| |
| |||||||
Log-Analyse und Auswertung: PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.04.2013, 11:37
| #1 |
| |  PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Hallo Maleware-Team, edit: Ich habe es geschafft, mein Thema in einem falschen Bereich zu eröffnen. Entschuldigung! Kann ein Moderator das Thema bitte in die Kategorie "Plagegeister aller Art und deren Bekämpfung" verschieben? mein MSE meldet mir den Trojaner PWS:Win32/Zbot.gen!AJ und glaubt, ihn dauerhaft zu entfernen. Leider ist er nach reboot wieder da (und wird von MSE auch wieder gemeldet). Eine Suche im Board zeigte, dass hier keine "Standartlösung" möglich ist, somit erbitte ich Betreuung bei der Beseitigung des Trojaners. liebe Grüße JadH Nun die erforderlichen Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:57 on 12/04/2013 (Peter JadH)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 12.04.2013 10:59:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter JadH\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,92% Memory free 3,74 Gb Paging File | 2,36 Gb Available in Paging File | 63,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221,95 Gb Total Space | 86,88 Gb Free Space | 39,14% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 2,33 Gb Free Space | 23,83% Space Free | Partition Type: NTFS Computer Name: PETERJADH-THINK | User Name: Peter JadH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 10:42:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter JadH\Desktop\OTL.exe PRC - [2013.03.28 09:03:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 09:03:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.28 09:03:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter JadH\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009.12.18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009.12.18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe PRC - [2009.09.30 16:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2009.09.30 16:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2009.09.30 16:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2009.09.28 09:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009.08.20 02:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.08.07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.08.04 09:49:00 | 000,318,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe PRC - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe PRC - [2009.03.13 10:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.03.05 10:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2009.03.05 09:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlk.exe PRC - [2009.02.02 11:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 14:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.06.29 14:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2013.04.10 18:11:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.08 17:33:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.28 09:03:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 09:03:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.12.18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009.12.10 20:11:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2009.09.30 16:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2009.09.30 16:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.08.04 22:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.04 22:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.08.04 22:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009.08.04 22:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009.07.01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.28 09:03:43 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 09:03:43 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 09:03:43 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.26 09:00:47 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009.12.10 20:11:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2009.11.25 09:37:12 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.18 14:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009.08.13 07:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.09 23:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.29 14:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009.06.29 14:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 07:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F9275A0F-DB6D-4817-B148-2B093323A474} IE:64bit: - HKLM\..\SearchScopes\{F9275A0F-DB6D-4817-B148-2B093323A474}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A9FFCEA-67BC-447B-847A-B5D96E1F6958} IE - HKLM\..\SearchScopes\{6A9FFCEA-67BC-447B-847A-B5D96E1F6958}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?.home=yds IE - HKCU\..\SearchScopes,DefaultScope = {CE05CD0B-4F52-4997-8F99-F1EF8BFD16CD} IE - HKCU\..\SearchScopes\{CE05CD0B-4F52-4997-8F99-F1EF8BFD16CD}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.08 17:33:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.08 17:33:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.08 17:33:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.08 17:33:08 | 000,000,000 | ---D | M] [2010.08.06 15:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter JadH\AppData\Roaming\mozilla\Extensions [2012.11.30 08:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter JadH\AppData\Roaming\mozilla\Firefox\Profiles\8x38gs5j.default\extensions [2012.11.30 08:22:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Peter JadH\AppData\Roaming\mozilla\Firefox\Profiles\8x38gs5j.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.10.20 20:39:55 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Peter JadH\AppData\Roaming\mozilla\Firefox\Profiles\8x38gs5j.default\extensions\vshare@toolbar [2013.04.08 17:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.08 17:33:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.08 17:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.08 17:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.08 17:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 10:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2013.04.12 10:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 10:40:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.12 10:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 10:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 10:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.08 17:33:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.08 14:46:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.08 14:46:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.08 14:46:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.08 14:46:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.08 14:46:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.08 14:46:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions) O4 - HKCU..\Run: [Ubumimy] C:\Users\Peter JadH\AppData\Roaming\Cuwyiw\ovawi.exe () O4 - Startup: C:\Users\Peter JadH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter JadH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{293DAF45-EDD2-4E09-8725-0A932EBEBFF4}: DhcpNameServer = 172.16.2.5 72.254.0.140 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D131FA2C-5B88-430E-82FD-488E22B80365}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{bcd4f52f-38a0-11df-9ac2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bcd4f52f-38a0-11df-9ac2-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 10:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter JadH\Desktop\OTL.exe [2013.04.10 19:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.04.10 19:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.04.08 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.06 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Peter JadH\AppData\Roaming\Mamaew [2013.04.06 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Peter JadH\AppData\Roaming\Ibwai [2013.04.06 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Peter JadH\AppData\Roaming\Cuwyiw [2013.03.28 09:04:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 09:04:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 09:04:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 19:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013.04.12 10:57:10 | 000,000,000 | ---- | M] () -- C:\Users\Peter JadH\defogger_reenable [2013.04.12 10:42:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter JadH\Desktop\OTL.exe [2013.04.12 10:41:45 | 000,050,477 | ---- | M] () -- C:\Users\Peter JadH\Desktop\Defogger.exe [2013.04.12 10:33:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 10:30:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 10:30:54 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 10:28:34 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 10:28:34 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 10:28:34 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 10:28:34 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 10:28:34 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.12 10:23:03 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.12 10:23:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.12 10:22:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 10:22:38 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 18:35:45 | 000,458,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 18:30:40 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.04.07 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.03.30 14:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.03.30 10:19:39 | 000,001,027 | ---- | M] () -- C:\Users\Peter JadH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.30 10:19:29 | 000,001,005 | ---- | M] () -- C:\Users\Peter JadH\Desktop\Dropbox.lnk [2013.03.28 09:03:43 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 09:03:43 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 09:03:43 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 19:31:24 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2013.04.12 10:57:10 | 000,000,000 | ---- | C] () -- C:\Users\Peter JadH\defogger_reenable [2013.04.12 10:41:43 | 000,050,477 | ---- | C] () -- C:\Users\Peter JadH\Desktop\Defogger.exe [2013.04.10 19:34:59 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.04.10 18:30:40 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2013.03.26 19:31:24 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.09.13 18:31:08 | 000,029,696 | ---- | C] () -- C:\Users\Peter JadH\AppData\Local\mymixrechnerdata [2011.08.16 17:14:23 | 000,000,863 | ---- | C] () -- C:\Users\Peter JadH\.recently-used.xbel [2010.08.09 18:38:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.16 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Canon [2013.04.06 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Cuwyiw [2013.04.12 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Dropbox [2012.12.26 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\DVDVideoSoft [2011.05.07 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\GARMIN [2011.08.16 17:14:23 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\gtk-2.0 [2013.04.06 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Ibwai [2011.01.22 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\ImgBurn [2010.10.02 08:56:12 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\InterVideo [2010.08.16 10:29:15 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Leadertech [2013.04.10 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Mamaew [2011.05.18 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\RavensburgerTipToi [2012.12.27 10:47:55 | 000,000,000 | ---D | M] -- C:\Users\Peter JadH\AppData\Roaming\Sony ========== Purity Check ========== < End of report > Die Extras und GMER sind als Anhang beigefügt, da die Höchstmenge überschritten wurde. Geändert von JadH (12.04.2013 um 11:50 Uhr) |
|
12.04.2013, 15:10
| #2 |
| /// TB-Ausbilder  | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR Downloade dir bitte Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
12.04.2013, 17:27
| #3 |
| | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Hallo ryder,
__________________vielen Dank, dass Du Dich meinem Problem annimmst! Nun die 4 Schritte: Schritt 1: defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:31 on 12/04/2013 (Peter JadH)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Dieser Schritt erzeugte einen Abbruch des Scans (avast! Antirootkit funktioniert nicht mehr). Ich habe anschließend die Einstellung (none) genommen und folgendes Log bekommen: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-12 18:02:00
-----------------------------
18:02:00.891 OS Version: Windows x64 6.1.7600
18:02:00.891 Number of processors: 2 586 0x170A
18:02:00.906 ComputerName: PETERJADH-THINK UserName: Peter JadH
18:02:01.640 Initialize success
18:02:12.872 AVAST engine defs: 13041200
18:02:26.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:02:26.350 Disk 0 Vendor: FUJITSU_ 0084 Size: 238475MB BusType: 3
18:02:26.475 Disk 0 MBR read successfully
18:02:26.475 Disk 0 MBR scan
18:02:26.490 Disk 0 unknown MBR code
18:02:26.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
18:02:26.522 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227273 MB offset 2459648
18:02:26.553 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
18:02:26.709 Disk 0 scanning C:\Windows\system32\drivers
18:02:41.295 Service scanning
18:03:24.569 Modules scanning
18:03:24.569 Disk 0 trace - called modules:
18:03:24.601 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:03:24.616 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002392060]
18:03:24.616 3 CLASSPNP.SYS[fffff88001b0543f] -> nt!IofCallDriver -> [0xfffffa80020fee40]
18:03:24.632 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002101050]
18:03:24.632 Scan finished successfully
18:04:01.994 Disk 0 MBR has been saved successfully to "C:\Users\Peter JadH\Desktop\MBR.dat"
18:04:02.009 The log file has been saved successfully to "C:\Users\Peter JadH\Desktop\aswMBR.txt"
Code:
ATTFilter 18:09:33.0921 0356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:09:34.0467 0356 ============================================================
18:09:34.0467 0356 Current date / time: 2013/04/12 18:09:34.0467
18:09:34.0467 0356 SystemInfo:
18:09:34.0467 0356
18:09:34.0467 0356 OS Version: 6.1.7600 ServicePack: 0.0
18:09:34.0467 0356 Product type: Workstation
18:09:34.0467 0356 ComputerName: PETERJADH-THINK
18:09:34.0467 0356 UserName: Peter JadH
18:09:34.0467 0356 Windows directory: C:\Windows
18:09:34.0467 0356 System windows directory: C:\Windows
18:09:34.0467 0356 Running under WOW64
18:09:34.0467 0356 Processor architecture: Intel x64
18:09:34.0467 0356 Number of processors: 2
18:09:34.0467 0356 Page size: 0x1000
18:09:34.0467 0356 Boot type: Normal boot
18:09:34.0467 0356 ============================================================
18:09:35.0154 0356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:09:35.0169 0356 ============================================================
18:09:35.0169 0356 \Device\Harddisk0\DR0:
18:09:35.0169 0356 MBR partitions:
18:09:35.0169 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
18:09:35.0169 0356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE4800
18:09:35.0169 0356 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
18:09:35.0169 0356 ============================================================
18:09:35.0185 0356 C: <-> \Device\Harddisk0\DR0\Partition2
18:09:35.0232 0356 Q: <-> \Device\Harddisk0\DR0\Partition3
18:09:35.0232 0356 ============================================================
18:09:35.0232 0356 Initialize success
18:09:35.0232 0356 ============================================================
18:10:05.0542 5044 ============================================================
18:10:05.0542 5044 Scan started
18:10:05.0542 5044 Mode: Manual; SigCheck; TDLFS;
18:10:05.0542 5044 ============================================================
18:10:05.0761 5044 ================ Scan system memory ========================
18:10:05.0761 5044 System memory - ok
18:10:05.0761 5044 ================ Scan services =============================
18:10:05.0917 5044 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:10:06.0057 5044 1394ohci - ok
18:10:06.0088 5044 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:10:06.0120 5044 ACPI - ok
18:10:06.0151 5044 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:10:06.0260 5044 AcpiPmi - ok
18:10:06.0400 5044 [ BCAB739E5FEA28407076D757044A629F ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
18:10:06.0416 5044 AcPrfMgrSvc - ok
18:10:06.0463 5044 [ D6DD4F1596C54AFA5C6CCAE6842F9E44 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
18:10:06.0478 5044 AcSvc - ok
18:10:06.0588 5044 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:10:06.0603 5044 AdobeARMservice - ok
18:10:06.0759 5044 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:10:06.0775 5044 AdobeFlashPlayerUpdateSvc - ok
18:10:06.0822 5044 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:10:06.0853 5044 adp94xx - ok
18:10:06.0884 5044 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:10:06.0915 5044 adpahci - ok
18:10:06.0946 5044 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:10:06.0978 5044 adpu320 - ok
18:10:06.0993 5044 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:10:07.0134 5044 AeLookupSvc - ok
18:10:07.0196 5044 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
18:10:07.0274 5044 AFD - ok
18:10:07.0305 5044 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:10:07.0321 5044 agp440 - ok
18:10:07.0368 5044 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:10:07.0430 5044 ALG - ok
18:10:07.0461 5044 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:10:07.0477 5044 aliide - ok
18:10:07.0492 5044 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:10:07.0508 5044 amdide - ok
18:10:07.0539 5044 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:10:07.0602 5044 AmdK8 - ok
18:10:07.0633 5044 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:10:07.0664 5044 AmdPPM - ok
18:10:07.0726 5044 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:10:07.0742 5044 amdsata - ok
18:10:07.0773 5044 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:10:07.0804 5044 amdsbs - ok
18:10:07.0820 5044 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:10:07.0836 5044 amdxata - ok
18:10:07.0914 5044 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:10:07.0929 5044 AntiVirSchedulerService - ok
18:10:07.0992 5044 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:10:08.0007 5044 AntiVirService - ok
18:10:08.0038 5044 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:10:08.0132 5044 AppID - ok
18:10:08.0163 5044 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:10:08.0226 5044 AppIDSvc - ok
18:10:08.0257 5044 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:10:08.0304 5044 Appinfo - ok
18:10:08.0335 5044 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:10:08.0350 5044 arc - ok
18:10:08.0397 5044 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:10:08.0413 5044 arcsas - ok
18:10:08.0428 5044 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:08.0491 5044 AsyncMac - ok
18:10:08.0522 5044 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:10:08.0538 5044 atapi - ok
18:10:08.0569 5044 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:10:08.0694 5044 AudioEndpointBuilder - ok
18:10:08.0725 5044 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:10:08.0772 5044 AudioSrv - ok
18:10:08.0834 5044 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:10:08.0928 5044 avgntflt - ok
18:10:08.0990 5044 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:10:09.0006 5044 avipbb - ok
18:10:09.0052 5044 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:10:09.0068 5044 avkmgr - ok
18:10:09.0115 5044 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:10:09.0208 5044 AxInstSV - ok
18:10:09.0286 5044 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:10:09.0349 5044 b06bdrv - ok
18:10:09.0380 5044 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:10:09.0427 5044 b57nd60a - ok
18:10:09.0505 5044 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:10:09.0536 5044 BBSvc - ok
18:10:09.0583 5044 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:10:09.0598 5044 BBUpdate - ok
18:10:09.0645 5044 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:10:09.0661 5044 BcmSqlStartupSvc - ok
18:10:09.0708 5044 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:10:09.0754 5044 BDESVC - ok
18:10:09.0786 5044 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:10:09.0864 5044 Beep - ok
18:10:09.0910 5044 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:10:10.0020 5044 BFE - ok
18:10:10.0066 5044 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:10:10.0191 5044 BITS - ok
18:10:10.0222 5044 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:10.0254 5044 blbdrive - ok
18:10:10.0300 5044 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:10:10.0363 5044 bowser - ok
18:10:10.0394 5044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:10:10.0456 5044 BrFiltLo - ok
18:10:10.0472 5044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:10:10.0503 5044 BrFiltUp - ok
18:10:10.0534 5044 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
18:10:10.0597 5044 Browser - ok
18:10:10.0628 5044 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:10:10.0675 5044 Brserid - ok
18:10:10.0690 5044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:10.0737 5044 BrSerWdm - ok
18:10:10.0753 5044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:10.0800 5044 BrUsbMdm - ok
18:10:10.0831 5044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:10.0862 5044 BrUsbSer - ok
18:10:10.0909 5044 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:10:11.0002 5044 BthEnum - ok
18:10:11.0049 5044 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:10:11.0065 5044 BTHMODEM - ok
18:10:11.0096 5044 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:10:11.0127 5044 BthPan - ok
18:10:11.0174 5044 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:10:11.0236 5044 BTHPORT - ok
18:10:11.0252 5044 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:10:11.0330 5044 bthserv - ok
18:10:11.0361 5044 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:10:11.0392 5044 BTHUSB - ok
18:10:11.0439 5044 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:10:11.0455 5044 btwaudio - ok
18:10:11.0486 5044 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:10:11.0502 5044 btwavdt - ok
18:10:11.0595 5044 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
18:10:11.0642 5044 btwdins - ok
18:10:11.0689 5044 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:10:11.0704 5044 btwl2cap - ok
18:10:11.0704 5044 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:10:11.0720 5044 btwrchid - ok
18:10:11.0736 5044 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:10:11.0782 5044 cdfs - ok
18:10:11.0829 5044 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:10:11.0860 5044 cdrom - ok
18:10:11.0892 5044 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:10:11.0954 5044 CertPropSvc - ok
18:10:11.0970 5044 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:10:12.0016 5044 circlass - ok
18:10:12.0048 5044 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:10:12.0079 5044 CLFS - ok
18:10:12.0141 5044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:12.0157 5044 clr_optimization_v2.0.50727_32 - ok
18:10:12.0204 5044 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:12.0219 5044 clr_optimization_v2.0.50727_64 - ok
18:10:12.0282 5044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:12.0328 5044 clr_optimization_v4.0.30319_32 - ok
18:10:12.0344 5044 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:12.0360 5044 clr_optimization_v4.0.30319_64 - ok
18:10:12.0391 5044 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:10:12.0438 5044 CmBatt - ok
18:10:12.0469 5044 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:10:12.0484 5044 cmdide - ok
18:10:12.0531 5044 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
18:10:12.0609 5044 CNG - ok
18:10:12.0656 5044 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:10:12.0672 5044 Compbatt - ok
18:10:12.0718 5044 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:10:12.0734 5044 CompositeBus - ok
18:10:12.0750 5044 COMSysApp - ok
18:10:12.0781 5044 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:10:12.0796 5044 crcdisk - ok
18:10:12.0859 5044 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:10:12.0906 5044 CryptSvc - ok
18:10:12.0952 5044 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:10:13.0046 5044 DcomLaunch - ok
18:10:13.0077 5044 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:10:13.0140 5044 defragsvc - ok
18:10:13.0202 5044 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:10:13.0249 5044 DfsC - ok
18:10:13.0296 5044 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:10:13.0311 5044 dg_ssudbus - ok
18:10:13.0358 5044 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:10:13.0467 5044 Dhcp - ok
18:10:13.0483 5044 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:10:13.0530 5044 discache - ok
18:10:13.0576 5044 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:10:13.0592 5044 Disk - ok
18:10:13.0639 5044 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:10:13.0670 5044 Dnscache - ok
18:10:13.0701 5044 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:10:13.0764 5044 dot3svc - ok
18:10:13.0779 5044 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:10:13.0842 5044 DPS - ok
18:10:13.0873 5044 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:10:13.0888 5044 drmkaud - ok
18:10:13.0966 5044 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:10:14.0013 5044 DXGKrnl - ok
18:10:14.0044 5044 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:10:14.0107 5044 EapHost - ok
18:10:14.0247 5044 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:10:14.0372 5044 ebdrv - ok
18:10:14.0403 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
18:10:14.0450 5044 EFS - ok
18:10:14.0512 5044 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:10:14.0590 5044 ehRecvr - ok
18:10:14.0637 5044 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:10:14.0684 5044 ehSched - ok
18:10:14.0762 5044 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:10:14.0793 5044 elxstor - ok
18:10:14.0824 5044 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:10:14.0856 5044 ErrDev - ok
18:10:14.0902 5044 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:10:14.0965 5044 EventSystem - ok
18:10:15.0043 5044 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:10:15.0121 5044 EvtEng - ok
18:10:15.0136 5044 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:10:15.0199 5044 exfat - ok
18:10:15.0230 5044 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:10:15.0292 5044 fastfat - ok
18:10:15.0339 5044 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:10:15.0433 5044 Fax - ok
18:10:15.0464 5044 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:10:15.0495 5044 fdc - ok
18:10:15.0511 5044 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:10:15.0573 5044 fdPHost - ok
18:10:15.0589 5044 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:10:15.0636 5044 FDResPub - ok
18:10:15.0667 5044 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:10:15.0682 5044 FileInfo - ok
18:10:15.0698 5044 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:10:15.0760 5044 Filetrace - ok
18:10:15.0792 5044 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:10:15.0823 5044 flpydisk - ok
18:10:15.0838 5044 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:10:15.0854 5044 FltMgr - ok
18:10:15.0916 5044 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
18:10:16.0010 5044 FontCache - ok
18:10:16.0057 5044 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:16.0072 5044 FontCache3.0.0.0 - ok
18:10:16.0150 5044 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
18:10:16.0166 5044 FreeAgentGoNext Service - ok
18:10:16.0197 5044 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:10:16.0213 5044 FsDepends - ok
18:10:16.0244 5044 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:10:16.0260 5044 Fs_Rec - ok
18:10:16.0322 5044 [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:10:16.0338 5044 fvevol - ok
18:10:16.0369 5044 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:10:16.0384 5044 gagp30kx - ok
18:10:16.0416 5044 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:10:16.0478 5044 gpsvc - ok
18:10:16.0556 5044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:16.0556 5044 gupdate - ok
18:10:16.0587 5044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:16.0603 5044 gupdatem - ok
18:10:16.0634 5044 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:10:16.0696 5044 hcw85cir - ok
18:10:16.0728 5044 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:10:16.0759 5044 HdAudAddService - ok
18:10:16.0790 5044 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:16.0821 5044 HDAudBus - ok
18:10:16.0852 5044 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:10:16.0868 5044 HidBatt - ok
18:10:16.0899 5044 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:10:16.0930 5044 HidBth - ok
18:10:16.0962 5044 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:10:16.0993 5044 HidIr - ok
18:10:17.0008 5044 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:10:17.0071 5044 hidserv - ok
18:10:17.0118 5044 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:10:17.0164 5044 HidUsb - ok
18:10:17.0196 5044 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:10:17.0258 5044 hkmsvc - ok
18:10:17.0274 5044 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:10:17.0336 5044 HomeGroupListener - ok
18:10:17.0367 5044 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:10:17.0398 5044 HomeGroupProvider - ok
18:10:17.0430 5044 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:10:17.0445 5044 HpSAMD - ok
18:10:17.0492 5044 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:10:17.0586 5044 HTTP - ok
18:10:17.0586 5044 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:10:17.0601 5044 hwpolicy - ok
18:10:17.0664 5044 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:17.0679 5044 i8042prt - ok
18:10:17.0726 5044 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:10:17.0757 5044 IAANTMON - ok
18:10:17.0788 5044 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:10:17.0820 5044 iaStor - ok
18:10:17.0866 5044 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:10:17.0898 5044 iaStorV - ok
18:10:17.0944 5044 [ B8E7CA64FFF8B71636DEA3A845CC23E5 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:10:17.0960 5044 IBMPMDRV - ok
18:10:17.0976 5044 [ 6DAEDF692B52B7C238C7199419318D16 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
18:10:17.0991 5044 IBMPMSVC - ok
18:10:18.0038 5044 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:18.0085 5044 idsvc - ok
18:10:18.0319 5044 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:10:18.0615 5044 igfx - ok
18:10:18.0662 5044 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:10:18.0678 5044 iirsp - ok
18:10:18.0709 5044 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:10:18.0802 5044 IKEEXT - ok
18:10:18.0880 5044 [ 3111A658416DC464BA1E48E3B2169952 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:10:18.0974 5044 IntcAzAudAddService - ok
18:10:19.0021 5044 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:10:19.0083 5044 IntcHdmiAddService - ok
18:10:19.0099 5044 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:10:19.0114 5044 intelide - ok
18:10:19.0146 5044 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:10:19.0161 5044 intelppm - ok
18:10:19.0192 5044 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:10:19.0255 5044 IPBusEnum - ok
18:10:19.0270 5044 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:19.0317 5044 IpFilterDriver - ok
18:10:19.0348 5044 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:10:19.0426 5044 iphlpsvc - ok
18:10:19.0458 5044 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:10:19.0489 5044 IPMIDRV - ok
18:10:19.0504 5044 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:10:19.0551 5044 IPNAT - ok
18:10:19.0582 5044 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:10:19.0614 5044 IRENUM - ok
18:10:19.0629 5044 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:10:19.0645 5044 isapnp - ok
18:10:19.0676 5044 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:10:19.0707 5044 iScsiPrt - ok
18:10:19.0754 5044 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:10:19.0770 5044 IviRegMgr - ok
18:10:19.0832 5044 [ 80A1DE467ADF200390134D63E359937A ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:10:19.0910 5044 JMCR - ok
18:10:19.0957 5044 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:19.0972 5044 kbdclass - ok
18:10:19.0988 5044 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:10:20.0019 5044 kbdhid - ok
18:10:20.0050 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
18:10:20.0066 5044 KeyIso - ok
18:10:20.0128 5044 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:10:20.0144 5044 KSecDD - ok
18:10:20.0160 5044 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:10:20.0175 5044 KSecPkg - ok
18:10:20.0206 5044 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:10:20.0269 5044 ksthunk - ok
18:10:20.0300 5044 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:10:20.0362 5044 KtmRm - ok
18:10:20.0409 5044 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:10:20.0472 5044 LanmanServer - ok
18:10:20.0503 5044 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:10:20.0565 5044 LanmanWorkstation - ok
18:10:20.0612 5044 [ D584216C7767DCFB4B812B9B60A4A4E7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
18:10:20.0628 5044 LENOVO.MICMUTE - ok
18:10:20.0659 5044 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
18:10:20.0674 5044 lenovo.smi - ok
18:10:20.0706 5044 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:10:20.0784 5044 lltdio - ok
18:10:20.0815 5044 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:10:20.0877 5044 lltdsvc - ok
18:10:20.0893 5044 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:10:20.0940 5044 lmhosts - ok
18:10:20.0986 5044 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:10:21.0002 5044 LSI_FC - ok
18:10:21.0018 5044 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:10:21.0049 5044 LSI_SAS - ok
18:10:21.0064 5044 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:10:21.0080 5044 LSI_SAS2 - ok
18:10:21.0096 5044 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:10:21.0111 5044 LSI_SCSI - ok
18:10:21.0158 5044 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:10:21.0205 5044 luafv - ok
18:10:21.0236 5044 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:10:21.0267 5044 Mcx2Svc - ok
18:10:21.0298 5044 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:10:21.0314 5044 megasas - ok
18:10:21.0330 5044 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:10:21.0361 5044 MegaSR - ok
18:10:21.0439 5044 Microsoft SharePoint Workspace Audit Service - ok
18:10:21.0470 5044 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:10:21.0532 5044 MMCSS - ok
18:10:21.0564 5044 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:10:21.0626 5044 Modem - ok
18:10:21.0657 5044 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:10:21.0688 5044 monitor - ok
18:10:21.0720 5044 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:10:21.0735 5044 mouclass - ok
18:10:21.0766 5044 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:10:21.0798 5044 mouhid - ok
18:10:21.0813 5044 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:10:21.0844 5044 mountmgr - ok
18:10:21.0891 5044 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:10:21.0922 5044 MozillaMaintenance - ok
18:10:21.0985 5044 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:10:22.0016 5044 MpFilter - ok
18:10:22.0032 5044 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:10:22.0063 5044 mpio - ok
18:10:22.0078 5044 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:10:22.0125 5044 mpsdrv - ok
18:10:22.0156 5044 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:10:22.0250 5044 MpsSvc - ok
18:10:22.0297 5044 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:10:22.0328 5044 MRxDAV - ok
18:10:22.0375 5044 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:22.0406 5044 mrxsmb - ok
18:10:22.0453 5044 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:22.0500 5044 mrxsmb10 - ok
18:10:22.0531 5044 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:22.0578 5044 mrxsmb20 - ok
18:10:22.0609 5044 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:10:22.0624 5044 msahci - ok
18:10:22.0656 5044 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:10:22.0671 5044 msdsm - ok
18:10:22.0687 5044 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:10:22.0718 5044 MSDTC - ok
18:10:22.0749 5044 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:10:22.0796 5044 Msfs - ok
18:10:22.0812 5044 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:10:22.0858 5044 mshidkmdf - ok
18:10:22.0874 5044 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:10:22.0890 5044 msisadrv - ok
18:10:22.0936 5044 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:10:23.0014 5044 MSiSCSI - ok
18:10:23.0014 5044 msiserver - ok
18:10:23.0046 5044 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:10:23.0092 5044 MSKSSRV - ok
18:10:23.0170 5044 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:10:23.0186 5044 MsMpSvc - ok
18:10:23.0217 5044 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:23.0280 5044 MSPCLOCK - ok
18:10:23.0311 5044 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:10:23.0358 5044 MSPQM - ok
18:10:23.0389 5044 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:10:23.0420 5044 MsRPC - ok
18:10:23.0436 5044 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:23.0451 5044 mssmbios - ok
18:10:23.0498 5044 MSSQL$MSSMLBIZ - ok
18:10:23.0529 5044 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:10:23.0545 5044 MSSQLServerADHelper - ok
18:10:23.0576 5044 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:10:23.0638 5044 MSTEE - ok
18:10:23.0638 5044 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:10:23.0670 5044 MTConfig - ok
18:10:23.0701 5044 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:10:23.0716 5044 Mup - ok
18:10:23.0748 5044 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:10:23.0794 5044 napagent - ok
18:10:23.0841 5044 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:10:23.0872 5044 NativeWifiP - ok
18:10:23.0919 5044 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:10:23.0982 5044 NDIS - ok
18:10:24.0013 5044 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:24.0075 5044 NdisCap - ok
18:10:24.0091 5044 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:24.0138 5044 NdisTapi - ok
18:10:24.0169 5044 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:24.0216 5044 Ndisuio - ok
18:10:24.0247 5044 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:24.0325 5044 NdisWan - ok
18:10:24.0356 5044 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:10:24.0403 5044 NDProxy - ok
18:10:24.0450 5044 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:10:24.0496 5044 NetBIOS - ok
18:10:24.0512 5044 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:10:24.0559 5044 NetBT - ok
18:10:24.0574 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
18:10:24.0590 5044 Netlogon - ok
18:10:24.0637 5044 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:10:24.0699 5044 Netman - ok
18:10:24.0730 5044 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:10:24.0793 5044 netprofm - ok
18:10:24.0808 5044 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:10:24.0824 5044 NetTcpPortSharing - ok
18:10:24.0996 5044 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
18:10:25.0245 5044 NETw5s64 - ok
18:10:25.0417 5044 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:10:25.0604 5044 netw5v64 - ok
18:10:25.0635 5044 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:10:25.0651 5044 nfrd960 - ok
18:10:25.0713 5044 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:10:25.0744 5044 NisDrv - ok
18:10:25.0760 5044 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:10:25.0807 5044 NisSrv - ok
18:10:25.0822 5044 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:10:25.0900 5044 NlaSvc - ok
18:10:25.0932 5044 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:10:25.0978 5044 Npfs - ok
18:10:26.0010 5044 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:10:26.0056 5044 nsi - ok
18:10:26.0088 5044 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:10:26.0134 5044 nsiproxy - ok
18:10:26.0212 5044 [ A7368ED1B924FA49283F1A83776F8A02 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:10:26.0290 5044 Ntfs - ok
18:10:26.0306 5044 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:10:26.0368 5044 Null - ok
18:10:26.0415 5044 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:10:26.0446 5044 nvraid - ok
18:10:26.0478 5044 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:10:26.0493 5044 nvstor - ok
18:10:26.0540 5044 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:10:26.0556 5044 nv_agp - ok
18:10:26.0571 5044 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:10:26.0602 5044 ohci1394 - ok
18:10:26.0665 5044 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:26.0680 5044 ose - ok
18:10:26.0727 5044 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:26.0743 5044 ose64 - ok
18:10:26.0883 5044 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:10:27.0039 5044 osppsvc - ok
18:10:27.0086 5044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:10:27.0133 5044 p2pimsvc - ok
18:10:27.0164 5044 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:10:27.0195 5044 p2psvc - ok
18:10:27.0242 5044 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:10:27.0258 5044 Parport - ok
18:10:27.0304 5044 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:10:27.0320 5044 partmgr - ok
18:10:27.0351 5044 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:10:27.0382 5044 PcaSvc - ok
18:10:27.0414 5044 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:10:27.0429 5044 pci - ok
18:10:27.0445 5044 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:10:27.0460 5044 pciide - ok
18:10:27.0492 5044 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:10:27.0507 5044 pcmcia - ok
18:10:27.0523 5044 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:10:27.0538 5044 pcw - ok
18:10:27.0554 5044 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:10:27.0648 5044 PEAUTH - ok
18:10:27.0710 5044 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:10:27.0741 5044 PerfHost - ok
18:10:27.0819 5044 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:10:27.0928 5044 pla - ok
18:10:27.0991 5044 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:10:28.0069 5044 PlugPlay - ok
18:10:28.0100 5044 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:10:28.0131 5044 PNRPAutoReg - ok
18:10:28.0178 5044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:10:28.0194 5044 PNRPsvc - ok
18:10:28.0240 5044 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:10:28.0334 5044 PolicyAgent - ok
18:10:28.0365 5044 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:10:28.0412 5044 Power - ok
18:10:28.0474 5044 [ D07D33D2293E4ACAE0CBF13108B92A4F ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
18:10:28.0490 5044 Power Manager DBC Service - ok
18:10:28.0521 5044 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:10:28.0568 5044 PptpMiniport - ok
18:10:28.0599 5044 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:10:28.0630 5044 Processor - ok
18:10:28.0677 5044 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
18:10:28.0708 5044 ProfSvc - ok
18:10:28.0740 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:10:28.0755 5044 ProtectedStorage - ok
18:10:28.0786 5044 [ 515A7C5A0886FCC60901916785EFD549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
18:10:28.0802 5044 psadd - ok
18:10:28.0833 5044 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:10:28.0896 5044 Psched - ok
18:10:28.0927 5044 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:10:28.0942 5044 PxHlpa64 - ok
18:10:29.0005 5044 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:10:29.0083 5044 ql2300 - ok
18:10:29.0098 5044 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:10:29.0114 5044 ql40xx - ok
18:10:29.0161 5044 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:10:29.0176 5044 QWAVE - ok
18:10:29.0208 5044 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:10:29.0239 5044 QWAVEdrv - ok
18:10:29.0254 5044 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:10:29.0301 5044 RasAcd - ok
18:10:29.0348 5044 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:10:29.0395 5044 RasAgileVpn - ok
18:10:29.0426 5044 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:10:29.0488 5044 RasAuto - ok
18:10:29.0535 5044 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:29.0598 5044 Rasl2tp - ok
18:10:29.0629 5044 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:10:29.0691 5044 RasMan - ok
18:10:29.0707 5044 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:29.0769 5044 RasPppoe - ok
18:10:29.0800 5044 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:10:29.0847 5044 RasSstp - ok
18:10:29.0878 5044 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:10:29.0925 5044 rdbss - ok
18:10:29.0941 5044 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:10:29.0972 5044 rdpbus - ok
18:10:29.0988 5044 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:30.0034 5044 RDPCDD - ok
18:10:30.0050 5044 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:10:30.0112 5044 RDPENCDD - ok
18:10:30.0128 5044 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:10:30.0175 5044 RDPREFMP - ok
18:10:30.0222 5044 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:10:30.0268 5044 RDPWD - ok
18:10:30.0300 5044 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:10:30.0315 5044 rdyboost - ok
18:10:30.0378 5044 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:10:30.0424 5044 RegSrvc - ok
18:10:30.0456 5044 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:10:30.0518 5044 RemoteAccess - ok
18:10:30.0549 5044 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:10:30.0612 5044 RemoteRegistry - ok
18:10:30.0658 5044 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:10:30.0690 5044 RFCOMM - ok
18:10:30.0752 5044 [ 14A99FD851272C73B758546EF8F0E641 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
18:10:30.0768 5044 Roxio UPnP Renderer 10 - ok
18:10:30.0799 5044 [ BA917F2F2BD5033E70823797C73CDFCB ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
18:10:30.0830 5044 Roxio Upnp Server 10 - ok
18:10:30.0908 5044 [ 8986D20CF294D794A79FB18FF697B68B ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
18:10:30.0924 5044 RoxLiveShare10 - ok
18:10:30.0970 5044 [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:10:31.0048 5044 RoxMediaDB10 - ok
18:10:31.0080 5044 [ 53716357F4B3C99112CF0A21932C5688 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
18:10:31.0095 5044 RoxWatch10 - ok
18:10:31.0126 5044 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:10:31.0158 5044 RpcEptMapper - ok
18:10:31.0189 5044 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:10:31.0220 5044 RpcLocator - ok
18:10:31.0251 5044 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:10:31.0298 5044 RpcSs - ok
18:10:31.0329 5044 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:10:31.0392 5044 rspndr - ok
18:10:31.0423 5044 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:10:31.0485 5044 RTL8167 - ok
18:10:31.0501 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
18:10:31.0516 5044 SamSs - ok
18:10:31.0548 5044 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:10:31.0563 5044 sbp2port - ok
18:10:31.0610 5044 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:10:31.0657 5044 SCardSvr - ok
18:10:31.0688 5044 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:10:31.0750 5044 scfilter - ok
18:10:31.0813 5044 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:10:31.0875 5044 Schedule - ok
18:10:31.0906 5044 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:10:31.0953 5044 SCPolicySvc - ok
18:10:32.0000 5044 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:10:32.0047 5044 sdbus - ok
18:10:32.0078 5044 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:10:32.0125 5044 SDRSVC - ok
18:10:32.0172 5044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:10:32.0234 5044 secdrv - ok
18:10:32.0265 5044 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:10:32.0312 5044 seclogon - ok
18:10:32.0343 5044 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:10:32.0406 5044 SENS - ok
18:10:32.0421 5044 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:10:32.0468 5044 SensrSvc - ok
18:10:32.0499 5044 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:10:32.0515 5044 Serenum - ok
18:10:32.0546 5044 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:10:32.0577 5044 Serial - ok
18:10:32.0577 5044 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:10:32.0593 5044 sermouse - ok
18:10:32.0640 5044 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:10:32.0671 5044 SessionEnv - ok
18:10:32.0718 5044 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:10:32.0749 5044 sffdisk - ok
18:10:32.0796 5044 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:10:32.0811 5044 sffp_mmc - ok
18:10:32.0842 5044 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:10:32.0889 5044 sffp_sd - ok
18:10:32.0920 5044 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:10:32.0967 5044 sfloppy - ok
18:10:33.0014 5044 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:10:33.0076 5044 SharedAccess - ok
18:10:33.0123 5044 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:10:33.0170 5044 ShellHWDetection - ok
18:10:33.0201 5044 [ 5A5346931CE61EA85F8338F7A03131F7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
18:10:33.0217 5044 Shockprf - ok
18:10:33.0248 5044 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:10:33.0264 5044 SiSRaid2 - ok
18:10:33.0279 5044 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:10:33.0310 5044 SiSRaid4 - ok
18:10:33.0357 5044 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:10:33.0373 5044 SkypeUpdate - ok
18:10:33.0420 5044 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:10:33.0482 5044 Smb - ok
18:10:33.0529 5044 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:10:33.0544 5044 SNMPTRAP - ok
18:10:33.0576 5044 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:10:33.0591 5044 spldr - ok
18:10:33.0638 5044 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
18:10:33.0716 5044 Spooler - ok
18:10:33.0825 5044 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:10:33.0950 5044 sppsvc - ok
18:10:33.0966 5044 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:10:34.0075 5044 sppuinotify - ok
18:10:34.0122 5044 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:10:34.0137 5044 SQLBrowser - ok
18:10:34.0168 5044 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:10:34.0200 5044 SQLWriter - ok
18:10:34.0246 5044 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:10:34.0324 5044 srv - ok
18:10:34.0356 5044 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:10:34.0402 5044 srv2 - ok
18:10:34.0449 5044 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:10:34.0480 5044 SrvHsfHDA - ok
18:10:34.0527 5044 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:10:34.0590 5044 SrvHsfV92 - ok
18:10:34.0636 5044 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:10:34.0683 5044 SrvHsfWinac - ok
18:10:34.0730 5044 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:10:34.0746 5044 srvnet - ok
18:10:34.0792 5044 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:10:34.0839 5044 SSDPSRV - ok
18:10:34.0870 5044 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:10:34.0917 5044 SstpSvc - ok
18:10:34.0980 5044 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
18:10:34.0995 5044 ssudmdm - ok
18:10:35.0026 5044 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:10:35.0042 5044 stexstor - ok
18:10:35.0089 5044 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:10:35.0151 5044 stisvc - ok
18:10:35.0198 5044 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:10:35.0214 5044 stllssvr - ok
18:10:35.0276 5044 [ 3119E9BC5FAD5EA1CD31AE200A1DA591 ] SUService c:\Program Files (x86)\Lenovo\System Update\SUService.exe
18:10:35.0292 5044 SUService ( UnsignedFile.Multi.Generic ) - warning
18:10:35.0292 5044 SUService - detected UnsignedFile.Multi.Generic (1)
18:10:35.0307 5044 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:10:35.0323 5044 swenum - ok
18:10:35.0370 5044 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:10:35.0432 5044 swprv - ok
18:10:35.0479 5044 [ 311012779AF2704350ADEE3B4FE848BA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:10:35.0510 5044 SynTP - ok
18:10:35.0557 5044 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:10:35.0650 5044 SysMain - ok
18:10:35.0697 5044 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:10:35.0713 5044 TabletInputService - ok
18:10:35.0744 5044 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:10:35.0791 5044 TapiSrv - ok
18:10:35.0822 5044 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:10:35.0869 5044 TBS - ok
18:10:35.0947 5044 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:10:36.0040 5044 Tcpip - ok
18:10:36.0103 5044 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:10:36.0150 5044 TCPIP6 - ok
18:10:36.0181 5044 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:10:36.0228 5044 tcpipreg - ok
18:10:36.0259 5044 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:10:36.0306 5044 TDPIPE - ok
18:10:36.0337 5044 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:10:36.0384 5044 TDTCP - ok
18:10:36.0415 5044 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:10:36.0462 5044 tdx - ok
18:10:36.0493 5044 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:10:36.0508 5044 TermDD - ok
18:10:36.0540 5044 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:10:36.0633 5044 TermService - ok
18:10:36.0649 5044 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:10:36.0696 5044 Themes - ok
18:10:36.0758 5044 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
18:10:36.0789 5044 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
18:10:36.0789 5044 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
18:10:36.0820 5044 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:10:36.0867 5044 THREADORDER - ok
18:10:36.0898 5044 [ 7E25F9AE51DAAC0791DF1EB949A58DBE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
18:10:36.0898 5044 TPDIGIMN - ok
18:10:36.0930 5044 [ DD96DE244CB186207149BC897E67217A ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
18:10:36.0945 5044 TPHDEXLGSVC - ok
18:10:36.0976 5044 [ 3C6A42A8494D74F44F048BB7F9F2DB44 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
18:10:36.0992 5044 TPHKSVC - ok
18:10:37.0023 5044 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
18:10:37.0054 5044 TPM - ok
18:10:37.0086 5044 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
18:10:37.0101 5044 TPPWRIF - ok
18:10:37.0132 5044 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:10:37.0179 5044 TrkWks - ok
18:10:37.0242 5044 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:10:37.0257 5044 TrustedInstaller - ok
18:10:37.0288 5044 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:37.0351 5044 tssecsrv - ok
18:10:37.0382 5044 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:10:37.0460 5044 tunnel - ok
18:10:37.0522 5044 [ B56DA1AA776C15043D10F82B32AA000D ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
18:10:37.0585 5044 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
18:10:37.0585 5044 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
18:10:37.0616 5044 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:10:37.0632 5044 uagp35 - ok
18:10:37.0678 5044 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:10:37.0741 5044 udfs - ok
18:10:37.0772 5044 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:10:37.0788 5044 UI0Detect - ok
18:10:37.0819 5044 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:10:37.0834 5044 uliagpkx - ok
18:10:37.0866 5044 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:10:37.0897 5044 umbus - ok
18:10:37.0912 5044 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:10:37.0944 5044 UmPass - ok
18:10:37.0975 5044 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:10:38.0022 5044 upnphost - ok
18:10:38.0068 5044 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:38.0115 5044 usbccgp - ok
18:10:38.0146 5044 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:10:38.0193 5044 usbcir - ok
18:10:38.0209 5044 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:10:38.0224 5044 usbehci - ok
18:10:38.0287 5044 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:10:38.0334 5044 usbhub - ok
18:10:38.0365 5044 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:10:38.0396 5044 usbohci - ok
18:10:38.0427 5044 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:10:38.0474 5044 usbprint - ok
18:10:38.0505 5044 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:38.0568 5044 USBSTOR - ok
18:10:38.0614 5044 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:10:38.0646 5044 usbuhci - ok
18:10:38.0677 5044 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:10:38.0739 5044 usbvideo - ok
18:10:38.0770 5044 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:10:38.0833 5044 UxSms - ok
18:10:38.0848 5044 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
18:10:38.0864 5044 VaultSvc - ok
18:10:38.0911 5044 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:10:38.0926 5044 vdrvroot - ok
18:10:38.0958 5044 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:10:39.0036 5044 vds - ok
18:10:39.0082 5044 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:39.0098 5044 vga - ok
18:10:39.0114 5044 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:10:39.0176 5044 VgaSave - ok
18:10:39.0207 5044 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:10:39.0223 5044 vhdmp - ok
18:10:39.0238 5044 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:10:39.0270 5044 viaide - ok
18:10:39.0285 5044 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:10:39.0301 5044 volmgr - ok
18:10:39.0316 5044 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:10:39.0348 5044 volmgrx - ok
18:10:39.0379 5044 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:10:39.0410 5044 volsnap - ok
18:10:39.0441 5044 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:10:39.0457 5044 vsmraid - ok
18:10:39.0519 5044 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:10:39.0613 5044 VSS - ok
18:10:39.0644 5044 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:10:39.0691 5044 vwifibus - ok
18:10:39.0722 5044 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:10:39.0753 5044 vwififlt - ok
18:10:39.0784 5044 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:10:39.0800 5044 vwifimp - ok
18:10:39.0831 5044 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:10:39.0878 5044 W32Time - ok
18:10:39.0909 5044 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:10:39.0940 5044 WacomPen - ok
18:10:39.0972 5044 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:10:40.0018 5044 WANARP - ok
18:10:40.0018 5044 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:10:40.0065 5044 Wanarpv6 - ok
18:10:40.0143 5044 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:10:40.0221 5044 WatAdminSvc - ok
18:10:40.0284 5044 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:10:40.0408 5044 wbengine - ok
18:10:40.0424 5044 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:10:40.0455 5044 WbioSrvc - ok
18:10:40.0502 5044 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:10:40.0549 5044 wcncsvc - ok
18:10:40.0580 5044 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:10:40.0611 5044 WcsPlugInService - ok
18:10:40.0642 5044 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:10:40.0658 5044 Wd - ok
18:10:40.0705 5044 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:10:40.0767 5044 Wdf01000 - ok
18:10:40.0798 5044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:10:40.0845 5044 WdiServiceHost - ok
18:10:40.0845 5044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:10:40.0876 5044 WdiSystemHost - ok
18:10:40.0908 5044 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
18:10:40.0970 5044 WebClient - ok
18:10:41.0001 5044 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:10:41.0048 5044 Wecsvc - ok
18:10:41.0079 5044 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:10:41.0157 5044 wercplsupport - ok
18:10:41.0173 5044 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:10:41.0251 5044 WerSvc - ok
18:10:41.0282 5044 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:10:41.0329 5044 WfpLwf - ok
18:10:41.0360 5044 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:10:41.0376 5044 WIMMount - ok
18:10:41.0391 5044 WinDefend - ok
18:10:41.0407 5044 WinHttpAutoProxySvc - ok
18:10:41.0454 5044 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:10:41.0516 5044 Winmgmt - ok
18:10:41.0563 5044 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:10:41.0672 5044 WinRM - ok
18:10:41.0734 5044 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:10:41.0766 5044 WinUsb - ok
18:10:41.0812 5044 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:10:41.0890 5044 Wlansvc - ok
18:10:41.0937 5044 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:41.0953 5044 WmiAcpi - ok
18:10:42.0000 5044 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:10:42.0031 5044 wmiApSrv - ok
18:10:42.0046 5044 WMPNetworkSvc - ok
18:10:42.0078 5044 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:10:42.0109 5044 WPCSvc - ok
18:10:42.0124 5044 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:10:42.0171 5044 WPDBusEnum - ok
18:10:42.0187 5044 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:10:42.0249 5044 ws2ifsl - ok
18:10:42.0296 5044 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
18:10:42.0343 5044 wscsvc - ok
18:10:42.0343 5044 WSearch - ok
18:10:42.0436 5044 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:10:42.0530 5044 wuauserv - ok
18:10:42.0561 5044 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:10:42.0592 5044 WudfPf - ok
18:10:42.0639 5044 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:42.0670 5044 WUDFRd - ok
18:10:42.0717 5044 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:10:42.0748 5044 wudfsvc - ok
18:10:42.0780 5044 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:10:42.0811 5044 WwanSvc - ok
18:10:42.0858 5044 ================ Scan global ===============================
18:10:42.0873 5044 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:10:42.0920 5044 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
18:10:42.0951 5044 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
18:10:42.0967 5044 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:10:42.0982 5044 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:10:42.0998 5044 [Global] - ok
18:10:42.0998 5044 ================ Scan MBR ==================================
18:10:42.0998 5044 [ 1DA9013AD50969D2FB0D606DC3545DA4 ] \Device\Harddisk0\DR0
18:10:43.0357 5044 \Device\Harddisk0\DR0 - ok
18:10:43.0357 5044 ================ Scan VBR ==================================
18:10:43.0372 5044 [ D9B3A876D2F450EC645FB109595FA46F ] \Device\Harddisk0\DR0\Partition1
18:10:43.0372 5044 \Device\Harddisk0\DR0\Partition1 - ok
18:10:43.0404 5044 [ C6D0BE353DCF4CCD1A1610011F335CFD ] \Device\Harddisk0\DR0\Partition2
18:10:43.0404 5044 \Device\Harddisk0\DR0\Partition2 - ok
18:10:43.0435 5044 [ 84E85BA6366B971C98A927BABE79876A ] \Device\Harddisk0\DR0\Partition3
18:10:43.0435 5044 \Device\Harddisk0\DR0\Partition3 - ok
18:10:43.0435 5044 ============================================================
18:10:43.0435 5044 Scan finished
18:10:43.0435 5044 ============================================================
18:10:43.0450 4304 Detected object count: 3
18:10:43.0450 4304 Actual detected object count: 3
18:11:38.0955 4304 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:11:38.0955 4304 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:11:38.0955 4304 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:11:38.0955 4304 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:11:38.0955 4304 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:11:38.0955 4304 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:11:54.0805 1480 Deinitialize success
DDS DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Peter JadH at 18:13:54 on 2013-04-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1913.859 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Users\Peter JadH\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Users\Peter JadH\Desktop\aswMBR.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?.home=yds
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Ubumimy] "C:\Users\Peter JadH\AppData\Roaming\Cuwyiw\ovawi.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\PETERJ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Peter JadH\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{293DAF45-EDD2-4E09-8725-0A932EBEBFF4} : DHCPNameServer = 172.16.2.5 72.254.0.140
TCP: Interfaces\{D131FA2C-5B88-430E-82FD-488E22B80365} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
x64-Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter JadH\AppData\Roaming\Mozilla\Firefox\Profiles\8x38gs5j.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Peter JadH\AppData\Roaming\Mozilla\Firefox\Profiles\8x38gs5j.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-26 55280]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-6-29 23592]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2009-7-17 15400]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-16 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-10-6 45424]
R2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-10-6 62320]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-10 139264]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-6-8 143320]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-26 215040]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-4 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-8-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-8-4 166384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-3-26 35104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-9 99384]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-26 75112]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-4 313840]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-8-4 1124848]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-9 203320]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-18 1255736]
.
=============== Created Last 30 ================
.
2013-04-12 15:07:00 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3DE35B1-EB53-49DD-8B95-CD70BD849675}\offreg.dll
2013-04-11 18:50:21 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3DE35B1-EB53-49DD-8B95-CD70BD849675}\mpengine.dll
2013-04-10 17:53:13 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DD2A6B9-C876-414E-AE91-51A2E8998060}\gapaengine.dll
2013-04-10 17:52:54 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-10 17:34:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-04-10 17:33:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-04-10 17:32:59 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-04-10 16:22:14 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 16:22:11 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 16:22:11 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 16:22:10 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 16:22:10 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 16:22:10 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 16:21:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 16:21:55 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 16:21:54 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 16:21:54 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 16:21:54 158208 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 16:21:54 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 16:21:49 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 16:21:49 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 16:21:38 1652568 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-06 15:21:39 -------- d-----w- C:\Users\Peter JadH\AppData\Roaming\Mamaew
2013-04-06 15:21:39 -------- d-----w- C:\Users\Peter JadH\AppData\Roaming\Ibwai
2013-04-06 15:21:39 -------- d-----w- C:\Users\Peter JadH\AppData\Roaming\Cuwyiw
2013-03-28 07:04:04 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-28 07:04:04 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-21 07:41:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-04-10 16:11:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 16:11:57 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-07 21:54:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 21:54:00 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-07 21:54:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-20 13:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 13:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 18:15:08,96 ===============
attach: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05.08.2010 19:35:07
System Uptime: 12.04.2013 17:05:17 (1 hours ago)
.
Motherboard: LENOVO | | 28752NG
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz | U2E1 | 1895/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 86,412 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 2,328 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP272: 21.03.2013 14:41:43 - Windows Update
RP273: 29.03.2013 13:54:32 - Geplanter Prüfpunkt
RP275: 07.04.2013 10:26:38 - Geplanter Prüfpunkt
RP276: 10.04.2013 18:22:34 - Windows Update
RP277: 10.04.2013 19:31:27 - Windows Update
RP278: 12.04.2013 10:29:06 - Removed Java(TM) 6 Update 16 (64-bit)
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
7-Zip 9.20
Access Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Deutsch
Anzeige am Bildschirm
Apple Application Support
Apple Software Update
AT&T Service Activation
Avira Free Antivirus
Bing Bar
Business Contact Manager für Outlook 2007 SP2
Canon Utilities Digital Photo Professional 3.10
Carbonite Online Backup Setup
Create Recovery Media
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dienstprogramm "ThinkPad UltraNav"
DirectX 9 Runtime
Dropbox
FastStone Capture 5.3
GIMP 2.6.11
Google Earth
Google Update Helper
Image Resizer Powertoy Clone for Windows (64 bit)
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi-Software
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Java 7 Update 17
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Media Go
Media Go Video Playback Engine 1.96.120.08260
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2010
Microsoft Research AutoCollage Touch 2009
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband Connect
Mozilla Firefox 20.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myMixrechner 1.2.1
NWZ-E470 E570 WALKMAN Guide
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Ravensburger tiptoi
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
SAMSUNG USB Driver for Mobile Phones
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype Click to Call
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Energie-Manager
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage System für aktiven Festplattenschutz
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VD64Inst
Verizon Wireless Mobile Broadband Self Activation
VLC media player 2.0.4
Windows-Treiberpaket - Intel hdc (06/04/2009 7.0.0.1013)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
.
==== End Of File ===========================
|
|
12.04.2013, 20:08
| #4 |
| /// TB-Ausbilder | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich In Ordnung. Dann weiter: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstalliere MS Security Essentials Schritt 2: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.04.2013, 21:35
| #5 |
| | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Hallo ryder, Schritt 1: MS Security Essentials wurde deinstalliert. Schritt 2: Scan mit combofix Dies war problematischer, da Avira trotz meines vermeintlichen Deaktivierens einmal eine Meldung brachte, dass der Zugriff auf die registry blockiert wurde. Falls dies nicht sein darf und ich die Prozedur wiederholen muss, werde ich Avira deinstallieren. Hier das Log von combofix: Code:
ATTFilter ComboFix 13-04-12.02 - Peter JadH 12.04.2013 21:27:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1913.625 [GMT 2:00]
ausgeführt von:: c:\users\Peter JadH\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\Peter JadH\AppData\Roaming\Cuwyiw
c:\users\Peter JadH\AppData\Roaming\Cuwyiw\ovawi.exe
Q:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-12 bis 2013-04-12 ))))))))))))))))))))))))))))))
.
.
2013-04-12 19:46 . 2013-04-12 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-10 17:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2013-04-10 16:22 . 2013-03-19 06:19 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 16:22 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 16:22 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 16:22 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 16:22 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 16:22 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 16:21 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 16:21 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 16:21 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 16:21 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 16:21 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 16:21 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 16:21 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 16:21 . 2013-01-24 05:41 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 16:21 . 2013-03-02 05:52 1652568 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-06 15:21 . 2013-04-10 17:49 -------- d-----w- c:\users\Peter JadH\AppData\Roaming\Mamaew
2013-04-06 15:21 . 2013-04-06 15:21 -------- d-----w- c:\users\Peter JadH\AppData\Roaming\Ibwai
2013-03-28 07:04 . 2013-03-28 07:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 07:04 . 2013-03-28 07:03 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 07:04 . 2013-03-28 07:03 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-21 07:41 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 16:27 . 2010-08-05 22:13 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-10 16:11 . 2012-04-19 21:45 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 16:11 . 2011-10-28 15:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 10:34 . 2010-08-05 18:48 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 21:54 . 2013-03-07 21:54 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 21:54 . 2012-06-29 12:53 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-07 21:54 . 2010-08-05 19:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Peter JadH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 16:11]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:35]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 16:35]
.
2013-03-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2013-04-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Peter JadH\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-08 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?.home=yds
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Peter JadH\AppData\Roaming\Mozilla\Firefox\Profiles\8x38gs5j.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ubumimy - c:\users\Peter JadH\AppData\Roaming\Cuwyiw\ovawi.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-12 22:22:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-12 20:22
.
Vor Suchlauf: 11 Verzeichnis(se), 97.427.005.440 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 98.211.082.240 Bytes frei
.
- - End Of File - - ABA13DED29DF2C6CC3C00D7E52CFD38C
|
|
12.04.2013, 22:22
| #6 |
| /// TB-Ausbilder | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitteSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ --> PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich |
|
13.04.2013, 12:24
| #7 |
| | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Hallo ryder, hier sind die Logs...der scan mit ESET hat sehr lang gedauert. Schritt 1: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.13.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Peter JadH :: PETERJADH-THINK [Administrator] Schutz: Aktiviert 13.04.2013 07:57:25 mbam-log-2013-04-13 (07-57-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217408 Laufzeit: 12 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 4 Treffer, zwei davon auf C. Du hast mich nun aufgefordert, mögliche externe Festplatten anzuschließen. Daran hatte ich vorher dummerweise nicht gedacht. Es handelt sich um eine Backup-Platte, die ich nur alle par Monate anschließe um eine Datensicherung zu machen. Dort gab es nun auch Treffer. Soll ich die einfach formatieren? Muss ich bei dem Befehl etwas beachten? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=742a0af5614282459ade27cf12af9f2d
# engine=13609
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-13 10:53:53
# local_time=2013-04-13 12:53:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 18553 231273723 11319 0
# compatibility_mode=5893 16776573 100 94 84044717 117480283 0 0
# scanned=244479
# found=4
# cleaned=0
# scan_time=16075
sh=F21A6C47AE2285F7FFA72275C2D1E0299D871EB7 ft=1 fh=851be32b98eec04c vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Peter JadH\AppData\Roaming\Cuwyiw\ovawi.exe.vir"
sh=F07F4093F184178B661475DE77ACABD62F657B05 ft=0 fh=0000000000000000 vn="Java/Agent.BZ trojan" ac=I fn="C:\Users\Peter JadH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5a5f5d1d-2e31b5e2"
sh=4246CF7DAB74C0AD06E02F4BDED6CB9A586B1FAB ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL trojan" ac=I fn="E:\PETERJADH-THINK\Backup Set 2011-08-28 115520\Backup Files 2011-08-28 115520\Backup files 2.zip"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL trojan" ac=I fn="E:\Seagate Backup\PETERJADH-THINK\C\Users\Peter JadH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5a5f5d1d-2e31b5e2"
Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 17 Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
13.04.2013, 12:50
| #8 |
| /// TB-Ausbilder | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Ja das ist soweit OK. Mach deine Backupplatte platt und dann ein frisches sauberes Backup. Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.04.2013, 14:22
| #9 |
| | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Hallo ryder, ich habe alle Punkte erledigt, werde mir jetzt den Lesestoff aneignen und bedanke mich (auch mit einer Spende) für die großartige Unterstützung! Bevor Du das Thema abmeldest, bitte erkläre mir doch kurz , warum die beiden Treffer von ESET auf c: unerheblich waren. Sind die in Quarantäne? Vielen lieben Dank JadH |
|
14.04.2013, 19:22
| #10 |
| /// TB-Ausbilder | PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich Die waren entweder schon entfernt oder wurden jetzt von delfix entfernt. Also keine Gefahr. Dein infiziertes Backup solltest du löschen und dann ein neues anstossen. Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich |
| antivir, autorun, beseitigung, bingbar, downloader, explorer, firefox, flash player, helper, java/agent.bz, keine entfernung, plagegeister aller art und deren bekämpfung, plug-in, pwmtr64v.dll, pws:win32/zbot.gen!aj, realtek, senden, trojaner, win32/spy.zbot.aao, win32/zbot.gen!aj, windows |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
