Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" (https://www.trojaner-board.de/125075-the-document-has-moved-redirecting-popup-unten-rechts-alle-links-anklickbar.html)

prinzhessin 08.10.2012 12:31
Nein, das ist mein privater Laptop.

cosinus 08.10.2012 13:20
Und warum dann eine Professional Edition sowie zwei Netzwerksegmente => 192.168.100.0 und 192.168.2.0 ?

prinzhessin 08.10.2012 13:33
Ich habe meinen Laptop ohne Betriebssystem und die Professional Edition - auf anraten der Familie - separat gekauft.
Was zwei Netwerksysteme bedeuten weiß ich nicht.

cosinus 08.10.2012 15:43
Zitat:
Ich habe meinen Laptop ohne Betriebssystem
Das ist äußerst selten - wo bitte bekommt man denn ein Notebook ohne Betriebssystem?

Zitat:
- auf anraten der Familie - separat gekauft.
Und wozu benötigt man eine Pro-Edition? Die teurer ist als eine Home Variante? Zudem wäre das Notebook mit dem OEM-Windows dabei wohl auch noch günstiger gewesen als deine Kombination

Zitat:
Was zwei Netwerksysteme bedeuten weiß ich nicht.
Dein Rechner war bzw. ist in zwei verschiedenen Netzwerken gewesen aber das spielt erstmal keine Rolle jetzt

prinzhessin 08.10.2012 17:27
Zitat:
Zitat von cosinus (Beitrag 933585)
Das ist äußerst selten - wo bitte bekommt man denn ein Notebook ohne Betriebssystem?
Darf man hier Links posten? Gibt es auf einer bekannten Seite wo man u.a. mein Notebook ohne Windows billiger bekommen hat.



Zitat:
Zitat von cosinus (Beitrag 933585)
Und wozu benötigt man eine Pro-Edition? Die teurer ist als eine Home Variante? Zudem wäre das Notebook mit dem OEM-Windows dabei wohl auch noch günstiger gewesen als deine Kombination
Ist das relevant für mein Problem?

Zitat:
Zitat von cosinus (Beitrag 933585)
Dein Rechner war bzw. ist in zwei verschiedenen Netzwerken gewesen aber das spielt erstmal keine Rolle jetzt
Ich habe mal in mein Netzwerk und Freigabecenter geschaut.
Mein W-Lan hat mich mal immer wieder rausgeworfen und dann konnte ich irgendwann mal keine Verbindung mehr herstellen.
Dann habe ich probiert eine zweite aufzubauen, weil ich die alte nicht mehr auswählen konnte. Kann das daran liegen?
Oder wenn ich bei Familienmitgliedern im W-Lan drin war?

cosinus 08.10.2012 18:45
Zitat:
Ist das relevant für mein Problem?
Nein aber relevant für unsere Regeln, und wenn ich einen Verdacht habe gehe ich dem nach - denn Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

prinzhessin 08.10.2012 18:50
Klar, verstehe. Das ist mein privater Laptop, die Pro Edition habe ich wie gesagt auf Anraten der Familie gekauft.

cosinus 09.10.2012 10:17
Und genau das Geld hättest du dir sparen können - die Pro-Variante wird zu Huse nicht benötigt, oder braucht man das Feature einer Windows-Domäne beizutreten, wohl kaum oder? :pfeiff:
Wie sieht es aus mit Remotedesktop und Windows-XP-Modus, ist alles nur nice2have aber nicht unbedingt ein Muss, vilees lässt sich mit freien Tools nachrüsten wenn man es denn unbedingt braucht!


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
FF - user.js - File not found
:Files
C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js
C:\Users\Nadja\Desktop\NADJA_NEU\Dokumente und Einstellungen\Nadja\Desktop\Setup-MsgPlus-500.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

prinzhessin 11.10.2012 20:04
Code:
All processes killed
========== OTL ==========
Folder C:\Users\***\AppData\Roaming\Uraq\ not found.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js not found.
File\Folder C:\Users\***\Desktop\***_NEU\Dokumente und Einstellungen\***\Desktop\Setup-MsgPlus-500.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 573440 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 579925156 bytes
->Opera cache emptied: 9021994 bytes
->Flash cache emptied: 14392 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11890184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1009581188 bytes
 
Total Files Cleaned = 1.536,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.1 log created on 10112012_205506

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 12.10.2012 10:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

prinzhessin 12.10.2012 12:22
Code:
13:17:24.0371 4760  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:17:26.0131 4760  ============================================================
13:17:26.0131 4760  Current date / time: 2012/10/12 13:17:26.0131
13:17:26.0131 4760  SystemInfo:
13:17:26.0131 4760 
13:17:26.0131 4760  OS Version: 6.1.7601 ServicePack: 1.0
13:17:26.0131 4760  Product type: Workstation
13:17:26.0131 4760  ComputerName: NADJALAPTOP
13:17:26.0131 4760  UserName: Nadja
13:17:26.0131 4760  Windows directory: C:\Windows
13:17:26.0131 4760  System windows directory: C:\Windows
13:17:26.0131 4760  Running under WOW64
13:17:26.0131 4760  Processor architecture: Intel x64
13:17:26.0131 4760  Number of processors: 2
13:17:26.0131 4760  Page size: 0x1000
13:17:26.0131 4760  Boot type: Normal boot
13:17:26.0131 4760  ============================================================
13:17:51.0734 4760  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:51.0754 4760  ============================================================
13:17:51.0754 4760  \Device\Harddisk0\DR0:
13:17:51.0754 4760  MBR partitions:
13:17:51.0754 4760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:17:51.0754 4760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:17:51.0754 4760  ============================================================
13:17:51.0764 4760  C: <-> \Device\Harddisk0\DR0\Partition2
13:17:51.0764 4760  ============================================================
13:17:51.0764 4760  Initialize success
13:17:51.0764 4760  ============================================================
13:19:41.0788 4352  ============================================================
13:19:41.0788 4352  Scan started
13:19:41.0788 4352  Mode: Manual; SigCheck; TDLFS;
13:19:41.0788 4352  ============================================================
13:19:42.0459 4352  ================ Scan system memory ========================
13:19:42.0459 4352  System memory - ok
13:19:42.0459 4352  ================ Scan services =============================
13:19:42.0600 4352  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:19:42.0834 4352  1394ohci - ok
13:19:42.0865 4352  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:19:42.0912 4352  ACPI - ok
13:19:42.0943 4352  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
13:19:43.0005 4352  AcpiPmi - ok
13:19:43.0083 4352  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:43.0099 4352  AdobeARMservice - ok
13:19:43.0224 4352  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:43.0270 4352  AdobeFlashPlayerUpdateSvc - ok
13:19:43.0317 4352  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
13:19:43.0380 4352  adp94xx - ok
13:19:43.0442 4352  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
13:19:43.0520 4352  adpahci - ok
13:19:43.0536 4352  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
13:19:43.0567 4352  adpu320 - ok
13:19:43.0598 4352  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
13:19:43.0770 4352  AeLookupSvc - ok
13:19:43.0832 4352  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
13:19:43.0894 4352  AFD - ok
13:19:43.0926 4352  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:19:43.0957 4352  agp440 - ok
13:19:44.0004 4352  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
13:19:44.0035 4352  ALG - ok
13:19:44.0050 4352  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:19:44.0082 4352  aliide - ok
13:19:44.0082 4352  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:19:44.0113 4352  amdide - ok
13:19:44.0160 4352  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
13:19:44.0206 4352  AmdK8 - ok
13:19:44.0222 4352  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:19:44.0269 4352  AmdPPM - ok
13:19:44.0284 4352  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata        C:\Windows\system32\drivers\amdsata.sys
13:19:44.0331 4352  amdsata - ok
13:19:44.0362 4352  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:19:44.0394 4352  amdsbs - ok
13:19:44.0409 4352  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
13:19:44.0425 4352  amdxata - ok
13:19:44.0472 4352  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
13:19:44.0565 4352  AppID - ok
13:19:44.0581 4352  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:19:44.0674 4352  AppIDSvc - ok
13:19:44.0690 4352  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
13:19:44.0752 4352  Appinfo - ok
13:19:44.0815 4352  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:44.0846 4352  Apple Mobile Device - ok
13:19:44.0862 4352  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
13:19:44.0924 4352  AppMgmt - ok
13:19:44.0955 4352  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
13:19:44.0986 4352  arc - ok
13:19:45.0002 4352  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:19:45.0018 4352  arcsas - ok
13:19:45.0049 4352  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:45.0142 4352  AsyncMac - ok
13:19:45.0158 4352  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
13:19:45.0174 4352  atapi - ok
13:19:45.0205 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:45.0283 4352  AudioEndpointBuilder - ok
13:19:45.0283 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:19:45.0345 4352  AudioSrv - ok
13:19:45.0470 4352  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
13:19:45.0548 4352  AVKProxy - ok
13:19:45.0610 4352  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
13:19:45.0642 4352  AVKService - ok
13:19:45.0720 4352  [ 22F1444896844B0462359825EF628507 ] AVKWCtl        C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
13:19:45.0829 4352  AVKWCtl - ok
13:19:45.0844 4352  avqferzi - ok
13:19:45.0891 4352  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:19:45.0985 4352  AxInstSV - ok
13:19:46.0016 4352  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
13:19:46.0078 4352  b06bdrv - ok
13:19:46.0110 4352  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:46.0156 4352  b57nd60a - ok
13:19:46.0203 4352  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:19:46.0266 4352  BDESVC - ok
13:19:46.0266 4352  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:19:46.0359 4352  Beep - ok
13:19:46.0406 4352  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
13:19:46.0500 4352  BFE - ok
13:19:46.0515 4352  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:19:46.0593 4352  BITS - ok
13:19:46.0593 4352  bknyckwb - ok
13:19:46.0640 4352  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:46.0671 4352  blbdrive - ok
13:19:46.0718 4352  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:19:46.0749 4352  bowser - ok
13:19:46.0780 4352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:19:46.0874 4352  BrFiltLo - ok
13:19:46.0874 4352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:19:46.0905 4352  BrFiltUp - ok
13:19:46.0952 4352  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
13:19:46.0999 4352  Browser - ok
13:19:47.0030 4352  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
13:19:47.0108 4352  Brserid - ok
13:19:47.0124 4352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:47.0186 4352  BrSerWdm - ok
13:19:47.0202 4352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:47.0248 4352  BrUsbMdm - ok
13:19:47.0264 4352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:47.0311 4352  BrUsbSer - ok
13:19:47.0342 4352  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
13:19:47.0389 4352  BthEnum - ok
13:19:47.0420 4352  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:47.0467 4352  BTHMODEM - ok
13:19:47.0498 4352  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:19:47.0545 4352  BthPan - ok
13:19:47.0576 4352  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
13:19:47.0654 4352  BTHPORT - ok
13:19:47.0685 4352  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
13:19:47.0794 4352  bthserv - ok
13:19:47.0810 4352  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:19:47.0841 4352  BTHUSB - ok
13:19:47.0872 4352  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
13:19:47.0888 4352  btusbflt - ok
13:19:47.0904 4352  btwaudio - ok
13:19:47.0904 4352  btwavdt - ok
13:19:47.0919 4352  btwl2cap - ok
13:19:47.0919 4352  btwrchid - ok
13:19:47.0950 4352  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:19:48.0013 4352  cdfs - ok
13:19:48.0060 4352  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
13:19:48.0106 4352  cdrom - ok
13:19:48.0138 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
13:19:48.0247 4352  CertPropSvc - ok
13:19:48.0278 4352  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:19:48.0294 4352  circlass - ok
13:19:48.0325 4352  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:19:48.0356 4352  CLFS - ok
13:19:48.0403 4352  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:48.0434 4352  clr_optimization_v2.0.50727_32 - ok
13:19:48.0465 4352  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:19:48.0496 4352  clr_optimization_v2.0.50727_64 - ok
13:19:48.0543 4352  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:48.0574 4352  CmBatt - ok
13:19:48.0621 4352  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:19:48.0637 4352  cmdide - ok
13:19:48.0684 4352  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
13:19:48.0746 4352  CNG - ok
13:19:48.0777 4352  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:19:48.0808 4352  Compbatt - ok
13:19:48.0840 4352  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:19:48.0871 4352  CompositeBus - ok
13:19:48.0886 4352  COMSysApp - ok
13:19:48.0902 4352  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
13:19:48.0918 4352  crcdisk - ok
13:19:48.0964 4352  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:19:48.0980 4352  CryptSvc - ok
13:19:49.0027 4352  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
13:19:49.0089 4352  CSC - ok
13:19:49.0120 4352  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
13:19:49.0167 4352  CscService - ok
13:19:49.0183 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:19:49.0261 4352  DcomLaunch - ok
13:19:49.0261 4352  ddrbijkc - ok
13:19:49.0292 4352  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
13:19:49.0370 4352  defragsvc - ok
13:19:49.0386 4352  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:19:49.0448 4352  DfsC - ok
13:19:49.0479 4352  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:19:49.0510 4352  dg_ssudbus - ok
13:19:49.0557 4352  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:19:49.0666 4352  Dhcp - ok
13:19:49.0698 4352  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:19:49.0776 4352  discache - ok
13:19:49.0807 4352  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:19:49.0838 4352  Disk - ok
13:19:49.0869 4352  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:19:49.0916 4352  Dnscache - ok
13:19:49.0932 4352  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
13:19:50.0011 4352  dot3svc - ok
13:19:50.0042 4352  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
13:19:50.0089 4352  DPS - ok
13:19:50.0120 4352  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
13:19:50.0182 4352  drmkaud - ok
13:19:50.0213 4352  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
13:19:50.0307 4352  DXGKrnl - ok
13:19:50.0323 4352  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
13:19:50.0401 4352  EapHost - ok
13:19:50.0494 4352  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
13:19:50.0635 4352  ebdrv - ok
13:19:50.0666 4352  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
13:19:50.0697 4352  EFS - ok
13:19:50.0744 4352  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
13:19:50.0837 4352  ehRecvr - ok
13:19:50.0853 4352  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
13:19:50.0884 4352  ehSched - ok
13:19:50.0947 4352  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
13:19:50.0993 4352  elxstor - ok
13:19:51.0025 4352  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:19:51.0040 4352  ErrDev - ok
13:19:51.0087 4352  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
13:19:51.0165 4352  EventSystem - ok
13:19:51.0196 4352  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
13:19:51.0259 4352  exfat - ok
13:19:51.0290 4352  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
13:19:51.0352 4352  fastfat - ok
13:19:51.0383 4352  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
13:19:51.0446 4352  Fax - ok
13:19:51.0461 4352  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
13:19:51.0508 4352  fdc - ok
13:19:51.0524 4352  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
13:19:51.0602 4352  fdPHost - ok
13:19:51.0617 4352  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:19:51.0680 4352  FDResPub - ok
13:19:51.0711 4352  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:19:51.0727 4352  FileInfo - ok
13:19:51.0742 4352  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
13:19:51.0805 4352  Filetrace - ok
13:19:51.0805 4352  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:51.0820 4352  flpydisk - ok
13:19:51.0851 4352  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:19:51.0867 4352  FltMgr - ok
13:19:51.0914 4352  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache      C:\Windows\system32\FntCache.dll
13:19:51.0992 4352  FontCache - ok
13:19:52.0039 4352  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:52.0054 4352  FontCache3.0.0.0 - ok
13:19:52.0085 4352  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
13:19:52.0101 4352  FsDepends - ok
13:19:52.0163 4352  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:19:52.0195 4352  Fs_Rec - ok
13:19:52.0226 4352  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:19:52.0273 4352  fvevol - ok
13:19:52.0304 4352  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:19:52.0335 4352  gagp30kx - ok
13:19:52.0366 4352  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
13:19:52.0397 4352  GDBehave - ok
13:19:52.0475 4352  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc        C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
13:19:52.0585 4352  GDFwSvc - ok
13:19:52.0616 4352  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
13:19:52.0647 4352  GDMnIcpt - ok
13:19:52.0663 4352  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
13:19:52.0678 4352  GDPkIcpt - ok
13:19:52.0741 4352  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
13:19:52.0787 4352  GDScan - ok
13:19:52.0834 4352  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd        C:\Windows\system32\drivers\gdwfpcd64.sys
13:19:52.0850 4352  gdwfpcd - ok
13:19:52.0928 4352  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:52.0959 4352  GEARAspiWDM - ok
13:19:52.0990 4352  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
13:19:53.0115 4352  gpsvc - ok
13:19:53.0146 4352  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:19:53.0209 4352  hcw85cir - ok
13:19:53.0240 4352  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:53.0302 4352  HdAudAddService - ok
13:19:53.0333 4352  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:19:53.0396 4352  HDAudBus - ok
13:19:53.0411 4352  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
13:19:53.0443 4352  HidBatt - ok
13:19:53.0458 4352  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:19:53.0489 4352  HidBth - ok
13:19:53.0521 4352  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
13:19:53.0567 4352  HidIr - ok
13:19:53.0583 4352  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
13:19:53.0677 4352  hidserv - ok
13:19:53.0708 4352  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:19:53.0755 4352  HidUsb - ok
13:19:53.0801 4352  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:19:53.0895 4352  hkmsvc - ok
13:19:53.0926 4352  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:19:53.0973 4352  HomeGroupListener - ok
13:19:54.0004 4352  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:19:54.0051 4352  HomeGroupProvider - ok
13:19:54.0067 4352  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
13:19:54.0082 4352  HookCentre - ok
13:19:54.0113 4352  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:19:54.0160 4352  HpSAMD - ok
13:19:54.0207 4352  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:19:54.0332 4352  HTTP - ok
13:19:54.0379 4352  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:19:54.0410 4352  hwpolicy - ok
13:19:54.0457 4352  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:54.0488 4352  i8042prt - ok
13:19:54.0535 4352  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
13:19:54.0581 4352  iaStorV - ok
13:19:54.0613 4352  [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:19:54.0628 4352  IBMPMDRV - ok
13:19:54.0644 4352  [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
13:19:54.0675 4352  IBMPMSVC - ok
13:19:54.0722 4352  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:54.0800 4352  idsvc - ok
13:19:55.0065 4352  [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:19:55.0517 4352  igfx - ok
13:19:55.0549 4352  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
13:19:55.0580 4352  iirsp - ok
13:19:55.0627 4352  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:19:55.0736 4352  IKEEXT - ok
13:19:55.0767 4352  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
13:19:55.0814 4352  Impcd - ok
13:19:55.0845 4352  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:19:55.0907 4352  IntcDAud - ok
13:19:55.0939 4352  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:19:55.0970 4352  intelide - ok
13:19:56.0001 4352  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:19:56.0049 4352  intelppm - ok
13:19:56.0080 4352  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
13:19:56.0174 4352  IPBusEnum - ok
13:19:56.0189 4352  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:56.0283 4352  IpFilterDriver - ok
13:19:56.0330 4352  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:19:56.0408 4352  iphlpsvc - ok
13:19:56.0423 4352  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
13:19:56.0454 4352  IPMIDRV - ok
13:19:56.0470 4352  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
13:19:56.0532 4352  IPNAT - ok
13:19:56.0610 4352  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:19:56.0673 4352  iPod Service - ok
13:19:56.0688 4352  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:19:56.0766 4352  IRENUM - ok
13:19:56.0798 4352  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:19:56.0829 4352  isapnp - ok
13:19:56.0860 4352  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:19:56.0907 4352  iScsiPrt - ok
13:19:56.0938 4352  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:56.0969 4352  kbdclass - ok
13:19:56.0985 4352  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:57.0032 4352  kbdhid - ok
13:19:57.0047 4352  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:19:57.0078 4352  KeyIso - ok
13:19:57.0125 4352  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:19:57.0156 4352  KSecDD - ok
13:19:57.0172 4352  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
13:19:57.0203 4352  KSecPkg - ok
13:19:57.0234 4352  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
13:19:57.0297 4352  ksthunk - ok
13:19:57.0328 4352  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
13:19:57.0390 4352  KtmRm - ok
13:19:57.0422 4352  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:19:57.0484 4352  LanmanServer - ok
13:19:57.0500 4352  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:57.0609 4352  LanmanWorkstation - ok
13:19:57.0640 4352  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:19:57.0718 4352  lltdio - ok
13:19:57.0749 4352  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
13:19:57.0827 4352  lltdsvc - ok
13:19:57.0843 4352  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
13:19:57.0905 4352  lmhosts - ok
13:19:57.0936 4352  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:19:57.0952 4352  LSI_FC - ok
13:19:57.0968 4352  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
13:19:57.0983 4352  LSI_SAS - ok
13:19:57.0999 4352  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:19:58.0014 4352  LSI_SAS2 - ok
13:19:58.0030 4352  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:19:58.0046 4352  LSI_SCSI - ok
13:19:58.0061 4352  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
13:19:58.0124 4352  luafv - ok
13:19:58.0155 4352  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
13:19:58.0170 4352  MBAMProtector - ok
13:19:58.0186 4352  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:19:58.0202 4352  MBAMScheduler - ok
13:19:58.0264 4352  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:19:58.0311 4352  MBAMService - ok
13:19:58.0342 4352  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
13:19:58.0451 4352  Mcx2Svc - ok
13:19:58.0482 4352  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
13:19:58.0498 4352  megasas - ok
13:19:58.0529 4352  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:19:58.0560 4352  MegaSR - ok
13:19:58.0592 4352  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
13:19:58.0654 4352  MMCSS - ok
13:19:58.0670 4352  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
13:19:58.0732 4352  Modem - ok
13:19:58.0763 4352  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
13:19:58.0794 4352  monitor - ok
13:19:58.0826 4352  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:19:58.0841 4352  mouclass - ok
13:19:58.0857 4352  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:19:58.0888 4352  mouhid - ok
13:19:58.0904 4352  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:19:58.0919 4352  mountmgr - ok
13:19:58.0935 4352  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:19:58.0966 4352  mpio - ok
13:19:58.0966 4352  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:19:59.0028 4352  mpsdrv - ok
13:19:59.0075 4352  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:19:59.0138 4352  MpsSvc - ok
13:19:59.0153 4352  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:19:59.0200 4352  MRxDAV - ok
13:19:59.0216 4352  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:59.0262 4352  mrxsmb - ok
13:19:59.0294 4352  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:59.0309 4352  mrxsmb10 - ok
13:19:59.0325 4352  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:59.0340 4352  mrxsmb20 - ok
13:19:59.0356 4352  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:19:59.0372 4352  msahci - ok
13:19:59.0403 4352  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
13:19:59.0418 4352  msdsm - ok
13:19:59.0434 4352  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
13:19:59.0465 4352  MSDTC - ok
13:19:59.0496 4352  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:19:59.0543 4352  Msfs - ok
13:19:59.0543 4352  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
13:19:59.0606 4352  mshidkmdf - ok
13:19:59.0621 4352  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:19:59.0637 4352  msisadrv - ok
13:19:59.0668 4352  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
13:19:59.0762 4352  MSiSCSI - ok
13:19:59.0762 4352  msiserver - ok
13:19:59.0777 4352  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
13:19:59.0840 4352  MSKSSRV - ok
13:19:59.0840 4352  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:59.0886 4352  MSPCLOCK - ok
13:19:59.0902 4352  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
13:19:59.0949 4352  MSPQM - ok
13:19:59.0980 4352  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
13:20:00.0027 4352  MsRPC - ok
13:20:00.0042 4352  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:20:00.0074 4352  mssmbios - ok
13:20:00.0105 4352  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
13:20:00.0198 4352  MSTEE - ok
13:20:00.0198 4352  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:20:00.0230 4352  MTConfig - ok
13:20:00.0245 4352  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
13:20:00.0276 4352  Mup - ok
13:20:00.0292 4352  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:20:00.0386 4352  napagent - ok
13:20:00.0417 4352  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
13:20:00.0464 4352  NativeWifiP - ok
13:20:00.0510 4352  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:20:00.0573 4352  NDIS - ok
13:20:00.0604 4352  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
13:20:00.0682 4352  NdisCap - ok
13:20:00.0698 4352  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:00.0744 4352  NdisTapi - ok
13:20:00.0776 4352  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:00.0854 4352  Ndisuio - ok
13:20:00.0869 4352  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:00.0947 4352  NdisWan - ok
13:20:00.0963 4352  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
13:20:01.0041 4352  NDProxy - ok
13:20:01.0072 4352  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
13:20:01.0135 4352  NetBIOS - ok
13:20:01.0167 4352  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
13:20:01.0213 4352  NetBT - ok
13:20:01.0229 4352  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:20:01.0245 4352  Netlogon - ok
13:20:01.0276 4352  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:20:01.0369 4352  Netman - ok
13:20:01.0369 4352  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:20:01.0447 4352  netprofm - ok
13:20:01.0463 4352  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:01.0494 4352  NetTcpPortSharing - ok
13:20:01.0510 4352  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
13:20:01.0541 4352  nfrd960 - ok
13:20:01.0572 4352  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:20:01.0666 4352  NlaSvc - ok
13:20:01.0681 4352  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:20:01.0775 4352  Npfs - ok
13:20:01.0791 4352  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
13:20:01.0884 4352  nsi - ok
13:20:01.0900 4352  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:20:01.0962 4352  nsiproxy - ok
13:20:02.0025 4352  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:20:02.0103 4352  Ntfs - ok
13:20:02.0118 4352  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:20:02.0212 4352  Null - ok
13:20:02.0243 4352  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:20:02.0290 4352  nvraid - ok
13:20:02.0290 4352  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:20:02.0337 4352  nvstor - ok
13:20:02.0352 4352  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:20:02.0383 4352  nv_agp - ok
13:20:02.0399 4352  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:20:02.0430 4352  ohci1394 - ok
13:20:02.0477 4352  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:02.0524 4352  ose - ok
13:20:02.0555 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:20:02.0617 4352  p2pimsvc - ok
13:20:02.0649 4352  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:20:02.0680 4352  p2psvc - ok
13:20:02.0711 4352  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
13:20:02.0727 4352  Parport - ok
13:20:02.0758 4352  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
13:20:02.0773 4352  partmgr - ok
13:20:02.0805 4352  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:20:02.0851 4352  PcaSvc - ok
13:20:02.0867 4352  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
13:20:02.0898 4352  pci - ok
13:20:02.0914 4352  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:20:02.0929 4352  pciide - ok
13:20:02.0961 4352  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:20:02.0992 4352  pcmcia - ok
13:20:03.0007 4352  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
13:20:03.0023 4352  pcw - ok
13:20:03.0054 4352  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:20:03.0148 4352  PEAUTH - ok
13:20:03.0195 4352  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
13:20:03.0273 4352  PeerDistSvc - ok
13:20:03.0366 4352  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:20:03.0413 4352  PerfHost - ok
13:20:03.0475 4352  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
13:20:03.0631 4352  pla - ok
13:20:03.0678 4352  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:20:03.0741 4352  PlugPlay - ok
13:20:03.0756 4352  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
13:20:03.0787 4352  PNRPAutoReg - ok
13:20:03.0819 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
13:20:03.0865 4352  PNRPsvc - ok
13:20:03.0881 4352  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
13:20:03.0959 4352  PolicyAgent - ok
13:20:03.0990 4352  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
13:20:04.0053 4352  Power - ok
13:20:04.0099 4352  [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:20:04.0131 4352  Power Manager DBC Service - ok
13:20:04.0162 4352  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:20:04.0240 4352  PptpMiniport - ok
13:20:04.0255 4352  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
13:20:04.0302 4352  Processor - ok
13:20:04.0333 4352  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc        C:\Windows\system32\profsvc.dll
13:20:04.0427 4352  ProfSvc - ok
13:20:04.0427 4352  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:04.0458 4352  ProtectedStorage - ok
13:20:04.0474 4352  [ 05A4779E4994B21473EDBE85AABE8030 ] psadd          C:\Windows\system32\DRIVERS\psadd.sys
13:20:04.0489 4352  psadd - ok
13:20:04.0521 4352  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:20:04.0599 4352  Psched - ok
13:20:04.0630 4352  [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
13:20:04.0645 4352  PwmEWSvc - ok
13:20:04.0708 4352  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:20:04.0786 4352  ql2300 - ok
13:20:04.0817 4352  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:20:04.0848 4352  ql40xx - ok
13:20:04.0848 4352  qsjdfziv - ok
13:20:04.0879 4352  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
13:20:04.0942 4352  QWAVE - ok
13:20:04.0957 4352  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:20:05.0004 4352  QWAVEdrv - ok
13:20:05.0004 4352  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:20:05.0082 4352  RasAcd - ok
13:20:05.0113 4352  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
13:20:05.0160 4352  RasAgileVpn - ok
13:20:05.0176 4352  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
13:20:05.0223 4352  RasAuto - ok
13:20:05.0254 4352  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:05.0301 4352  Rasl2tp - ok
13:20:05.0332 4352  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:20:05.0394 4352  RasMan - ok
13:20:05.0410 4352  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:05.0472 4352  RasPppoe - ok
13:20:05.0472 4352  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
13:20:05.0535 4352  RasSstp - ok
13:20:05.0566 4352  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
13:20:05.0628 4352  rdbss - ok
13:20:05.0659 4352  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:20:05.0675 4352  rdpbus - ok
13:20:05.0691 4352  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:05.0784 4352  RDPCDD - ok
13:20:05.0800 4352  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
13:20:05.0847 4352  RDPDR - ok
13:20:05.0847 4352  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:20:05.0909 4352  RDPENCDD - ok
13:20:05.0940 4352  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:20:05.0987 4352  RDPREFMP - ok
13:20:06.0003 4352  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
13:20:06.0065 4352  RDPWD - ok
13:20:06.0081 4352  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:20:06.0127 4352  rdyboost - ok
13:20:06.0143 4352  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:20:06.0221 4352  RemoteAccess - ok
13:20:06.0252 4352  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:20:06.0346 4352  RemoteRegistry - ok
13:20:06.0377 4352  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:06.0408 4352  RFCOMM - ok
13:20:06.0424 4352  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:20:06.0486 4352  RpcEptMapper - ok
13:20:06.0502 4352  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:20:06.0549 4352  RpcLocator - ok
13:20:06.0580 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
13:20:06.0673 4352  RpcSs - ok
13:20:06.0705 4352  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:20:06.0783 4352  rspndr - ok
13:20:06.0829 4352  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
13:20:06.0876 4352  RTL8167 - ok
13:20:06.0939 4352  [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce      C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:20:07.0017 4352  RTL8192Ce - ok
13:20:07.0032 4352  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
13:20:07.0079 4352  s3cap - ok
13:20:07.0079 4352  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
13:20:07.0110 4352  SamSs - ok
13:20:07.0126 4352  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:20:07.0157 4352  sbp2port - ok
13:20:07.0173 4352  SBRE - ok
13:20:07.0204 4352  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:20:07.0266 4352  SCardSvr - ok
13:20:07.0297 4352  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:20:07.0375 4352  scfilter - ok
13:20:07.0407 4352  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:20:07.0516 4352  Schedule - ok
13:20:07.0531 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
13:20:07.0578 4352  SCPolicySvc - ok
13:20:07.0609 4352  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:20:07.0625 4352  SDRSVC - ok
13:20:07.0656 4352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:20:07.0765 4352  secdrv - ok
13:20:07.0781 4352  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:20:07.0843 4352  seclogon - ok
13:20:07.0875 4352  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:20:07.0968 4352  SENS - ok
13:20:07.0968 4352  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:20:08.0015 4352  SensrSvc - ok
13:20:08.0031 4352  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
13:20:08.0062 4352  Serenum - ok
13:20:08.0077 4352  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:20:08.0109 4352  Serial - ok
13:20:08.0124 4352  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:20:08.0155 4352  sermouse - ok
13:20:08.0187 4352  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:20:08.0249 4352  SessionEnv - ok
13:20:08.0265 4352  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
13:20:08.0296 4352  sffdisk - ok
13:20:08.0311 4352  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:20:08.0358 4352  sffp_mmc - ok
13:20:08.0358 4352  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
13:20:08.0389 4352  sffp_sd - ok
13:20:08.0421 4352  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
13:20:08.0436 4352  sfloppy - ok
13:20:08.0467 4352  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:20:08.0577 4352  SharedAccess - ok
13:20:08.0608 4352  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:08.0670 4352  ShellHWDetection - ok
13:20:08.0701 4352  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:20:08.0733 4352  SiSRaid2 - ok
13:20:08.0748 4352  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:20:08.0779 4352  SiSRaid4 - ok
13:20:08.0826 4352  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
13:20:08.0904 4352  Smb - ok
13:20:08.0935 4352  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:20:08.0982 4352  SNMPTRAP - ok
13:20:09.0013 4352  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
13:20:09.0029 4352  spldr - ok
13:20:09.0076 4352  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler        C:\Windows\System32\spoolsv.exe
13:20:09.0169 4352  Spooler - ok
13:20:09.0263 4352  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:20:09.0372 4352  sppsvc - ok
13:20:09.0388 4352  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
13:20:09.0450 4352  sppuinotify - ok
13:20:09.0481 4352  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
13:20:09.0528 4352  srv - ok
13:20:09.0559 4352  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:20:09.0622 4352  srv2 - ok
13:20:09.0653 4352  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:20:09.0700 4352  srvnet - ok
13:20:09.0731 4352  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
13:20:09.0840 4352  SSDPSRV - ok
13:20:09.0856 4352  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
13:20:09.0918 4352  SstpSvc - ok
13:20:09.0949 4352  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
13:20:09.0981 4352  ssudmdm - ok
13:20:09.0996 4352  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:20:10.0027 4352  stexstor - ok
13:20:10.0074 4352  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:20:10.0137 4352  stisvc - ok
13:20:10.0152 4352  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
13:20:10.0183 4352  storflt - ok
13:20:10.0199 4352  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\Windows\system32\storsvc.dll
13:20:10.0261 4352  StorSvc - ok
13:20:10.0277 4352  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
13:20:10.0308 4352  storvsc - ok
13:20:10.0371 4352  [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService      C:\Program Files (x86)\Lenovo\System Update\SUService.exe
13:20:10.0402 4352  SUService - ok
13:20:10.0417 4352  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:20:10.0449 4352  swenum - ok
13:20:10.0480 4352  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
13:20:10.0620 4352  swprv - ok
13:20:10.0683 4352  [ FFBE7C45999252C3131CBDD05E2FA135 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
13:20:10.0761 4352  SynTP - ok
13:20:10.0792 4352  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
13:20:10.0870 4352  SysMain - ok
13:20:10.0901 4352  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:10.0917 4352  TabletInputService - ok
13:20:10.0948 4352  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
13:20:10.0995 4352  TapiSrv - ok
13:20:11.0026 4352  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
13:20:11.0073 4352  TBS - ok
13:20:11.0135 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
13:20:11.0260 4352  Tcpip - ok
13:20:11.0291 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:20:11.0369 4352  TCPIP6 - ok
13:20:11.0385 4352  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:20:11.0431 4352  tcpipreg - ok
13:20:11.0463 4352  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:20:11.0509 4352  TDPIPE - ok
13:20:11.0541 4352  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
13:20:11.0587 4352  TDTCP - ok
13:20:11.0619 4352  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
13:20:11.0712 4352  tdx - ok
13:20:11.0728 4352  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:20:11.0759 4352  TermDD - ok
13:20:11.0790 4352  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
13:20:11.0884 4352  TermService - ok
13:20:11.0899 4352  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:20:11.0931 4352  Themes - ok
13:20:11.0946 4352  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
13:20:11.0993 4352  THREADORDER - ok
13:20:12.0024 4352  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF        C:\Windows\system32\drivers\Tppwr64v.sys
13:20:12.0040 4352  TPPWRIF - ok
13:20:12.0071 4352  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:20:12.0149 4352  TrkWks - ok
13:20:12.0196 4352  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:12.0258 4352  TrustedInstaller - ok
13:20:12.0289 4352  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:12.0352 4352  tssecsrv - ok
13:20:12.0383 4352  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:20:12.0430 4352  TsUsbFlt - ok
13:20:12.0461 4352  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:20:12.0570 4352  tunnel - ok
13:20:12.0586 4352  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:20:12.0617 4352  uagp35 - ok
13:20:12.0633 4352  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:20:12.0711 4352  udfs - ok
13:20:12.0742 4352  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
13:20:12.0773 4352  UI0Detect - ok
13:20:12.0789 4352  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:20:12.0804 4352  uliagpkx - ok
13:20:12.0835 4352  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
13:20:12.0867 4352  umbus - ok
13:20:12.0882 4352  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:20:12.0929 4352  UmPass - ok
13:20:12.0960 4352  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
13:20:13.0007 4352  UmRdpService - ok
13:20:13.0038 4352  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:20:13.0116 4352  upnphost - ok
13:20:13.0147 4352  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
13:20:13.0179 4352  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:20:13.0179 4352  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
13:20:13.0210 4352  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:13.0241 4352  usbccgp - ok
13:20:13.0272 4352  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:20:13.0303 4352  usbcir - ok
13:20:13.0335 4352  [ 74EE782B1D9C241EFE425565854C661C ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
13:20:13.0397 4352  usbehci - ok
13:20:13.0413 4352  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
13:20:13.0444 4352  usbhub - ok
13:20:13.0459 4352  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
13:20:13.0491 4352  usbohci - ok
13:20:13.0491 4352  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:20:13.0537 4352  usbprint - ok
13:20:13.0553 4352  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
13:20:13.0615 4352  usbscan - ok
13:20:13.0631 4352  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:13.0678 4352  USBSTOR - ok
13:20:13.0709 4352  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:13.0818 4352  usbuhci - ok
13:20:13.0912 4352  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:20:13.0959 4352  usbvideo - ok
13:20:13.0974 4352  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
13:20:14.0083 4352  UxSms - ok
13:20:14.0099 4352  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:20:14.0115 4352  VaultSvc - ok
13:20:14.0146 4352  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:20:14.0161 4352  vdrvroot - ok
13:20:14.0208 4352  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
13:20:14.0317 4352  vds - ok
13:20:14.0349 4352  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:14.0380 4352  vga - ok
13:20:14.0395 4352  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
13:20:14.0458 4352  VgaSave - ok
13:20:14.0473 4352  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
13:20:14.0505 4352  vhdmp - ok
13:20:14.0520 4352  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:20:14.0536 4352  viaide - ok
13:20:14.0551 4352  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
13:20:14.0567 4352  vmbus - ok
13:20:14.0583 4352  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:20:14.0598 4352  VMBusHID - ok
13:20:14.0614 4352  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:20:14.0629 4352  volmgr - ok
13:20:14.0661 4352  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
13:20:14.0676 4352  volmgrx - ok
13:20:14.0723 4352  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
13:20:14.0754 4352  volsnap - ok
13:20:14.0801 4352  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
13:20:14.0848 4352  vsmraid - ok
13:20:14.0895 4352  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
13:20:15.0004 4352  VSS - ok
13:20:15.0019 4352  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:20:15.0035 4352  vwifibus - ok
13:20:15.0051 4352  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:20:15.0066 4352  vwififlt - ok
13:20:15.0082 4352  vyhqrvwu - ok
13:20:15.0097 4352  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
13:20:15.0160 4352  W32Time - ok
13:20:15.0175 4352  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:20:15.0207 4352  WacomPen - ok
13:20:15.0238 4352  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0316 4352  WANARP - ok
13:20:15.0331 4352  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0378 4352  Wanarpv6 - ok
13:20:15.0425 4352  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:20:15.0487 4352  wbengine - ok
13:20:15.0503 4352  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:20:15.0534 4352  WbioSrvc - ok
13:20:15.0565 4352  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
13:20:15.0597 4352  wcncsvc - ok
13:20:15.0612 4352  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:15.0628 4352  WcsPlugInService - ok
13:20:15.0643 4352  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:20:15.0659 4352  Wd - ok
13:20:15.0690 4352  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:20:15.0721 4352  Wdf01000 - ok
13:20:15.0737 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:20:15.0815 4352  WdiServiceHost - ok
13:20:15.0831 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
13:20:15.0862 4352  WdiSystemHost - ok
13:20:15.0877 4352  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
13:20:15.0909 4352  WebClient - ok
13:20:15.0924 4352  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:20:15.0987 4352  Wecsvc - ok
13:20:16.0002 4352  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
13:20:16.0065 4352  wercplsupport - ok
13:20:16.0080 4352  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:20:16.0127 4352  WerSvc - ok
13:20:16.0174 4352  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:20:16.0221 4352  WfpLwf - ok
13:20:16.0221 4352  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:20:16.0236 4352  WIMMount - ok
13:20:16.0268 4352  WinDefend - ok
13:20:16.0268 4352  WinHttpAutoProxySvc - ok
13:20:16.0330 4352  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
13:20:16.0439 4352  Winmgmt - ok
13:20:16.0502 4352  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
13:20:16.0642 4352  WinRM - ok
13:20:16.0673 4352  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:20:16.0704 4352  WinUsb - ok
13:20:16.0751 4352  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
13:20:16.0798 4352  Wlansvc - ok
13:20:16.0829 4352  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
13:20:16.0876 4352  WmiAcpi - ok
13:20:16.0907 4352  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:20:16.0970 4352  wmiApSrv - ok
13:20:17.0001 4352  WMPNetworkSvc - ok
13:20:17.0016 4352  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:20:17.0063 4352  WPCSvc - ok
13:20:17.0094 4352  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:20:17.0141 4352  WPDBusEnum - ok
13:20:17.0157 4352  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
13:20:17.0219 4352  ws2ifsl - ok
13:20:17.0250 4352  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:20:17.0282 4352  wscsvc - ok
13:20:17.0282 4352  WSearch - ok
13:20:17.0360 4352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:20:17.0453 4352  wuauserv - ok
13:20:17.0469 4352  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:20:17.0578 4352  WudfPf - ok
13:20:17.0625 4352  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:17.0703 4352  WUDFRd - ok
13:20:17.0718 4352  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
13:20:17.0765 4352  wudfsvc - ok
13:20:17.0781 4352  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
13:20:17.0828 4352  WwanSvc - ok
13:20:17.0843 4352  ================ Scan global ===============================
13:20:17.0859 4352  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:20:17.0890 4352  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0890 4352  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0937 4352  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:20:17.0952 4352  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:20:17.0952 4352  [Global] - ok
13:20:17.0952 4352  ================ Scan MBR ==================================
13:20:17.0968 4352  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:20:18.0327 4352  \Device\Harddisk0\DR0 - ok
13:20:18.0327 4352  ================ Scan VBR ==================================
13:20:18.0342 4352  [ CD8B4DD822B82F7F99F633EC54E1617A ] \Device\Harddisk0\DR0\Partition1
13:20:18.0342 4352  \Device\Harddisk0\DR0\Partition1 - ok
13:20:18.0358 4352  [ 0C71FEECFCE4E3ADE6211890BB97154B ] \Device\Harddisk0\DR0\Partition2
13:20:18.0358 4352  \Device\Harddisk0\DR0\Partition2 - ok
13:20:18.0358 4352  ============================================================
13:20:18.0358 4352  Scan finished
13:20:18.0358 4352  ============================================================
13:20:18.0374 3172  Detected object count: 1
13:20:18.0374 3172  Actual detected object count: 1
13:20:28.0326 3172  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:28.0326 3172  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.10.2012 14:50
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

prinzhessin 14.10.2012 15:14
Liste der Anhänge anzeigen (Anzahl: 2)
Ich muss dazu sagen, dass ich Probleme mit dem Combofix hatte. Beim ersten Start erhielt ich die Meldung "Fehler beim Überschreiben...." siehe Anhang- ich bin auf ignorieren gegangen.
Bei Stufe 48 hat sich mein PC komplett aufgehängt und ich habe ihn neu gestartet.

Beim zweiten Versuch kam ich bis zum zweiten Anhang, danach hat sich über mehrere Stunden gar nichts getan. Nach ca. 7 Stunden habe ich es dann selbst abgebrochen.

Beim heutigen dritten Versuch hat es endlich nach 20 Minuten geklappt:

Code:
ComboFix 12-10-14.03 - *** 14.10.2012  14:13:42.3.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3893.2233 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\***\4.0
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-14 bis 2012-10-14  ))))))))))))))))))))))))))))))
.
.
2012-10-14 12:58 . 2012-10-14 12:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-14 12:58 . 2012-10-14 12:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46        96224        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46        157272        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44        --------        d-----w-        C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39        --------        d-----w-        c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03        9056256        ----a-w-        c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02        12295680        ----a-w-        c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03        735744        ----a-w-        c:\windows\system32\msfeeds.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27        60320        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        64416        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27        64376        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 avqferzi;avqferzi;c:\windows\system32\drivers\avqferzi.sys [x]
R1 bknyckwb;bknyckwb;c:\windows\system32\drivers\bknyckwb.sys [x]
R1 ddrbijkc;ddrbijkc;c:\windows\system32\drivers\ddrbijkc.sys [x]
R1 qsjdfziv;qsjdfziv;c:\windows\system32\drivers\qsjdfziv.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 vyhqrvwu;vyhqrvwu;c:\windows\system32\drivers\vyhqrvwu.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-14  16:00:52
ComboFix-quarantined-files.txt  2012-10-14 14:00
.
Vor Suchlauf: 10 Verzeichnis(se), 198.765.957.120 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 198.630.305.792 Bytes frei
.
- - End Of File - - CB41F98FC80CA15F34A2472729AAAB55

cosinus 14.10.2012 19:29
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Driver::
avqferzi
bknyckwb
ddrbijkc
qsjdfziv
vyhqrvwu

File::
c:\windows\system32\drivers\avqferzi.sys
c:\windows\system32\drivers\bknyckwb.sys
c:\windows\system32\drivers\ddrbijkc.sys
c:\windows\system32\drivers\qsjdfziv.sys
c:\windows\system32\drivers\vyhqrvwu.sys
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

prinzhessin 15.10.2012 20:34
Beim dritten Versucht hat es geklappt.
Code:
ComboFix 12-10-15.01 - *** 15.10.2012  21:11:57.6.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3893.2507 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\avqferzi.sys"
"c:\windows\system32\drivers\bknyckwb.sys"
"c:\windows\system32\drivers\ddrbijkc.sys"
"c:\windows\system32\drivers\qsjdfziv.sys"
"c:\windows\system32\drivers\vyhqrvwu.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_avqferzi
-------\Service_bknyckwb
-------\Service_ddrbijkc
-------\Service_qsjdfziv
-------\Service_vyhqrvwu
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-15 bis 2012-10-15  ))))))))))))))))))))))))))))))
.
.
2012-10-15 19:22 . 2012-10-15 19:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-15 19:22 . 2012-10-15 19:22        --------        d-----w-        c:\users\Bea\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46        96224        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46        157272        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44        --------        d-----w-        C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39        --------        d-----w-        c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03        9056256        ----a-w-        c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02        12295680        ----a-w-        c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03        735744        ----a-w-        c:\windows\system32\msfeeds.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27        60320        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        64416        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27        64376        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\**\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-15  21:28:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-15 19:28
ComboFix2.txt  2012-10-14 14:00
.
Vor Suchlauf: 14 Verzeichnis(se), 198.272.622.592 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 197.798.793.216 Bytes frei
.
- - End Of File - - 7B661CDC8C55FE3D10C19249BCD97B5F


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:43 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19