0741 0256  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:11:16.0772 0256  amdide - ok
07:11:16.0772 0256  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:11:16.0850 0256  AmdK8 - ok
07:11:16.0881 0256  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:11:16.0928 0256  AmdPPM - ok
07:11:16.0990 0256  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:11:17.0006 0256  amdsata - ok
07:11:17.0037 0256  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:11:17.0068 0256  amdsbs - ok
07:11:17.0099 0256  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:11:17.0115 0256  amdxata - ok
07:11:17.0131 0256  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
07:11:17.0365 0256  AppID - ok
07:11:17.0380 0256  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:11:17.0489 0256  AppIDSvc - ok
07:11:17.0521 0256  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
07:11:17.0614 0256  Appinfo - ok
07:11:17.0708 0256  [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
07:11:17.0755 0256  Application Updater - ok
07:11:17.0770 0256  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:11:17.0848 0256  AppMgmt - ok
07:11:17.0864 0256  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
07:11:22.0856 0256  arc - ok
07:11:22.0965 0256  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:11:22.0965 0256  arcsas - ok
07:11:22.0981 0256  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:11:23.0043 0256  AsyncMac - ok
07:11:23.0059 0256  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
07:11:23.0074 0256  atapi - ok
07:11:23.0105 0256  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:11:23.0230 0256  AudioEndpointBuilder - ok
07:11:23.0261 0256  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:11:23.0324 0256  AudioSrv - ok
07:11:23.0542 0256  [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
07:11:23.0651 0256  AVGIDSAgent - ok
07:11:23.0683 0256  [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
07:11:23.0698 0256  AVGIDSDriver - ok
07:11:23.0729 0256  [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH        C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
07:11:23.0761 0256  AVGIDSEH - ok
07:11:23.0761 0256  [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter    C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
07:11:23.0792 0256  AVGIDSFilter - ok
07:11:23.0823 0256  [ 5D9D7009EDA9338F286730390DBEB5B6 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
07:11:23.0854 0256  Avgldx64 - ok
07:11:23.0885 0256  [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
07:11:23.0901 0256  Avgmfx64 - ok
07:11:23.0932 0256  [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
07:11:23.0948 0256  Avgrkx64 - ok
07:11:23.0979 0256  [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
07:11:24.0010 0256  Avgtdia - ok
07:11:24.0041 0256  [ FC2BC51120A945F7C70376495E4E7737 ] avgwd           C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
07:11:24.0073 0256  avgwd - ok
07:11:24.0119 0256  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:11:24.0229 0256  AxInstSV - ok
07:11:24.0275 0256  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:11:24.0338 0256  b06bdrv - ok
07:11:24.0353 0256  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:11:24.0416 0256  b57nd60a - ok
07:11:24.0525 0256  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
07:11:24.0556 0256  BBSvc - ok
07:11:24.0572 0256  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
07:11:24.0603 0256  BBUpdate - ok
07:11:24.0634 0256  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:11:24.0697 0256  BDESVC - ok
07:11:24.0728 0256  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:11:24.0806 0256  Beep - ok
07:11:24.0853 0256  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
07:11:24.0977 0256  BFE - ok
07:11:25.0024 0256  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
07:11:25.0149 0256  BITS - ok
07:11:25.0196 0256  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:11:25.0243 0256  blbdrive - ok
07:11:25.0289 0256  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:11:25.0352 0256  bowser - ok
07:11:25.0383 0256  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:11:25.0445 0256  BrFiltLo - ok
07:11:25.0445 0256  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:11:25.0477 0256  BrFiltUp - ok
07:11:25.0523 0256  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
07:11:25.0617 0256  Browser - ok
07:11:25.0633 0256  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:11:25.0711 0256  Brserid - ok
07:11:25.0711 0256  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:11:25.0757 0256  BrSerWdm - ok
07:11:25.0757 0256  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:11:25.0789 0256  BrUsbMdm - ok
07:11:25.0804 0256  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:11:25.0820 0256  BrUsbSer - ok
07:11:25.0882 0256  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
07:11:25.0960 0256  BthEnum - ok
07:11:25.0991 0256  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:11:26.0038 0256  BTHMODEM - ok
07:11:26.0085 0256  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:11:26.0147 0256  BthPan - ok
07:11:26.0179 0256  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
07:11:26.0257 0256  BTHPORT - ok
07:11:26.0288 0256  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
07:11:26.0366 0256  bthserv - ok
07:11:26.0381 0256  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
07:11:26.0444 0256  BTHUSB - ok
07:11:26.0491 0256  [ 8834F87A6A745872894DF8223201A6C3 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
07:11:26.0522 0256  BTWAMPFL - ok
07:11:26.0522 0256  [ 9863D82ECBEC6106D377ED73680D99D8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
07:11:26.0553 0256  btwaudio - ok
07:11:26.0569 0256  [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
07:11:26.0584 0256  btwavdt - ok
07:11:26.0662 0256  [ EB4AFE08FB39BB444F221D7D501E0915 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
07:11:26.0709 0256  btwdins - ok
07:11:26.0740 0256  [ 382DC5A631CED0462EA09B7EB898BDBF ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
07:11:26.0771 0256  btwl2cap - ok
07:11:26.0787 0256  [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
07:11:26.0803 0256  btwrchid - ok
07:11:26.0834 0256  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:11:26.0959 0256  cdfs - ok
07:11:27.0005 0256  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:11:27.0052 0256  cdrom - ok
07:11:27.0083 0256  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:11:27.0177 0256  CertPropSvc - ok
07:11:27.0193 0256  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
07:11:27.0224 0256  circlass - ok
07:11:27.0255 0256  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:11:27.0271 0256  CLFS - ok
07:11:27.0349 0256  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:11:27.0364 0256  clr_optimization_v2.0.50727_32 - ok
07:11:27.0427 0256  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:11:27.0442 0256  clr_optimization_v2.0.50727_64 - ok
07:11:27.0489 0256  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:11:27.0520 0256  clr_optimization_v4.0.30319_32 - ok
07:11:27.0551 0256  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:11:27.0567 0256  clr_optimization_v4.0.30319_64 - ok
07:11:27.0614 0256  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:11:27.0661 0256  CmBatt - ok
07:11:27.0707 0256  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:11:27.0723 0256  cmdide - ok
07:11:27.0770 0256  [ D5FEA92400F12412B3922087C09DA6A5 ] CNG             C:\Windows\system32\Drivers\cng.sys
07:11:27.0832 0256  CNG - ok
07:11:27.0910 0256  [ 8DE541B4CFA281A204BAA3EA2109809E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
07:11:27.0973 0256  CnxtHdAudService - ok
07:11:27.0988 0256  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:11:28.0004 0256  Compbatt - ok
07:11:28.0019 0256  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:11:28.0082 0256  CompositeBus - ok
07:11:28.0097 0256  COMSysApp - ok
07:11:28.0129 0256  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:11:28.0160 0256  crcdisk - ok
07:11:28.0207 0256  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:11:28.0300 0256  CryptSvc - ok
07:11:28.0331 0256  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
07:11:28.0441 0256  CSC - ok
07:11:28.0472 0256  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
07:11:28.0550 0256  CscService - ok
07:11:28.0612 0256  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:11:28.0706 0256  DcomLaunch - ok
07:11:28.0737 0256  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
07:11:28.0815 0256  defragsvc - ok
07:11:28.0862 0256  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:11:28.0955 0256  DfsC - ok
07:11:28.0987 0256  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:11:29.0080 0256  Dhcp - ok
07:11:29.0221 0256  [ 9EA47AA97D15BCC50A0F0B78CBD8E768 ] Dialog Mobile Broadband. RunOuc C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe
07:11:29.0252 0256  Dialog Mobile Broadband. RunOuc - ok
07:11:29.0283 0256  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:11:29.0361 0256  discache - ok
07:11:29.0408 0256  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
07:11:29.0408 0256  Disk - ok
07:11:29.0439 0256  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:11:29.0486 0256  dmvsc - ok
07:11:29.0533 0256  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:11:29.0611 0256  Dnscache - ok
07:11:29.0642 0256  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:11:29.0735 0256  dot3svc - ok
07:11:29.0798 0256  [ E6987F7818154791A6937BCC6655599B ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
07:11:29.0845 0256  DozeSvc - ok
07:11:29.0860 0256  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
07:11:29.0969 0256  DPS - ok
07:11:30.0001 0256  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:11:30.0063 0256  drmkaud - ok
07:11:30.0110 0256  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:11:30.0157 0256  DXGKrnl - ok
07:11:30.0172 0256  [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
07:11:30.0188 0256  DzHDD64 - ok
07:11:30.0219 0256  [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
07:11:30.0250 0256  e1cexpress - ok
07:11:30.0266 0256  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
07:11:30.0328 0256  EapHost - ok
07:11:30.0422 0256  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:11:30.0547 0256  ebdrv - ok
07:11:30.0578 0256  [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis       C:\Windows\system32\Drivers\wwuss64.sys
07:11:30.0609 0256  ecnssndis - ok
07:11:30.0625 0256  [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr   C:\Windows\system32\Drivers\wwussf64.sys
07:11:30.0640 0256  ecnssndisfltr - ok
07:11:30.0656 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
07:11:30.0687 0256  EFS - ok
07:11:30.0734 0256  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:11:30.0843 0256  ehRecvr - ok
07:11:30.0859 0256  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
07:11:30.0890 0256  ehSched - ok
07:11:30.0937 0256  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:11:30.0999 0256  elxstor - ok
07:11:30.0999 0256  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:11:31.0030 0256  ErrDev - ok
07:11:31.0077 0256  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
07:11:31.0186 0256  EventSystem - ok
07:11:31.0295 0256  [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:11:31.0389 0256  EvtEng - ok
07:11:31.0436 0256  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
07:11:31.0514 0256  ew_hwusbdev - ok
07:11:31.0545 0256  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
07:11:31.0607 0256  ew_usbenumfilter - ok
07:11:31.0639 0256  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
07:11:31.0717 0256  exfat - ok
07:11:31.0763 0256  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:11:31.0857 0256  fastfat - ok
07:11:31.0919 0256  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
07:11:32.0013 0256  Fax - ok
07:11:32.0029 0256  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
07:11:32.0075 0256  fdc - ok
07:11:32.0107 0256  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:11:32.0216 0256  fdPHost - ok
07:11:32.0247 0256  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:11:32.0341 0256  FDResPub - ok
07:11:32.0372 0256  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:11:32.0387 0256  FileInfo - ok
07:11:32.0387 0256  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:11:32.0465 0256  Filetrace - ok
07:11:32.0543 0256  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:11:32.0575 0256  FLEXnet Licensing Service - ok
07:11:32.0621 0256  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:11:32.0668 0256  FLEXnet Licensing Service 64 - ok
07:11:32.0699 0256  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:11:32.0731 0256  flpydisk - ok
07:11:32.0762 0256  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:11:32.0809 0256  FltMgr - ok
07:11:32.0855 0256  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
07:11:32.0965 0256  FontCache - ok
07:11:33.0011 0256  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:11:33.0027 0256  FontCache3.0.0.0 - ok
07:11:33.0043 0256  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:11:33.0074 0256  FsDepends - ok
07:11:33.0089 0256  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:11:33.0105 0256  Fs_Rec - ok
07:11:33.0121 0256  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:11:33.0167 0256  fvevol - ok
07:11:33.0183 0256  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:11:33.0214 0256  gagp30kx - ok
07:11:33.0261 0256  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
07:11:33.0355 0256  gpsvc - ok
07:11:33.0401 0256  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:11:33.0401 0256  gupdate - ok
07:11:33.0433 0256  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:11:33.0448 0256  gupdatem - ok
07:11:33.0495 0256  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:11:33.0511 0256  gusvc - ok
07:11:33.0526 0256  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:11:33.0589 0256  hcw85cir - ok
07:11:33.0620 0256  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:11:33.0682 0256  HdAudAddService - ok
07:11:33.0713 0256  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:11:33.0776 0256  HDAudBus - ok
07:11:33.0791 0256  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:11:33.0823 0256  HidBatt - ok
07:11:33.0838 0256  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:11:33.0885 0256  HidBth - ok
07:11:33.0901 0256  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:11:33.0932 0256  HidIr - ok
07:11:33.0979 0256  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
07:11:34.0057 0256  hidserv - ok
07:11:34.0088 0256  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:11:34.0103 0256  HidUsb - ok
07:11:34.0135 0256  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:11:34.0228 0256  hkmsvc - ok
07:11:34.0244 0256  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:11:34.0275 0256  HomeGroupListener - ok
07:11:34.0291 0256  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:11:34.0337 0256  HomeGroupProvider - ok
07:11:34.0353 0256  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:11:34.0369 0256  HpSAMD - ok
07:11:34.0415 0256  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:11:34.0540 0256  HTTP - ok
07:11:34.0587 0256  [ 3B33B06D9A60CC8869CC280DAA36E414 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
07:11:34.0665 0256  huawei_cdcacm - ok
07:11:34.0696 0256  [ 871DE49EFF65CEABF15415F93148DF5A ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
07:11:34.0774 0256  huawei_enumerator - ok
07:11:34.0805 0256  [ 1EC67C791D2D3EAE203B5F2CBFFE867C ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
07:11:34.0837 0256  huawei_ext_ctrl - ok
07:11:34.0883 0256  [ 6DF7633CD4665BC6A1B3572751B8D260 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
07:11:34.0930 0256  huawei_wwanecm - ok
07:11:35.0024 0256  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
07:11:35.0055 0256  HWDeviceService64.exe - ok
07:11:35.0055 0256  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:11:35.0071 0256  hwpolicy - ok
07:11:35.0133 0256  [ 9149907FF8681AD6475607EEBF62DD2F ] HyperW7Svc      C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
07:11:35.0149 0256  HyperW7Svc - ok
07:11:35.0180 0256  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:11:35.0195 0256  i8042prt - ok
07:11:35.0242 0256  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
07:11:35.0273 0256  iaStor - ok
07:11:35.0320 0256  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:11:35.0336 0256  iaStorV - ok
07:11:35.0383 0256  [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
07:11:35.0383 0256  IBMPMDRV - ok
07:11:35.0398 0256  [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
07:11:35.0398 0256  IBMPMSVC - ok
07:11:35.0461 0256  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:11:35.0523 0256  idsvc - ok
07:11:35.0773 0256  [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:11:36.0147 0256  igfx - ok
07:11:36.0178 0256  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:11:36.0194 0256  iirsp - ok
07:11:36.0256 0256  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
07:11:36.0381 0256  IKEEXT - ok
07:11:36.0381 0256  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
07:11:36.0397 0256  intelide - ok
07:11:36.0428 0256  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:11:36.0475 0256  intelppm - ok
07:11:36.0490 0256  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:11:36.0568 0256  IPBusEnum - ok
07:11:36.0599 0256  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:11:36.0646 0256  IpFilterDriver - ok
07:11:36.0662 0256  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:11:36.0724 0256  iphlpsvc - ok
07:11:36.0740 0256  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:11:36.0755 0256  IPMIDRV - ok
07:11:36.0755 0256  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:11:36.0818 0256  IPNAT - ok
07:11:36.0833 0256  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:11:36.0896 0256  IRENUM - ok
07:11:36.0911 0256  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:11:36.0927 0256  isapnp - ok
07:11:36.0958 0256  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:11:36.0989 0256  iScsiPrt - ok
07:11:37.0052 0256  [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
07:11:37.0083 0256  jhi_service - ok
07:11:37.0099 0256  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:11:37.0114 0256  kbdclass - ok
07:11:37.0161 0256  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
07:11:37.0192 0256  kbdhid - ok
07:11:37.0223 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
07:11:37.0255 0256  KeyIso - ok
07:11:37.0270 0256  [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:11:37.0286 0256  KSecDD - ok
07:11:37.0301 0256  [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:11:37.0333 0256  KSecPkg - ok
07:11:37.0348 0256  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:11:37.0411 0256  ksthunk - ok
07:11:37.0457 0256  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:11:37.0551 0256  KtmRm - ok
07:11:37.0598 0256  [ 0FEF994D890C92D8F23442BC52D4FEA9 ] l36wgps         C:\Windows\system32\DRIVERS\l36wgps64.sys
07:11:37.0613 0256  l36wgps - ok
07:11:37.0629 0256  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:11:37.0723 0256  LanmanServer - ok
07:11:37.0754 0256  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:11:37.0847 0256  LanmanWorkstation - ok
07:11:37.0894 0256  [ 45675FFF153ADB349B74D1D5878BD33A ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
07:11:37.0910 0256  LENOVO.CAMMUTE - ok
07:11:37.0957 0256  [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
07:11:37.0972 0256  LENOVO.MICMUTE - ok
07:11:37.0988 0256  [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
07:11:38.0019 0256  lenovo.smi - ok
07:11:38.0050 0256  [ 25D2AAFF167F435227148AAA77A79863 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
07:11:38.0066 0256  LENOVO.TPKNRSVC - ok
07:11:38.0081 0256  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
07:11:38.0097 0256  Lenovo.VIRTSCRLSVC - ok
07:11:38.0128 0256  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:11:38.0237 0256  lltdio - ok
07:11:38.0253 0256  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:11:38.0315 0256  lltdsvc - ok
07:11:38.0331 0256  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:11:38.0440 0256  lmhosts - ok
07:11:38.0471 0256  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:11:38.0503 0256  LSI_FC - ok
07:11:38.0549 0256  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:11:38.0581 0256  LSI_SAS - ok
07:11:38.0581 0256  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:11:38.0612 0256  LSI_SAS2 - ok
07:11:38.0627 0256  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:11:38.0643 0256  LSI_SCSI - ok
07:11:38.0674 0256  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
07:11:38.0752 0256  luafv - ok
07:11:38.0768 0256  lxdu_device - ok
07:11:38.0830 0256  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:11:38.0846 0256  MBAMProtector - ok
07:11:38.0908 0256  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:11:38.0924 0256  MBAMScheduler - ok
07:11:38.0955 0256  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:11:38.0986 0256  MBAMService - ok
07:11:39.0017 0256  [ 0845DA0BFF1AF5C57DE4DD97ACAF2FCD ] Mbm3CBus        C:\Windows\system32\DRIVERS\Mbm3CBus.sys
07:11:39.0033 0256  Mbm3CBus - ok
07:11:39.0064 0256  [ DB6FA599AA79324E287C4EAF6020DA37 ] Mbm3DevMt       C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
07:11:39.0080 0256  Mbm3DevMt - ok
07:11:39.0095 0256  [ 2F71EDB697752D409B9983F0E1D88F70 ] Mbm3mdfl        C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
07:11:39.0111 0256  Mbm3mdfl - ok
07:11:39.0127 0256  [ 21B412A36DE3CCFE4E13383B88CFC90C ] Mbm3Mdm         C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
07:11:39.0158 0256  Mbm3Mdm - ok
07:11:39.0251 0256  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
07:11:39.0283 0256  McComponentHostService - ok
07:11:39.0314 0256  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:11:39.0376 0256  Mcx2Svc - ok
07:11:39.0423 0256  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:11:39.0439 0256  megasas - ok
07:11:39.0470 0256  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:11:39.0501 0256  MegaSR - ok
07:11:39.0532 0256  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
07:11:39.0548 0256  MEIx64 - ok
07:11:39.0563 0256  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
07:11:39.0657 0256  MMCSS - ok
07:11:39.0688 0256  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
07:11:39.0735 0256  Modem - ok
07:11:39.0766 0256  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:11:39.0829 0256  monitor - ok
07:11:39.0860 0256  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:11:39.0875 0256  mouclass - ok
07:11:39.0907 0256  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:11:39.0969 0256  mouhid - ok
07:11:40.0000 0256  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:11:40.0031 0256  mountmgr - ok
07:11:40.0063 0256  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:11:40.0094 0256  mpio - ok
07:11:40.0125 0256  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:11:40.0187 0256  mpsdrv - ok
07:11:40.0219 0256  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:11:40.0343 0256  MpsSvc - ok
07:11:40.0375 0256  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:11:40.0437 0256  MRxDAV - ok
07:11:40.0468 0256  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:11:40.0531 0256  mrxsmb - ok
07:11:40.0577 0256  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:11:40.0609 0256  mrxsmb10 - ok
07:11:40.0655 0256  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:11:40.0687 0256  mrxsmb20 - ok
07:11:40.0702 0256  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:11:40.0733 0256  msahci - ok
07:11:40.0749 0256  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:11:40.0780 0256  msdsm - ok
07:11:40.0796 0256  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
07:11:40.0843 0256  MSDTC - ok
07:11:40.0889 0256  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:11:40.0967 0256  Msfs - ok
07:11:40.0999 0256  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:11:41.0092 0256  mshidkmdf - ok
07:11:41.0108 0256  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:11:41.0108 0256  msisadrv - ok
07:11:41.0139 0256  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:11:41.0186 0256  MSiSCSI - ok
07:11:41.0186 0256  msiserver - ok
07:11:41.0217 0256  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:11:41.0311 0256  MSKSSRV - ok
07:11:41.0342 0256  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:11:41.0404 0256  MSPCLOCK - ok
07:11:41.0404 0256  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:11:41.0435 0256  MSPQM - ok
07:11:41.0467 0256  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:11:41.0482 0256  MsRPC - ok
07:11:41.0482 0256  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:11:41.0498 0256  mssmbios - ok
07:11:41.0513 0256  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:11:41.0545 0256  MSTEE - ok
07:11:41.0560 0256  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:11:41.0591 0256  MTConfig - ok
07:11:41.0607 0256  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:11:41.0623 0256  Mup - ok
07:11:41.0654 0256  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
07:11:41.0747 0256  napagent - ok
07:11:41.0763 0256  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:11:41.0810 0256  NativeWifiP - ok
07:11:41.0857 0256  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:11:41.0903 0256  NDIS - ok
07:11:41.0919 0256  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:11:41.0966 0256  NdisCap - ok
07:11:41.0981 0256  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:11:42.0013 0256  NdisTapi - ok
07:11:42.0044 0256  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:11:42.0075 0256  Ndisuio - ok
07:11:42.0091 0256  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:11:42.0137 0256  NdisWan - ok
07:11:42.0169 0256  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:11:42.0215 0256  NDProxy - ok
07:11:42.0215 0256  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:11:42.0293 0256  NetBIOS - ok
07:11:42.0325 0256  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:11:42.0387 0256  NetBT - ok
07:11:42.0387 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
07:11:42.0403 0256  Netlogon - ok
07:11:42.0434 0256  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
07:11:42.0527 0256  Netman - ok
07:11:42.0559 0256  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
07:11:42.0652 0256  netprofm - ok
07:11:42.0683 0256  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:11:42.0699 0256  NetTcpPortSharing - ok
07:11:42.0902 0256  [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
07:11:43.0151 0256  NETwNs64 - ok
07:11:43.0198 0256  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:11:43.0214 0256  nfrd960 - ok
07:11:43.0261 0256  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:11:43.0370 0256  NlaSvc - ok
07:11:43.0385 0256  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:11:43.0448 0256  Npfs - ok
07:11:43.0463 0256  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
07:11:43.0557 0256  nsi - ok
07:11:43.0588 0256  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:11:43.0619 0256  nsiproxy - ok
07:11:43.0697 0256  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:11:43.0791 0256  Ntfs - ok
07:11:43.0807 0256  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
07:11:43.0885 0256  Null - ok
07:11:44.0181 0256  [ C20C177B66361D1B5B9283F120C8C5C4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:11:44.0384 0256  nvlddmkm - ok
07:11:44.0399 0256  [ A292058FDD4790C7FE8EDCAB5F069F0A ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
07:11:44.0399 0256  nvpciflt - ok
07:11:44.0462 0256  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:11:44.0477 0256  nvraid - ok
07:11:44.0509 0256  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:11:44.0540 0256  nvstor - ok
07:11:44.0587 0256  [ 6BF7D05E382DD25EE99CAF5362D09145 ] NVSvc           C:\Windows\system32\nvvsvc.exe
07:11:44.0665 0256  NVSvc - ok
07:11:44.0758 0256  [ 90D6837BB1AF2EAEB300EEEA2BF402FD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
07:11:44.0821 0256  nvUpdatusService - ok
07:11:44.0867 0256  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:11:44.0899 0256  nv_agp - ok
07:11:44.0914 0256  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:11:44.0945 0256  ohci1394 - ok
07:11:45.0008 0256  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:11:45.0039 0256  ose - ok
07:11:45.0179 0256  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:11:45.0367 0256  osppsvc - ok
07:11:45.0382 0256  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:11:45.0445 0256  p2pimsvc - ok
07:11:45.0476 0256  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:11:45.0523 0256  p2psvc - ok
07:11:45.0554 0256  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
07:11:45.0585 0256  Parport - ok
07:11:45.0601 0256  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:11:45.0632 0256  partmgr - ok
07:11:45.0632 0256  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:11:45.0694 0256  PcaSvc - ok
07:11:45.0772 0256  [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
07:11:45.0819 0256  PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
07:11:45.0850 0256  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
07:11:45.0881 0256  pci - ok
07:11:45.0897 0256  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
07:11:45.0928 0256  pciide - ok
07:11:45.0944 0256  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:11:45.0975 0256  pcmcia - ok
07:11:46.0006 0256  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:11:46.0022 0256  pcw - ok
07:11:46.0053 0256  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:11:46.0193 0256  PEAUTH - ok
07:11:46.0240 0256  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:11:46.0334 0256  PeerDistSvc - ok
07:11:46.0412 0256  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:11:46.0459 0256  PerfHost - ok
07:11:46.0490 0256  [ 18EEA095AF22AC5FA16FC27FB98C82D3 ] PHCORE          C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
07:11:46.0506 0256  PHCORE - ok
07:11:46.0552 0256  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
07:11:46.0677 0256  pla - ok
07:11:46.0724 0256  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:11:46.0786 0256  PlugPlay - ok
07:11:46.0833 0256  [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
07:11:46.0864 0256  pmxdrv - ok
07:11:46.0880 0256  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:11:46.0927 0256  PNRPAutoReg - ok
07:11:46.0974 0256  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:11:47.0005 0256  PNRPsvc - ok
07:11:47.0036 0256  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:11:47.0114 0256  PolicyAgent - ok
07:11:47.0145 0256  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
07:11:47.0208 0256  Power - ok
07:11:47.0254 0256  [ AF7186CF9909BEF0D86097175175178F ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
07:11:47.0270 0256  Power Manager DBC Service - ok
07:11:47.0301 0256  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:11:47.0395 0256  PptpMiniport - ok
07:11:47.0410 0256  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
07:11:47.0442 0256  Processor - ok
07:11:47.0488 0256  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
07:11:47.0566 0256  ProfSvc - ok
07:11:47.0582 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
07:11:47.0598 0256  ProtectedStorage - ok
07:11:47.0613 0256  [ A70AD30223866947E39BC221DF4C2306 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
07:11:47.0629 0256  psadd - ok
07:11:47.0644 0256  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:11:47.0754 0256  Psched - ok
07:11:47.0800 0256  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
07:11:47.0832 0256  PSI_SVC_2 - ok
07:11:47.0910 0256  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:11:47.0988 0256  ql2300 - ok
07:11:47.0988 0256  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:11:48.0003 0256  ql40xx - ok
07:11:48.0034 0256  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
07:11:48.0066 0256  QWAVE - ok
07:11:48.0081 0256  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:11:48.0097 0256  QWAVEdrv - ok
07:11:48.0112 0256  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:11:48.0159 0256  RasAcd - ok
07:11:48.0175 0256  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:11:48.0206 0256  RasAgileVpn - ok
07:11:48.0222 0256  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
07:11:48.0268 0256  RasAuto - ok
07:11:48.0300 0256  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:11:48.0346 0256  Rasl2tp - ok
07:11:48.0378 0256  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
07:11:48.0456 0256  RasMan - ok
07:11:48.0456 0256  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:11:48.0518 0256  RasPppoe - ok
07:11:48.0534 0256  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:11:48.0627 0256  RasSstp - ok
07:11:48.0643 0256  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:11:48.0721 0256  rdbss - ok
07:11:48.0736 0256  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:11:48.0752 0256  rdpbus - ok
07:11:48.0752 0256  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:11:48.0799 0256  RDPCDD - ok
07:11:48.0799 0256  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:11:48.0814 0256  RDPDR - ok
07:11:48.0830 0256  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:11:48.0892 0256  RDPENCDD - ok
07:11:48.0908 0256  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:11:48.0970 0256  RDPREFMP - ok
07:11:49.0002 0256  [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:11:49.0033 0256  RDPWD - ok
07:11:49.0064 0256  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:11:49.0080 0256  rdyboost - ok
07:11:49.0111 0256  [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:11:49.0158 0256  RegSrvc - ok
07:11:49.0189 0256  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:11:49.0251 0256  RemoteAccess - ok
07:11:49.0298 0256  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:11:49.0376 0256  RemoteRegistry - ok
07:11:49.0407 0256  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
07:11:49.0438 0256  RFCOMM - ok
07:11:49.0454 0256  [ FF501F212E5D5A97F8339928320F269E ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
07:11:49.0516 0256  risdxc - ok
07:11:49.0532 0256  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:11:49.0610 0256  RpcEptMapper - ok
07:11:49.0641 0256  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
07:11:49.0688 0256  RpcLocator - ok
07:11:49.0735 0256  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
07:11:49.0813 0256  RpcSs - ok
07:11:49.0844 0256  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:11:49.0891 0256  rspndr - ok
07:11:49.0922 0256  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:11:49.0938 0256  s3cap - ok
07:11:49.0953 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
07:11:49.0969 0256  SamSs - ok
07:11:49.0984 0256  SAService - ok
07:11:50.0000 0256  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:11:50.0031 0256  sbp2port - ok
07:11:50.0062 0256  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:11:50.0172 0256  SCardSvr - ok
07:11:50.0203 0256  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:11:50.0296 0256  scfilter - ok
07:11:50.0343 0256  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
07:11:50.0437 0256  Schedule - ok
07:11:50.0452 0256  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:11:50.0499 0256  SCPolicySvc - ok
07:11:50.0499 0256  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:11:50.0577 0256  SDRSVC - ok
07:11:50.0577 0256  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:11:50.0686 0256  secdrv - ok
07:11:50.0702 0256  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
07:11:50.0764 0256  seclogon - ok
07:11:50.0780 0256  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
07:11:50.0874 0256  SENS - ok
07:11:50.0905 0256  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:11:50.0967 0256  SensrSvc - ok
07:11:50.0998 0256  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:11:51.0030 0256  Serenum - ok
07:11:51.0045 0256  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
07:11:51.0061 0256  Serial - ok
07:11:51.0092 0256  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:11:51.0139 0256  sermouse - ok
07:11:51.0170 0256  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:11:51.0279 0256  SessionEnv - ok
07:11:51.0310 0256  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:11:51.0326 0256  sffdisk - ok
07:11:51.0326 0256  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:11:51.0357 0256  sffp_mmc - ok
07:11:51.0357 0256  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:11:51.0404 0256  sffp_sd - ok
07:11:51.0404 0256  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:11:51.0420 0256  sfloppy - ok
07:11:51.0466 0256  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:11:51.0529 0256  SharedAccess - ok
07:11:51.0560 0256  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:11:51.0622 0256  ShellHWDetection - ok
07:11:51.0638 0256  [ E2FC046D4EDABFE3B5EF7DA06406277D ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
07:11:51.0654 0256  Shockprf - ok
07:11:51.0685 0256  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:11:51.0700 0256  SiSRaid2 - ok
07:11:51.0716 0256  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:11:51.0732 0256  SiSRaid4 - ok
07:11:51.0778 0256  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:11:51.0810 0256  SkypeUpdate - ok
07:11:51.0825 0256  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:11:51.0903 0256  Smb - ok
07:11:51.0966 0256  [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
07:11:51.0981 0256  smihlp - ok
07:11:52.0012 0256  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:11:52.0059 0256  SNMPTRAP - ok
07:11:52.0324 0256  [ 884FEDB41C739E0943CDF658FE9B1463 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
07:11:52.0652 0256  SNPSTD3 - ok
07:11:52.0683 0256  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:11:52.0699 0256  spldr - ok
07:11:52.0730 0256  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
07:11:52.0792 0256  Spooler - ok
07:11:52.0886 0256  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
07:11:53.0058 0256  sppsvc - ok
07:11:53.0089 0256  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:11:53.0151 0256  sppuinotify - ok
07:11:53.0182 0256  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:11:53.0276 0256  srv - ok
07:11:53.0307 0256  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:11:53.0354 0256  srv2 - ok
07:11:53.0385 0256  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:11:53.0416 0256  srvnet - ok
07:11:53.0448 0256  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:11:53.0526 0256  SSDPSRV - ok
07:11:53.0541 0256  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:11:53.0572 0256  SstpSvc - ok
07:11:53.0619 0256  [ B6703C13014E0309A71EF38E80D91A8F ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:11:53.0619 0256  Stereo Service - ok
07:11:53.0666 0256  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:11:53.0682 0256  stexstor - ok
07:11:53.0728 0256  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
07:11:53.0822 0256  stisvc - ok
07:11:53.0853 0256  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:11:53.0884 0256  storflt - ok
07:11:53.0884 0256  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
07:11:53.0962 0256  StorSvc - ok
07:11:53.0978 0256  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:11:54.0009 0256  storvsc - ok
07:11:54.0056 0256  [ 266D6BE20B40B7DC0949F5108E838B5E ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
07:11:54.0072 0256  SUService ( UnsignedFile.Multi.Generic ) - warning
07:11:54.0072 0256  SUService - detected UnsignedFile.Multi.Generic (1)
07:11:54.0103 0256  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:11:54.0118 0256  swenum - ok
07:11:54.0134 0256  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
07:11:54.0259 0256  swprv - ok
07:11:54.0337 0256  [ B49FA98AFAD439CD7E33164C3A19BB88 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:11:54.0384 0256  SynTP - ok
07:11:54.0430 0256  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
07:11:54.0540 0256  SysMain - ok
07:11:54.0555 0256  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:11:54.0586 0256  TabletInputService - ok
07:11:54.0602 0256  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:11:54.0664 0256  TapiSrv - ok
07:11:54.0680 0256  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
07:11:54.0711 0256  TBS - ok
07:11:54.0774 0256  [ F0E98C00A09FDF791525829A1D14240F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:11:54.0867 0256  Tcpip - ok
07:11:54.0914 0256  [ F0E98C00A09FDF791525829A1D14240F ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:11:54.0945 0256  TCPIP6 - ok
07:11:54.0976 0256  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:11:55.0054 0256  tcpipreg - ok
07:11:55.0086 0256  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:11:55.0179 0256  TDPIPE - ok
07:11:55.0179 0256  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:11:55.0242 0256  TDTCP - ok
07:11:55.0273 0256  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:11:55.0335 0256  tdx - ok
07:11:55.0351 0256  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:11:55.0351 0256  TermDD - ok
07:11:55.0382 0256  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
07:11:55.0444 0256  TermService - ok
07:11:55.0460 0256  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
07:11:55.0476 0256  Themes - ok
07:11:55.0507 0256  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
07:11:55.0538 0256  THREADORDER - ok
07:11:55.0554 0256  [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
07:11:55.0554 0256  TPDIGIMN - ok
07:11:55.0585 0256  [ F0684C62ED8FD3061CD488ECFC851022 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
07:11:55.0616 0256  TPHDEXLGSVC - ok
07:11:55.0663 0256  [ 63626012E44CAAA162677B57B6DCB542 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
07:11:55.0663 0256  TPHKLOAD - ok
07:11:55.0694 0256  [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
07:11:55.0710 0256  TPHKSVC - ok
07:11:55.0741 0256  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
07:11:55.0788 0256  TPM - ok
07:11:55.0834 0256  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
07:11:55.0850 0256  TPPWRIF - ok
07:11:55.0897 0256  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
07:11:55.0990 0256  TrkWks - ok
07:11:56.0037 0256  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:11:56.0131 0256  TrustedInstaller - ok
07:11:56.0146 0256  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:11:56.0193 0256  tssecsrv - ok
07:11:56.0224 0256  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:11:56.0240 0256  TsUsbFlt - ok
07:11:56.0256 0256  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:11:56.0271 0256  TsUsbGD - ok
07:11:56.0287 0256  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:11:56.0380 0256  tunnel - ok
07:11:56.0412 0256  [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
07:11:56.0427 0256  TVTI2C - ok
07:11:56.0458 0256  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:11:56.0474 0256  uagp35 - ok
07:11:56.0521 0256  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:11:56.0614 0256  udfs - ok
07:11:56.0661 0256  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:11:56.0708 0256  UI0Detect - ok
07:11:56.0770 0256  [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
07:11:56.0802 0256  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
07:11:56.0802 0256  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
07:11:56.0848 0256  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:11:56.0880 0256  uliagpkx - ok
07:11:56.0911 0256  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:11:56.0958 0256  umbus - ok
07:11:56.0958 0256  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:11:56.0989 0256  UmPass - ok
07:11:57.0020 0256  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
07:11:57.0036 0256  UmRdpService - ok
07:11:57.0067 0256  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
07:11:57.0129 0256  upnphost - ok
07:11:57.0176 0256  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:11:57.0238 0256  usbaudio - ok
07:11:57.0270 0256  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:11:57.0348 0256  usbccgp - ok
07:11:57.0379 0256  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:11:57.0426 0256  usbcir - ok
07:11:57.0441 0256  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:11:57.0488 0256  usbehci - ok
07:11:57.0535 0256  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:11:57.0597 0256  usbhub - ok
07:11:57.0628 0256  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:11:57.0660 0256  usbohci - ok
07:11:57.0706 0256  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:11:57.0738 0256  usbprint - ok
07:11:57.0769 0256  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:11:57.0800 0256  usbscan - ok
07:11:57.0816 0256  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:11:57.0862 0256  USBSTOR - ok
07:11:57.0894 0256  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:11:57.0925 0256  usbuhci - ok
07:11:57.0972 0256  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:11:58.0018 0256  usbvideo - ok
07:11:58.0034 0256  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
07:11:58.0128 0256  UxSms - ok
07:11:58.0159 0256  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
07:11:58.0159 0256  VaultSvc - ok
07:11:58.0190 0256  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:11:58.0190 0256  vdrvroot - ok
07:11:58.0206 0256  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
07:11:58.0330 0256  vds - ok
07:11:58.0362 0256  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:11:58.0393 0256  vga - ok
07:11:58.0424 0256  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:11:58.0502 0256  VgaSave - ok
07:11:58.0518 0256  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:11:58.0533 0256  vhdmp - ok
07:11:58.0549 0256  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:11:58.0564 0256  viaide - ok
07:11:58.0564 0256  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:11:58.0580 0256  vmbus - ok
07:11:58.0580 0256  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:11:58.0611 0256  VMBusHID - ok
07:11:58.0627 0256  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:11:58.0642 0256  volmgr - ok
07:11:58.0658 0256  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:11:58.0689 0256  volmgrx - ok
07:11:58.0736 0256  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:11:58.0767 0256  volsnap - ok
07:11:58.0814 0256  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:11:58.0845 0256  vsmraid - ok
07:11:58.0908 0256  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
07:11:59.0048 0256  VSS - ok
07:11:59.0064 0256  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:11:59.0110 0256  vwifibus - ok
07:11:59.0142 0256  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:11:59.0204 0256  vwififlt - ok
07:11:59.0235 0256  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:11:59.0298 0256  vwifimp - ok
07:11:59.0344 0256  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
07:11:59.0422 0256  W32Time - ok
07:11:59.0422 0256  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:11:59.0454 0256  WacomPen - ok
07:11:59.0500 0256  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:11:59.0578 0256  WANARP - ok
07:11:59.0578 0256  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:11:59.0610 0256  Wanarpv6 - ok
07:11:59.0672 0256  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
07:11:59.0812 0256  wbengine - ok
07:11:59.0844 0256  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:11:59.0875 0256  WbioSrvc - ok
07:11:59.0890 0256  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:11:59.0953 0256  wcncsvc - ok
07:11:59.0984 0256  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:12:00.0031 0256  WcsPlugInService - ok
07:12:00.0046 0256  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
07:12:00.0062 0256  Wd - ok
07:12:00.0093 0256  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:12:00.0109 0256  Wdf01000 - ok
07:12:00.0124 0256  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:12:00.0234 0256  WdiServiceHost - ok
07:12:00.0234 0256  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:12:00.0249 0256  WdiSystemHost - ok
07:12:00.0265 0256  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
07:12:00.0312 0256  WebClient - ok
07:12:00.0327 0256  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:12:00.0390 0256  Wecsvc - ok
07:12:00.0405 0256  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:12:00.0436 0256  wercplsupport - ok
07:12:00.0452 0256  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:12:00.0483 0256  WerSvc - ok
07:12:00.0499 0256  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:12:00.0546 0256  WfpLwf - ok
07:12:00.0546 0256  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:12:00.0561 0256  WIMMount - ok
07:12:00.0577 0256  WinDefend - ok
07:12:00.0577 0256  WinHttpAutoProxySvc - ok
07:12:00.0624 0256  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:12:00.0655 0256  Winmgmt - ok
07:12:00.0702 0256  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
07:12:00.0795 0256  WinRM - ok
07:12:00.0811 0256  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
07:12:00.0858 0256  WinUsb - ok
07:12:00.0904 0256  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:12:00.0982 0256  Wlansvc - ok
07:12:01.0029 0256  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:12:01.0045 0256  wlcrasvc - ok
07:12:01.0123 0256  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:12:01.0201 0256  wlidsvc - ok
07:12:01.0216 0256  WMCoreService - ok
07:12:01.0248 0256  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:12:01.0263 0256  WmiAcpi - ok
07:12:01.0294 0256  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:12:01.0357 0256  wmiApSrv - ok
07:12:01.0388 0256  WMPNetworkSvc - ok
07:12:01.0404 0256  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:12:01.0450 0256  WPCSvc - ok
07:12:01.0466 0256  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:12:01.0528 0256  WPDBusEnum - ok
07:12:01.0528 0256  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:12:01.0606 0256  ws2ifsl - ok
07:12:01.0622 0256  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
07:12:01.0669 0256  wscsvc - ok
07:12:01.0669 0256  WSearch - ok
07:12:01.0731 0256  [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:12:01.0872 0256  wuauserv - ok
07:12:01.0903 0256  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:12:01.0950 0256  WudfPf - ok
07:12:01.0981 0256  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:12:02.0059 0256  WUDFRd - ok
07:12:02.0074 0256  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:12:02.0121 0256  wudfsvc - ok
07:12:02.0137 0256  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:12:02.0184 0256  WwanSvc - ok
07:12:02.0215 0256  [ A100BD898B40DE890DBE53EAE4896D20 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
07:12:02.0230 0256  WwanUsbServ - ok
07:12:02.0262 0256  ================ Scan global ===============================
07:12:02.0277 0256  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:12:02.0308 0256  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:12:02.0324 0256  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:12:02.0340 0256  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:12:02.0371 0256  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:12:02.0386 0256  [Global] - ok
07:12:02.0386 0256  ================ Scan MBR ==================================
07:12:02.0402 0256  [ D104F4C5589B4BF177CFECC57A4581A6 ] \Device\Harddisk0\DR0
07:12:02.0745 0256  \Device\Harddisk0\DR0 - ok
07:12:02.0745 0256  ================ Scan VBR ==================================
07:12:02.0761 0256  [ 0A7B064F15E5DF05391DB566DD79E0B9 ] \Device\Harddisk0\DR0\Partition1
07:12:02.0761 0256  \Device\Harddisk0\DR0\Partition1 - ok
07:12:02.0792 0256  [ 4D04C7995384120C929F8A77B62FFE42 ] \Device\Harddisk0\DR0\Partition2
07:12:02.0808 0256  \Device\Harddisk0\DR0\Partition2 - ok
07:12:02.0839 0256  [ EC4B6370D0DFEC03A869F92606DC60B1 ] \Device\Harddisk0\DR0\Partition3
07:12:02.0839 0256  \Device\Harddisk0\DR0\Partition3 - ok
07:12:02.0839 0256  ============================================================
07:12:02.0839 0256  Scan finished
07:12:02.0839 0256  ============================================================
07:12:02.0870 7528  Detected object count: 2
07:12:02.0870 7528  Actual detected object count: 2
07:12:28.0532 7528  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
07:12:28.0532 7528  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:12:28.0548 7528  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:12:28.0548 7528  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 15.03.2013, 11:19   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 17:53   #13
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hier der Logfile

Code:
ATTFilter
ComboFix 13-03-17.01 - Raquel 18.03.2013  23:11:06.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3983.2101 [GMT 5,5:30]
ausgeführt von:: c:\users\Raquel\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-18 bis 2013-03-18  ))))))))))))))))))))))))))))))
.
.
2013-03-18 17:44 . 2013-03-18 17:44	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-18 17:44 . 2013-03-18 17:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-18 17:44 . 2013-03-18 17:44	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-03-09 23:35 . 2013-03-09 23:35	--------	d-----w-	c:\program files (x86)\Application Updater
2013-03-09 23:35 . 2013-03-09 23:35	--------	d-----w-	c:\program files (x86)\pdfforge Toolbar
2013-03-09 23:35 . 2013-03-09 23:35	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2013-02-28 03:31 . 2013-02-28 03:31	--------	d-----w-	c:\users\Raquel\AppData\Roaming\Malwarebytes
2013-02-28 03:29 . 2013-03-15 15:38	--------	d-----w-	c:\program files (x86)\ MALWAREBYTES ANTI-MALWARE 
2013-02-28 03:29 . 2013-02-28 03:29	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-28 03:29 . 2012-12-14 10:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-28 03:29 . 2013-02-28 03:29	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-27 14:50 . 2013-02-27 14:50	--------	d-----w-	c:\users\Raquel\AppData\Roaming\{35DE4F28-A4BE-4F10-A49C-975D40B597D0}
2013-02-27 14:50 . 2013-02-27 14:50	--------	d-----w-	c:\users\Raquel\AppData\Roaming\{E0F63152-C24E-4A21-83E2-41B815A52919}
2013-02-27 14:49 . 2013-03-12 13:14	--------	d-----w-	C:\TEMP
2013-02-20 11:35 . 2013-02-20 11:35	--------	d-----w-	c:\users\Raquel\AppData\Local\ABBYY
2013-02-20 11:25 . 2013-02-20 11:33	--------	d-----w-	c:\program files (x86)\ABBYY Lingvo x5
2013-02-20 11:25 . 2013-02-20 11:25	--------	d-----w-	c:\programdata\ABBYY
2013-02-20 11:25 . 2013-02-20 11:25	--------	d-----w-	c:\program files (x86)\Common Files\ABBYY
2013-02-19 04:27 . 2013-02-19 04:27	--------	d-----w-	c:\users\Raquel\AppData\Roaming\Softland
2013-02-19 04:27 . 2012-10-03 06:50	25480	----a-w-	c:\windows\system32\dopdfmn7.dll
2013-02-19 04:27 . 2012-10-03 06:50	20872	----a-w-	c:\windows\system32\dopdfmi7.dll
2013-02-19 04:27 . 2010-02-05 09:00	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2013-02-19 04:27 . 2013-02-19 04:27	--------	d-----w-	c:\program files\Softland
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 23:40 . 2013-01-01 07:57	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 23:40 . 2011-07-28 19:37	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-03 12:22 . 2013-02-03 12:23	90112	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2013-02-03 12:22 . 2013-02-03 12:23	76800	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2013-02-03 12:22 . 2013-02-03 12:23	450048	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2013-02-03 12:22 . 2013-02-03 12:23	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2013-02-03 12:22 . 2013-02-03 12:23	30720	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2013-02-03 12:22 . 2013-02-03 12:23	238080	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2013-02-03 12:22 . 2013-02-03 12:23	225920	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2013-02-03 12:22 . 2013-02-03 12:23	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2013-02-03 12:22 . 2013-02-03 12:23	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2013-02-03 12:22 . 2013-02-03 12:23	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-02-03 12:22 . 2013-02-03 12:23	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-02-03 12:22 . 2013-02-03 12:23	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2013-02-03 12:22 . 2013-02-03 12:23	104448	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2013-02-03 12:22 . 2013-02-03 12:23	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2013-01-01 08:06 . 2013-01-01 08:06	8523344	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2013-02-23 12:17	1352512	----a-w-	c:\program files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-23 1544040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"Slovoed 7"="c:\program files (x86)\Paragon Software\Slovoed 7\Slovoed.exe" [2012-01-19 5562880]
"Lingvo Launcher"="c:\program files (x86)\ABBYY Lingvo x5\LvAgent.exe" [2011-05-25 639240]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Dialog Mobile Broadband. RunOuc;Dialog Mobile Broadband. OUC;c:\program files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe [2013-02-03 655712]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-23 477032]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-02-03 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-02-03 13952]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-12 1038088]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-02-03 104448]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-02-03 30720]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2013-02-03 238080]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-06-14 31152]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-23 79208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-03-23 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-05 25960]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-12 312160]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S2 ABBYY.Licensing.Lingvo.Desktop.15.0;ABBYY Lingvo x5 Licencing Service;c:\program files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe [2011-05-17 816904]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-25 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-25 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-01 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-12-03 167680]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-19 425000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-19 39464]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-03-03 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-03-03 30248]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-02-03 90112]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2010-12-01 101416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2010-12-28 276008]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 23:53	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 23:40]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:16]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:16]
.
2013-03-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
.
2013-03-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-02-25 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-16 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-03-08 31592]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: Translate with &ABBYY Lingvo x5 - c:\program files (x86)\ABBYY Lingvo x5\Lingvo.exe/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mozilla Thunderbird (3.1.15) - c:\thunderbird\App\thunderbird\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-18  23:16:06
ComboFix-quarantined-files.txt  2013-03-18 17:46
.
Vor Suchlauf: 17 Verzeichnis(se), 379.634.573.312 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 379.567.042.560 Bytes frei
.
- - End Of File - - 8FAD54E115A12D255CDB90BB05C73378
         

Alt 18.03.2013, 22:26   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 16:06   #15
raquel
 
PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Standard

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind



Hier der Logfile von Junkware Remaval Tool:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x64
Ran by Raquel on 19.03.2013 at 19:36:44,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchsettings
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-169101723-969563805-3752687339-1001\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\application updater
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2849855
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Raquel\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Raquel\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Raquel\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Raquel\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 19:44:29,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adw Cleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 19/03/2013 um 19:56:28 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Raquel - RAQUEL-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Raquel\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Ordner Gelöscht : C:\Program Files (x86)\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Ordner Gelöscht : C:\Users\Raquel\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Raquel\AppData\Roaming\Mozilla\Firefox\Profiles\ckwwzcou.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B7F2423-71CA-4B23-A0F7-3EB05CAB5A43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F57E0870-CCC1-4E91-9A49-EC4343438C77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Raquel\AppData\Roaming\Mozilla\Firefox\Profiles\ckwwzcou.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4424 octets] - [19/03/2013 19:56:28]

########## EOF - C:\AdwCleaner[S1].txt - [4484 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 21:13:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raquel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,03% Memory free
7,78 Gb Paging File | 5,95 Gb Available in Paging File | 76,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,96 Gb Total Space | 352,07 Gb Free Space | 78,42% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 6,38 Gb Free Space | 40,83% Space Free | Partition Type: NTFS
 
Computer Name: RAQUEL-THINK | User Name: Raquel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-169101723-969563805-3752687339-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0248FC73-3B56-4271-BE8A-518DD027F16C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F196AE6-12FA-437B-A812-5346C8587970}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{222B48BD-5F91-4B7C-99C7-1A668BF2B8F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28008ED2-BF4C-4FFC-8F84-A33A1FFE4FA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{34B59AA5-98D4-4FEA-AD20-86DAED791571}" = lport=137 | protocol=17 | dir=in | app=system | 
"{39393CBB-4DB5-460D-AE0F-F29D85E61514}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D1F5AC0-3E2D-4496-83A8-EEEE1D2860CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DBC60D3-786D-4FDA-B62A-2A31C180BCAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44BD10D0-8763-432F-931C-5F6DBC1729C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4D300DB5-C1E5-4C8F-BBC9-7B44083652A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E60E12B-A2C4-4688-A1C6-D3EF20CB0D4E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{52A0805D-4496-4AEE-880A-0E1F2D12C3F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C1DC529-BF91-42BB-8124-A2016E671F4D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65B8E5CC-D88F-4FA9-9295-D4FCEB2AE3D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A6443CE-DB16-4F9F-9E4E-F23FD25536E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9123B696-25C2-4DF1-A360-E7A1BFD12A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{92B3FB71-9231-4B2D-842A-993F32136A0C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{99BB461C-1F8C-4A04-9CCF-5A83D84AF4D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9EDD8FFE-A456-49EB-AC02-DE0C2C4008DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1138DCC-AA42-4B97-9955-B25F6117EC0C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{B788C25B-C556-4367-B771-D7DA373BFC00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA268370-0196-4180-A8C0-D71943A9FE75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5A9D360-61EF-406E-9F5C-64F72431EADC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D2195FC2-0D0E-438D-A9D5-12E14CF35477}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E74E2772-978C-413B-A6B0-A0EAE335DF90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EEC66AB4-ED57-499D-8CEE-FA8A3FAD2201}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036D9745-C3D7-47E2-A5FD-6E45269D238D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{04DF5424-E40C-4154-9EAA-77758D558A43}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07A80C55-A386-4843-8D9D-124B440AC455}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs53cd.tmp\symnrt.exe | 
"{0963D1CF-7355-48D4-A008-86E86C239BAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EBAD378-C5AA-4156-841E-C80CA8D83ED5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0EE6EAA9-0261-462E-9028-E62F8B2DCD12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{11B6650A-A25B-438D-9E31-EFDB004D2AB2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1F87ADCF-6217-4D75-AE69-0DA9225EF4E2}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs53cd.tmp\symnrt.exe | 
"{2373174F-E26F-4C83-AB34-110E7A2EC4CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{2510C5D4-800C-4770-91B2-13AC391D29B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3031524D-2586-44BA-A935-1B5D03820B12}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{341CDCE8-C0A1-45EC-BD81-5287B72CE6C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{35462FB2-E977-48D7-B435-1AEF7872EB93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{36849C0B-EF2D-450D-828C-32426FF3998B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{36BDE82D-E575-4871-96BA-1FBCDBB46A26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{36FF32C3-C41B-4639-A6C2-14E6DDB371D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{38ADB759-0B97-4CBC-A5C7-C393EBC4170D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{398EC6E3-67BC-408F-8040-0E0969D9B16F}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs58ad.tmp\symnrt.exe | 
"{3EC4AACD-CA60-47ED-98FC-2AC3D589C731}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{3ED140CB-16A6-4D3E-A39E-C08AF510437E}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs1db0.tmp\symnrt.exe | 
"{3EF8E7E9-65A4-416E-A0BE-F773D973BE2B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4FD6604B-B90A-4C04-8DFA-0F8B3C35581E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{5C6E908D-90F5-4484-8B54-AED4C9965415}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs829a.tmp\symnrt.exe | 
"{5D45A12B-0FE8-4199-A2F1-275ACD82BD3E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5EE59D45-8569-474E-969F-9884CEC57290}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{6C36B5EE-AE24-4B9C-A368-E59A04EA98F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E12DF2E-50FF-4452-94C0-69BA6DD43843}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{751B24A2-21AC-4CD4-B24A-C6764A7BBFF1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{752C09EE-1BA2-4522-9CA3-71FCB844FB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{768691BC-2182-49BA-876D-03A526916CA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80BFAC68-3CA6-4EDB-A1DD-45EF7166CBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{968447D6-D49D-4A58-8D29-8DB961136CCE}" = protocol=6 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs829a.tmp\symnrt.exe | 
"{994AFA8A-7142-4643-9CFB-9B59C522C570}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{9A3BA1B9-909A-4A81-9348-C39D55A0D081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{9A8B4FC3-095F-43A8-BE66-948131A8F1E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{A5DDE404-0C53-49E0-B18F-8C2B22F695D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A880D85B-456E-4B71-AA8F-762A804D51C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{ABCC4D6A-4EE9-42F5-BA2A-046F1CD71B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{ABE6518B-FD6D-4EC2-9171-6793B800AB79}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B0A39D6D-BB66-48E1-BE16-DDDF87757A19}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs1db0.tmp\symnrt.exe | 
"{B0A413A6-1D4D-4402-AE5E-419641651125}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B525B185-D85E-47FB-A116-D25807D3EC3F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{BF419916-5F55-44D8-8A10-9FB6904CF619}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{BFD1F3EA-CF50-4A16-87A9-D6811F8C7C79}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C109C479-4D2A-4EDE-A24E-A02F7CF18460}" = protocol=6 | dir=out | app=system | 
"{C282B5CB-7FFB-4108-AC0C-FBF8AFE1F718}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4259C3F-D0F6-4335-9406-AC162D436DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{D74C663E-4346-4411-8079-B579E5C72FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE189351-B284-46C7-B881-76017A0A7A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3591F68-2030-4D60-808A-BFA70EEBFB9E}" = protocol=17 | dir=in | app=c:\users\raquel\appdata\local\temp\7zs58ad.tmp\symnrt.exe | 
"{E4DFEF55-263E-4626-958B-4DA93942B35E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3354231-850F-4753-A8FD-8634CEFB9624}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{F39FDDDF-4113-489A-A9A4-7BEF10ADCA04}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FC55EF38-9070-4E4B-94E7-052762556B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD0FC4BC-39AA-441B-BF30-33629F3620E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"TCP Query User{20B9B3A1-3076-437B-804D-E685BF36D79D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{22AD0804-41A7-4919-900D-AECE50F3E2CC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{9A5827AF-EA59-4A60-9226-ADCB248D21C7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AA223C59-3299-4AFA-A097-2CC7B28EF8C9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032EB049-BDA1-450E-967C-4DB2AC660DAB}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10940C91-59FD-48D4-BE53-1A30A0C3235B}" = AVG 2011
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.02
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.19.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows-Treiberpaket - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"AVG" = AVG 2011
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010
"{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010
"{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1500000-0000-0000-0000-074957833700}" = ABBYY Lingvo x5
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 2.0.3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dialog Mobile Broadband" = Dialog Mobile Broadband
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.ru-ru" = Microsoft Office Language Pack 2010 - Russian/русский
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Paragon Software Slovoed 7" = Paragon Software Slovoed 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-169101723-969563805-3752687339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.03.2013 10:32:32 | Computer Name = Raquel-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.03.2013 11:37:08 | Computer Name = Raquel-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BtStackServer.exe, Version: 6.4.0.1500,
 Zeitstempel: 0x4d0d45d7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000002fa228
ID
 des fehlerhaften Prozesses: 0x1738  Startzeit der fehlerhaften Anwendung: 0x01ce24ae9abc21d5
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: db930700-90aa-11e2-ac3f-ec55f9ee5b16
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 06.10.2011 01:26:28 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 06.10.2011 01:26:28 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\start.do
 does not have a Lenovo Digital Signature. The file will be deleted
 
Error - 03.03.2013 09:14:03 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 03.03.2013 09:14:05 | Computer Name = Raquel-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\coova.html
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ System Events ]
Error - 19.03.2013 10:32:30 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Dialog Mobile Broadband. OUC erreicht.
 
Error - 19.03.2013 10:32:30 | Computer Name = Raquel-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Dialog Mobile Broadband. OUC" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         

Antwort

Themen zu PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
antivirus, automatisch, avg, avg antivirus, email, entfernen, ergebnis, externe festplatte, festplatte, folge, gelöscht, internet, microsoft, problem, prozess, pum.userwload, rechner, scan, seite, software, svchost.exe, temp, trojan.ransom löschen, trojaner, usb, wichtig, windows, zugänglich



Ähnliche Themen: PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind


  1. WIN XP: ext. Festplatte u. SD Karte Ordner sind nur noch Verknüpfungen, Recycler
    Log-Analyse und Auswertung - 21.08.2013 (31)
  2. PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
    Log-Analyse und Auswertung - 14.07.2013 (13)
  3. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (22)
  4. Dateien auf externer Festplatte werden nur noch als Verknüpfungen angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (17)
  5. Bei einem Virencheck pum.userwload und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (9)
  6. Externe Festplatte: Dateien Ordner sind nur noch "Verknüpfungen"
    Log-Analyse und Auswertung - 22.03.2013 (2)
  7. pum.userwload, trojan.agent und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (10)
  8. trojan.ransom und PUM-UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (21)
  9. ordner auf externer Festplatte sind nur noch Verknüpfungen!?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  10. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  11. Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER
    Log-Analyse und Auswertung - 31.10.2012 (25)
  12. Ordner auf externer Festplatte nur noch Verknüpfungen
    Log-Analyse und Auswertung - 23.01.2012 (1)
  13. Ordner auf externer Festplatte werden nur noch als Verknüpfungen angezeigt, die sich nicht öffnen
    Log-Analyse und Auswertung - 17.10.2011 (24)
  14. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 25.09.2011 (22)
  15. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 14.09.2011 (5)
  16. Alle Ordner auf externer Festplatte nur noch Verknüpfungen!
    Log-Analyse und Auswertung - 20.07.2011 (5)
  17. Ordner auf externer Festplatte nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 24.06.2011 (8)

Zum Thema PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind - Hallo, ich habe folgendes Problem: nachdem ich meinen usb drive an einem anderen Rechner verwendet habe, wurde mir auf dem usb drive nur noch eine Verknüpfung zu selbigem drive angezeigt, - PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind...
Archiv
Du betrachtest: PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.