Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner - Stand nach Systemwiederherstellung (https://www.trojaner-board.de/128673-gvu-trojaner-stand-systemwiederherstellung.html)

Grashälmchen 27.12.2012 18:10
GVU Trojaner - Stand nach Systemwiederherstellung
 
Liebe Mitglieder des Trojaner-Boards,

ich habe mir gestern Abend den GVU Trojaner eingefangen (Win 7, 64bit) und folgendes bisher unternommen: Nach erfolgreichem Starten im abgesicherten Modus habe ich eine Systemwiederherstellung vorgenommen, mit der aktuell alles scheinbar unbeeinträchtigt läuft, wobei mir klar ist, dass der Schein sicher trügt. Ich würde mich daher über eure Hilfe freuen, ein komplettes Neuauflegen zu vermeiden, und habe daher die Forentipps schon mal angefangen. Anbei also der Malwarebytes Bericht:

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Claudia :: CLAUDIA-LAPTOP [Administrator]

27.12.2012 16:49:42
mbam-log-2012-12-27 (16-49-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236699
Laufzeit: 26 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
und die OTL Dateien (im Anhang "extra" und hier "otl"):

Code:
OTL logfile created on: 27.12.2012 17:35:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Claudia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 30,12% Memory free
7,60 Gb Paging File | 5,19 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 300,17 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 29,44 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-LAPTOP | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claudia\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{25FFB79E-A798-41BC-8772-22C93C98AD15}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8A1C7A57-C8E9-4021-AADF-35A83F18F20F}&mid=ef9c2db9a64f47d1a3d8c9bd2c19e266-72fe822519a5efa2dfbe18b6cdcaf9340cd142f9&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 19:00:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.08 17:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 17:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 17:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 17:23:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 17:23:43 | 000,000,000 | ---D | M]
 
[2011.02.23 22:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.02.23 22:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.11.21 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\g9xypjhb.default\extensions
[2012.11.21 19:47:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\g9xypjhb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.13 17:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.13 17:23:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.13 17:23:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.12.13 17:23:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.30 22:52:13 | 000,103,904 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2012.04.03 19:58:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 12:36:38 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.02 12:52:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.03 19:58:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.02 12:52:21 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012.04.03 19:58:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.03 19:58:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.03 19:58:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [Power2GoExpress] C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1001..\Run: [Spotify Web Helper] C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2987378647-4131978001-2987175761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91C7CCB-1714-4120-A525-6685D43E25FB}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 16:50:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL(1).exe
[2012.12.27 16:46:42 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2012.12.27 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.27 16:46:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.27 16:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.27 16:15:13 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Recov
[2012.12.20 19:41:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.12.16 12:33:12 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.16 12:33:12 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.16 12:33:12 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.16 12:32:46 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.16 12:32:46 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.16 12:32:46 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.16 12:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.16 12:30:55 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Users\Claudia\Desktop\jre-7u9-windows-x64.exe
[2012.12.13 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\AVG2013
[2012.12.13 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2012.12.13 18:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.13 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\MFAData
[2012.12.13 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Avg2013
[2012.12.13 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.13 11:51:14 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.13 11:51:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.13 11:51:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.13 11:51:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.13 11:51:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.13 11:51:12 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.13 11:51:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.13 11:51:10 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.13 11:51:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.13 11:51:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.13 11:51:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.13 11:51:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.13 11:51:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.13 11:51:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.13 11:51:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.13 11:51:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.13 11:51:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.13 11:51:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.13 11:51:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.13 11:51:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.13 11:51:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.13 11:51:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.13 11:51:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.13 11:51:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 11:51:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 11:51:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 11:51:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 11:50:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 11:50:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 11:50:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 11:50:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 11:50:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 11:50:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 11:50:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 11:50:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.13 11:50:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.13 11:50:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 17:26:25 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 16:50:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL(1).exe
[2012.12.27 16:46:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.27 16:45:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:45:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 16:42:20 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.27 16:42:20 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.27 16:42:20 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.27 16:42:20 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.27 16:42:20 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.27 16:42:09 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.27 16:35:31 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 16:35:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.27 16:35:11 | 3061,125,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 22:46:22 | 000,017,408 | ---- | M] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2012.12.16 12:32:18 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.16 12:32:16 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.16 12:32:16 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.16 12:32:15 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.16 12:32:15 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.12.16 12:32:15 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.16 12:31:04 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Users\Claudia\Desktop\jre-7u9-windows-x64.exe
[2012.12.14 20:03:48 | 000,332,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.13 18:16:22 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.13 13:26:22 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.13 13:26:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.12.27 16:46:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.13 18:16:22 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.08.03 22:36:37 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2011.09.24 17:34:57 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011.09.24 17:34:57 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011.09.24 17:34:57 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011.09.24 17:32:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011.09.24 17:32:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011.09.05 07:26:03 | 000,003,584 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.28 16:40:54 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.02.25 11:30:50 | 000,000,346 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.02.23 22:26:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.02.25 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ArcSyncConfig
[2012.12.13 18:20:14 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\AVG2013
[2012.04.15 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\elsterformular
[2012.05.11 08:58:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Lenovo
[2012.01.08 17:38:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\LyX2.0
[2011.02.25 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2012.10.01 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Sazose
[2012.01.09 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Smart PDF Converter
[2012.12.16 18:18:20 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Spotify
[2012.01.08 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Swiss Academic Software
[2012.12.13 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2012.10.01 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vyfoqe
[2012.10.01 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Wigog
 
========== Purity Check ==========
 
 

< End of report >
Ich habe gestern auch noch eine Datensicherung auf externer Festplatte vorgenommen - wie stelle ich am besten fest, ob diese nun auch befallen ist?

Vielen, vielen Dank schon vorab für jede Hilfe! Claudia

markusg 27.12.2012 18:44
Hi
finger weg, bei Malware befall, von der Systemwiederherstellung!
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Grashälmchen 27.12.2012 18:56
Hallo Markus,

danke für die schnelle Rückmeldung. Hier der Log zum TDSSKiller:
Code:
18:51:44.0529 4904  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:51:44.0749 4904  ============================================================
18:51:44.0749 4904  Current date / time: 2012/12/27 18:51:44.0749
18:51:44.0749 4904  SystemInfo:
18:51:44.0749 4904 
18:51:44.0749 4904  OS Version: 6.1.7601 ServicePack: 1.0
18:51:44.0749 4904  Product type: Workstation
18:51:44.0749 4904  ComputerName: CLAUDIA-LAPTOP
18:51:44.0749 4904  UserName: Claudia
18:51:44.0749 4904  Windows directory: C:\windows
18:51:44.0749 4904  System windows directory: C:\windows
18:51:44.0749 4904  Running under WOW64
18:51:44.0749 4904  Processor architecture: Intel x64
18:51:44.0749 4904  Number of processors: 2
18:51:44.0749 4904  Page size: 0x1000
18:51:44.0749 4904  Boot type: Normal boot
18:51:44.0749 4904  ============================================================
18:51:45.0459 4904  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:51:45.0469 4904  ============================================================
18:51:45.0469 4904  \Device\Harddisk0\DR0:
18:51:45.0469 4904  MBR partitions:
18:51:45.0469 4904  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:51:45.0469 4904  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x348AA000
18:51:45.0499 4904  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3490F000, BlocksNum 0x3CF4800
18:51:45.0499 4904  ============================================================
18:51:45.0539 4904  C: <-> \Device\Harddisk0\DR0\Partition2
18:51:45.0569 4904  D: <-> \Device\Harddisk0\DR0\Partition3
18:51:45.0569 4904  ============================================================
18:51:45.0569 4904  Initialize success
18:51:45.0569 4904  ============================================================
18:52:25.0032 4640  ============================================================
18:52:25.0032 4640  Scan started
18:52:25.0032 4640  Mode: Manual; SigCheck; TDLFS;
18:52:25.0032 4640  ============================================================
18:52:25.0406 4640  ================ Scan system memory ========================
18:52:25.0406 4640  System memory - ok
18:52:25.0406 4640  ================ Scan services =============================
18:52:25.0765 4640  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:52:25.0921 4640  1394ohci - ok
18:52:25.0999 4640  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:52:26.0030 4640  ACPI - ok
18:52:26.0077 4640  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
18:52:26.0326 4640  AcpiPmi - ok
18:52:26.0389 4640  [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC        C:\windows\system32\DRIVERS\AcpiVpc.sys
18:52:26.0420 4640  ACPIVPC - ok
18:52:26.0607 4640  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:52:26.0623 4640  AdobeFlashPlayerUpdateSvc - ok
18:52:26.0779 4640  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
18:52:26.0826 4640  adp94xx - ok
18:52:26.0872 4640  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
18:52:26.0888 4640  adpahci - ok
18:52:26.0919 4640  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
18:52:26.0935 4640  adpu320 - ok
18:52:26.0982 4640  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
18:52:27.0325 4640  AeLookupSvc - ok
18:52:27.0418 4640  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\windows\system32\drivers\afd.sys
18:52:27.0543 4640  AFD - ok
18:52:27.0637 4640  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
18:52:27.0652 4640  agp440 - ok
18:52:27.0715 4640  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\windows\System32\alg.exe
18:52:27.0793 4640  ALG - ok
18:52:27.0918 4640  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
18:52:27.0949 4640  aliide - ok
18:52:28.0011 4640  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
18:52:28.0042 4640  amdide - ok
18:52:28.0120 4640  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
18:52:28.0245 4640  AmdK8 - ok
18:52:28.0292 4640  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
18:52:28.0339 4640  AmdPPM - ok
18:52:28.0417 4640  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\windows\system32\drivers\amdsata.sys
18:52:28.0448 4640  amdsata - ok
18:52:28.0510 4640  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
18:52:28.0542 4640  amdsbs - ok
18:52:28.0573 4640  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\windows\system32\drivers\amdxata.sys
18:52:28.0588 4640  amdxata - ok
18:52:28.0666 4640  [ 7F84DB2D9E20FB72613663A20A9041F6 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
18:52:28.0682 4640  ApfiltrService - ok
18:52:28.0760 4640  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\windows\system32\drivers\appid.sys
18:52:28.0963 4640  AppID - ok
18:52:29.0025 4640  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:52:29.0150 4640  AppIDSvc - ok
18:52:29.0212 4640  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\windows\System32\appinfo.dll
18:52:29.0306 4640  Appinfo - ok
18:52:29.0337 4640  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\windows\system32\DRIVERS\arc.sys
18:52:29.0368 4640  arc - ok
18:52:29.0400 4640  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
18:52:29.0415 4640  arcsas - ok
18:52:29.0446 4640  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:52:29.0556 4640  AsyncMac - ok
18:52:29.0618 4640  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\windows\system32\drivers\atapi.sys
18:52:29.0634 4640  atapi - ok
18:52:29.0712 4640  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\windows\system32\DRIVERS\athrx.sys
18:52:29.0836 4640  athr - ok
18:52:29.0914 4640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:52:30.0024 4640  AudioEndpointBuilder - ok
18:52:30.0024 4640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:52:30.0086 4640  AudioSrv - ok
18:52:30.0492 4640  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:52:30.0726 4640  AVGIDSAgent - ok
18:52:30.0897 4640  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
18:52:30.0928 4640  AVGIDSDriver - ok
18:52:30.0991 4640  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
18:52:31.0006 4640  AVGIDSHA - ok
18:52:31.0100 4640  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
18:52:31.0131 4640  Avgldx64 - ok
18:52:31.0287 4640  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga        C:\windows\system32\DRIVERS\avgloga.sys
18:52:31.0318 4640  Avgloga - ok
18:52:31.0350 4640  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
18:52:31.0350 4640  Avgmfx64 - ok
18:52:31.0381 4640  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
18:52:31.0412 4640  Avgrkx64 - ok
18:52:31.0412 4640  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia        C:\windows\system32\DRIVERS\avgtdia.sys
18:52:31.0428 4640  Avgtdia - ok
18:52:31.0459 4640  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd          C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:52:31.0474 4640  avgwd - ok
18:52:31.0537 4640  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:52:31.0646 4640  AxInstSV - ok
18:52:31.0708 4640  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\windows\system32\DRIVERS\bxvbda.sys
18:52:31.0786 4640  b06bdrv - ok
18:52:31.0849 4640  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:52:31.0911 4640  b57nd60a - ok
18:52:32.0254 4640  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
18:52:32.0286 4640  BBSvc - ok
18:52:32.0364 4640  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
18:52:32.0410 4640  BBUpdate - ok
18:52:32.0426 4640  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
18:52:32.0504 4640  BDESVC - ok
18:52:32.0566 4640  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
18:52:32.0660 4640  Beep - ok
18:52:32.0738 4640  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\windows\System32\bfe.dll
18:52:32.0816 4640  BFE - ok
18:52:32.0894 4640  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
18:52:33.0003 4640  BITS - ok
18:52:33.0034 4640  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:52:33.0066 4640  blbdrive - ok
18:52:33.0128 4640  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:52:33.0206 4640  bowser - ok
18:52:33.0268 4640  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
18:52:34.0080 4640  BrFiltLo - ok
18:52:34.0111 4640  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
18:52:34.0126 4640  BrFiltUp - ok
18:52:34.0189 4640  [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0        C:\windows\system32\drivers\WDBridge.sys
18:52:34.0204 4640  Bridge0 - ok
18:52:34.0267 4640  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\windows\System32\browser.dll
18:52:34.0345 4640  Browser - ok
18:52:34.0376 4640  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\windows\System32\Drivers\Brserid.sys
18:52:34.0454 4640  Brserid - ok
18:52:34.0470 4640  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:52:34.0532 4640  BrSerWdm - ok
18:52:34.0548 4640  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:52:34.0657 4640  BrUsbMdm - ok
18:52:34.0688 4640  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:52:34.0735 4640  BrUsbSer - ok
18:52:34.0766 4640  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
18:52:34.0875 4640  BthEnum - ok
18:52:34.0922 4640  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
18:52:34.0984 4640  BTHMODEM - ok
18:52:35.0031 4640  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:52:35.0062 4640  BthPan - ok
18:52:35.0312 4640  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
18:52:35.0406 4640  BTHPORT - ok
18:52:35.0484 4640  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\windows\system32\bthserv.dll
18:52:35.0593 4640  bthserv - ok
18:52:35.0671 4640  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:52:35.0733 4640  BTHUSB - ok
18:52:35.0811 4640  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
18:52:35.0827 4640  btusbflt - ok
18:52:35.0889 4640  [ A72A9101F9730DB7332714E566614E4D ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
18:52:35.0905 4640  btwaudio - ok
18:52:35.0952 4640  [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt        C:\windows\system32\drivers\btwavdt.sys
18:52:35.0967 4640  btwavdt - ok
18:52:36.0389 4640  [ B1DB1E1A90C940723980B94760487472 ] btwdins        C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:52:36.0467 4640  btwdins - ok
18:52:36.0513 4640  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
18:52:36.0529 4640  btwl2cap - ok
18:52:36.0591 4640  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
18:52:36.0591 4640  btwrchid - ok
18:52:36.0685 4640  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:52:36.0779 4640  cdfs - ok
18:52:36.0935 4640  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\windows\system32\drivers\cdrom.sys
18:52:37.0028 4640  cdrom - ok
18:52:37.0106 4640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\windows\System32\certprop.dll
18:52:37.0231 4640  CertPropSvc - ok
18:52:37.0340 4640  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
18:52:37.0434 4640  circlass - ok
18:52:37.0496 4640  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
18:52:37.0512 4640  CLFS - ok
18:52:37.0590 4640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:37.0605 4640  clr_optimization_v2.0.50727_32 - ok
18:52:37.0683 4640  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:52:37.0715 4640  clr_optimization_v2.0.50727_64 - ok
18:52:37.0824 4640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:37.0839 4640  clr_optimization_v4.0.30319_32 - ok
18:52:37.0902 4640  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:52:37.0933 4640  clr_optimization_v4.0.30319_64 - ok
18:52:37.0964 4640  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:52:38.0011 4640  CmBatt - ok
18:52:38.0027 4640  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:52:38.0042 4640  cmdide - ok
18:52:38.0120 4640  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\windows\system32\Drivers\cng.sys
18:52:38.0151 4640  CNG - ok
18:52:38.0214 4640  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:52:38.0229 4640  Compbatt - ok
18:52:38.0276 4640  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
18:52:38.0323 4640  CompositeBus - ok
18:52:38.0339 4640  COMSysApp - ok
18:52:38.0370 4640  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
18:52:38.0385 4640  crcdisk - ok
18:52:38.0448 4640  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:52:38.0526 4640  CryptSvc - ok
18:52:38.0588 4640  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\windows\system32\DRIVERS\CVirtA64.sys
18:52:38.0604 4640  CVirtA - ok
18:52:38.0729 4640  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND          C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
18:52:38.0807 4640  CVPND - ok
18:52:38.0900 4640  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\windows\system32\Drivers\CVPNDRVA.sys
18:52:38.0931 4640  CVPNDRVA - ok
18:52:39.0009 4640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:52:39.0087 4640  DcomLaunch - ok
18:52:39.0150 4640  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\windows\System32\defragsvc.dll
18:52:39.0243 4640  defragsvc - ok
18:52:39.0290 4640  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:52:39.0384 4640  DfsC - ok
18:52:39.0446 4640  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
18:52:39.0509 4640  Dhcp - ok
18:52:39.0555 4640  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
18:52:39.0665 4640  discache - ok
18:52:39.0727 4640  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
18:52:39.0743 4640  Disk - ok
18:52:39.0805 4640  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE            C:\windows\system32\DRIVERS\dne64x.sys
18:52:39.0836 4640  DNE - ok
18:52:39.0930 4640  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:52:40.0008 4640  Dnscache - ok
18:52:40.0086 4640  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\windows\System32\dot3svc.dll
18:52:40.0179 4640  dot3svc - ok
18:52:40.0226 4640  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\windows\system32\dps.dll
18:52:40.0273 4640  DPS - ok
18:52:40.0335 4640  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
18:52:40.0398 4640  drmkaud - ok
18:52:40.0476 4640  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
18:52:40.0554 4640  DXGKrnl - ok
18:52:40.0616 4640  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\windows\System32\eapsvc.dll
18:52:40.0710 4640  EapHost - ok
18:52:40.0819 4640  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\windows\system32\DRIVERS\evbda.sys
18:52:40.0975 4640  ebdrv - ok
18:52:41.0022 4640  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\windows\System32\lsass.exe
18:52:41.0100 4640  EFS - ok
18:52:41.0162 4640  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
18:52:41.0256 4640  ehRecvr - ok
18:52:41.0287 4640  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\windows\ehome\ehsched.exe
18:52:41.0318 4640  ehSched - ok
18:52:41.0349 4640  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
18:52:41.0381 4640  elxstor - ok
18:52:41.0412 4640  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:52:41.0459 4640  ErrDev - ok
18:52:41.0521 4640  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\windows\system32\es.dll
18:52:41.0583 4640  EventSystem - ok
18:52:41.0646 4640  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\windows\system32\drivers\exfat.sys
18:52:41.0739 4640  exfat - ok
18:52:41.0755 4640  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\windows\system32\drivers\fastfat.sys
18:52:41.0817 4640  fastfat - ok
18:52:41.0895 4640  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\windows\system32\fxssvc.exe
18:52:41.0989 4640  Fax - ok
18:52:42.0051 4640  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\windows\system32\DRIVERS\fdc.sys
18:52:42.0083 4640  fdc - ok
18:52:42.0114 4640  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\windows\system32\fdPHost.dll
18:52:42.0161 4640  fdPHost - ok
18:52:42.0176 4640  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
18:52:42.0239 4640  FDResPub - ok
18:52:42.0301 4640  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:52:42.0301 4640  FileInfo - ok
18:52:42.0332 4640  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
18:52:42.0395 4640  Filetrace - ok
18:52:42.0441 4640  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
18:52:42.0488 4640  flpydisk - ok
18:52:42.0551 4640  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:52:42.0597 4640  FltMgr - ok
18:52:42.0644 4640  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\windows\system32\FntCache.dll
18:52:42.0785 4640  FontCache - ok
18:52:42.0831 4640  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:52:42.0863 4640  FontCache3.0.0.0 - ok
18:52:42.0894 4640  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
18:52:42.0925 4640  FsDepends - ok
18:52:42.0972 4640  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:52:43.0003 4640  Fs_Rec - ok
18:52:43.0128 4640  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:52:43.0159 4640  fvevol - ok
18:52:43.0190 4640  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
18:52:43.0206 4640  gagp30kx - ok
18:52:43.0253 4640  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\windows\System32\gpsvc.dll
18:52:43.0331 4640  gpsvc - ok
18:52:43.0440 4640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:52:43.0455 4640  gupdate - ok
18:52:43.0502 4640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:52:43.0518 4640  gupdatem - ok
18:52:43.0580 4640  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:52:43.0596 4640  hcw85cir - ok
18:52:43.0674 4640  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:52:43.0721 4640  HdAudAddService - ok
18:52:43.0799 4640  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
18:52:43.0861 4640  HDAudBus - ok
18:52:43.0892 4640  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
18:52:43.0939 4640  HidBatt - ok
18:52:43.0970 4640  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
18:52:44.0001 4640  HidBth - ok
18:52:44.0033 4640  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
18:52:44.0095 4640  HidIr - ok
18:52:44.0126 4640  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\windows\system32\hidserv.dll
18:52:44.0189 4640  hidserv - ok
18:52:44.0235 4640  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
18:52:44.0267 4640  HidUsb - ok
18:52:44.0298 4640  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:52:44.0423 4640  hkmsvc - ok
18:52:44.0454 4640  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:52:44.0516 4640  HomeGroupListener - ok
18:52:44.0563 4640  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:52:44.0610 4640  HomeGroupProvider - ok
18:52:44.0641 4640  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:52:44.0657 4640  HpSAMD - ok
18:52:44.0735 4640  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:52:44.0828 4640  HTTP - ok
18:52:44.0891 4640  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:52:44.0906 4640  hwpolicy - ok
18:52:44.0984 4640  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
18:52:45.0015 4640  i8042prt - ok
18:52:45.0078 4640  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
18:52:45.0109 4640  iaStor - ok
18:52:45.0203 4640  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:52:45.0218 4640  IAStorDataMgrSvc - ok
18:52:45.0281 4640  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
18:52:45.0312 4640  iaStorV - ok
18:52:45.0359 4640  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:52:45.0405 4640  idsvc - ok
18:52:45.0686 4640  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
18:52:45.0873 4640  igfx - ok
18:52:45.0951 4640  [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
18:52:45.0967 4640  IGRS - ok
18:52:46.0014 4640  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
18:52:46.0029 4640  iirsp - ok
18:52:46.0076 4640  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
18:52:46.0154 4640  IKEEXT - ok
18:52:46.0217 4640  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\windows\system32\DRIVERS\Impcd.sys
18:52:46.0263 4640  Impcd - ok
18:52:46.0451 4640  [ D6B90D1208CFC57E9F213357BCC41A3C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
18:52:46.0544 4640  IntcAzAudAddService - ok
18:52:46.0653 4640  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
18:52:46.0731 4640  IntcDAud - ok
18:52:46.0794 4640  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
18:52:46.0825 4640  intelide - ok
18:52:46.0903 4640  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
18:52:46.0965 4640  intelppm - ok
18:52:46.0997 4640  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\windows\system32\ipbusenum.dll
18:52:47.0090 4640  IPBusEnum - ok
18:52:47.0121 4640  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:52:47.0231 4640  IpFilterDriver - ok
18:52:47.0309 4640  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:52:47.0402 4640  iphlpsvc - ok
18:52:47.0449 4640  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
18:52:47.0480 4640  IPMIDRV - ok
18:52:47.0543 4640  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\windows\system32\drivers\ipnat.sys
18:52:47.0621 4640  IPNAT - ok
18:52:47.0683 4640  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:52:47.0777 4640  IRENUM - ok
18:52:47.0823 4640  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:52:47.0855 4640  isapnp - ok
18:52:47.0917 4640  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
18:52:47.0948 4640  iScsiPrt - ok
18:52:48.0011 4640  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
18:52:48.0057 4640  k57nd60a - ok
18:52:48.0089 4640  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
18:52:48.0104 4640  kbdclass - ok
18:52:48.0167 4640  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
18:52:48.0229 4640  kbdhid - ok
18:52:48.0245 4640  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
18:52:48.0260 4640  KeyIso - ok
18:52:48.0323 4640  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:52:48.0354 4640  KSecDD - ok
18:52:48.0401 4640  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
18:52:48.0432 4640  KSecPkg - ok
18:52:48.0479 4640  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
18:52:48.0541 4640  ksthunk - ok
18:52:48.0635 4640  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\windows\system32\msdtckrm.dll
18:52:48.0728 4640  KtmRm - ok
18:52:48.0791 4640  [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C            C:\windows\system32\DRIVERS\L1C62x64.sys
18:52:48.0806 4640  L1C - ok
18:52:48.0869 4640  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
18:52:48.0962 4640  LanmanServer - ok
18:52:49.0056 4640  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:52:49.0118 4640  LanmanWorkstation - ok
18:52:49.0212 4640  [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
18:52:49.0243 4640  Lenovo ReadyComm AppSvc - ok
18:52:49.0305 4640  [ 5287074E79E4BA82510886F684DC5F72 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
18:52:49.0337 4640  Lenovo ReadyComm ConnSvc - ok
18:52:49.0368 4640  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
18:52:49.0368 4640  LHDmgr - ok
18:52:49.0415 4640  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:52:49.0524 4640  lltdio - ok
18:52:49.0571 4640  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\windows\System32\lltdsvc.dll
18:52:49.0680 4640  lltdsvc - ok
18:52:49.0711 4640  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\windows\System32\lmhsvc.dll
18:52:49.0758 4640  lmhosts - ok
18:52:49.0820 4640  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
18:52:49.0836 4640  LSI_FC - ok
18:52:49.0898 4640  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
18:52:49.0929 4640  LSI_SAS - ok
18:52:49.0929 4640  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
18:52:49.0945 4640  LSI_SAS2 - ok
18:52:49.0961 4640  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
18:52:49.0976 4640  LSI_SCSI - ok
18:52:49.0992 4640  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\windows\system32\drivers\luafv.sys
18:52:50.0054 4640  luafv - ok
18:52:50.0117 4640  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
18:52:50.0148 4640  Mcx2Svc - ok
18:52:50.0163 4640  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
18:52:50.0179 4640  megasas - ok
18:52:50.0195 4640  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
18:52:50.0226 4640  MegaSR - ok
18:52:50.0273 4640  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\windows\system32\mmcss.dll
18:52:50.0366 4640  MMCSS - ok
18:52:50.0382 4640  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\windows\system32\drivers\modem.sys
18:52:50.0460 4640  Modem - ok
18:52:50.0507 4640  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\windows\system32\DRIVERS\monitor.sys
18:52:50.0553 4640  monitor - ok
18:52:50.0585 4640  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:52:50.0600 4640  mouclass - ok
18:52:50.0663 4640  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:52:50.0709 4640  mouhid - ok
18:52:50.0756 4640  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:52:50.0787 4640  mountmgr - ok
18:52:51.0006 4640  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:52:51.0037 4640  MozillaMaintenance - ok
18:52:51.0053 4640  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
18:52:51.0068 4640  mpio - ok
18:52:51.0099 4640  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:52:51.0162 4640  mpsdrv - ok
18:52:51.0209 4640  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:52:51.0287 4640  MpsSvc - ok
18:52:51.0318 4640  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:52:51.0380 4640  MRxDAV - ok
18:52:51.0411 4640  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:52:51.0489 4640  mrxsmb - ok
18:52:51.0536 4640  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:52:51.0583 4640  mrxsmb10 - ok
18:52:51.0614 4640  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:52:51.0630 4640  mrxsmb20 - ok
18:52:51.0661 4640  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
18:52:51.0661 4640  msahci - ok
18:52:51.0677 4640  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\windows\system32\drivers\msdsm.sys
18:52:51.0692 4640  msdsm - ok
18:52:51.0708 4640  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\windows\System32\msdtc.exe
18:52:51.0755 4640  MSDTC - ok
18:52:51.0786 4640  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:52:51.0833 4640  Msfs - ok
18:52:51.0864 4640  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
18:52:51.0957 4640  mshidkmdf - ok
18:52:51.0989 4640  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:52:52.0004 4640  msisadrv - ok
18:52:52.0051 4640  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
18:52:52.0145 4640  MSiSCSI - ok
18:52:52.0145 4640  msiserver - ok
18:52:52.0176 4640  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
18:52:52.0238 4640  MSKSSRV - ok
18:52:52.0285 4640  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:52:52.0347 4640  MSPCLOCK - ok
18:52:52.0363 4640  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
18:52:52.0425 4640  MSPQM - ok
18:52:52.0457 4640  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
18:52:52.0472 4640  MsRPC - ok
18:52:52.0503 4640  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
18:52:52.0519 4640  mssmbios - ok
18:52:52.0581 4640  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
18:52:52.0675 4640  MSTEE - ok
18:52:52.0706 4640  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
18:52:52.0737 4640  MTConfig - ok
18:52:52.0769 4640  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\windows\system32\Drivers\mup.sys
18:52:52.0784 4640  Mup - ok
18:52:52.0831 4640  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
18:52:52.0909 4640  napagent - ok
18:52:53.0003 4640  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
18:52:53.0065 4640  NativeWifiP - ok
18:52:53.0159 4640  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:52:53.0237 4640  NDIS - ok
18:52:53.0299 4640  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
18:52:53.0377 4640  NdisCap - ok
18:52:53.0408 4640  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:52:53.0455 4640  NdisTapi - ok
18:52:53.0502 4640  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
18:52:53.0564 4640  Ndisuio - ok
18:52:53.0595 4640  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
18:52:53.0673 4640  NdisWan - ok
18:52:53.0705 4640  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
18:52:53.0751 4640  NDProxy - ok
18:52:53.0798 4640  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
18:52:53.0861 4640  NetBIOS - ok
18:52:53.0923 4640  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
18:52:54.0017 4640  NetBT - ok
18:52:54.0048 4640  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
18:52:54.0063 4640  Netlogon - ok
18:52:54.0126 4640  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
18:52:54.0204 4640  Netman - ok
18:52:54.0219 4640  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
18:52:54.0282 4640  netprofm - ok
18:52:54.0313 4640  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:52:54.0329 4640  NetTcpPortSharing - ok
18:52:54.0547 4640  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
18:52:54.0672 4640  netw5v64 - ok
18:52:54.0703 4640  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
18:52:54.0719 4640  nfrd960 - ok
18:52:54.0765 4640  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
18:52:54.0828 4640  NlaSvc - ok
18:52:54.0906 4640  [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64      C:\windows\system32\drivers\ccdcmbox64.sys
18:52:54.0984 4640  nmwcdcx64 - ok
18:52:55.0046 4640  [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64        C:\windows\system32\drivers\ccdcmbx64.sys
18:52:55.0062 4640  nmwcdx64 - ok
18:52:55.0077 4640  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:52:55.0124 4640  Npfs - ok
18:52:55.0140 4640  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\windows\system32\nsisvc.dll
18:52:55.0202 4640  nsi - ok
18:52:55.0233 4640  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:52:55.0296 4640  nsiproxy - ok
18:52:55.0374 4640  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:52:55.0452 4640  Ntfs - ok
18:52:55.0483 4640  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
18:52:55.0545 4640  Null - ok
18:52:57.0776 4640  [ 84C338B8E6C12301AF74F8C9B71968AD ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
18:52:58.0197 4640  nvlddmkm - ok
18:52:58.0260 4640  [ B5BC922AC2CEFD7ED7D6680BF08F4604 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
18:52:58.0275 4640  nvpciflt - ok
18:52:58.0322 4640  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:52:58.0353 4640  nvraid - ok
18:52:58.0431 4640  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:52:58.0463 4640  nvstor - ok
18:52:58.0509 4640  [ 2786B69AE9144C522E2F0AD44B8CE1AD ] nvsvc          C:\windows\system32\nvvsvc.exe
18:52:58.0541 4640  nvsvc - ok
18:52:58.0619 4640  [ BB6A457CB1BB39AE55144C8C49E10ABE ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:52:58.0712 4640  nvUpdatusService - ok
18:52:58.0759 4640  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:52:58.0806 4640  nv_agp - ok
18:52:58.0821 4640  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:52:58.0853 4640  ohci1394 - ok
18:52:58.0915 4640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:52:58.0977 4640  p2pimsvc - ok
18:52:59.0009 4640  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
18:52:59.0024 4640  p2psvc - ok
18:52:59.0055 4640  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\windows\system32\DRIVERS\parport.sys
18:52:59.0071 4640  Parport - ok
18:52:59.0118 4640  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\windows\system32\drivers\partmgr.sys
18:52:59.0149 4640  partmgr - ok
18:52:59.0165 4640  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:52:59.0180 4640  PcaSvc - ok
18:52:59.0211 4640  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\windows\system32\drivers\pci.sys
18:52:59.0227 4640  pci - ok
18:52:59.0274 4640  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
18:52:59.0289 4640  pciide - ok
18:52:59.0367 4640  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
18:52:59.0399 4640  pcmcia - ok
18:52:59.0414 4640  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\windows\system32\drivers\pcw.sys
18:52:59.0430 4640  pcw - ok
18:52:59.0445 4640  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:52:59.0539 4640  PEAUTH - ok
18:52:59.0851 4640  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:52:59.0898 4640  PerfHost - ok
18:52:59.0960 4640  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\windows\system32\pla.dll
18:53:00.0038 4640  pla - ok
18:53:00.0085 4640  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:53:00.0179 4640  PlugPlay - ok
18:53:00.0210 4640  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
18:53:00.0241 4640  PNRPAutoReg - ok
18:53:00.0272 4640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
18:53:00.0303 4640  PNRPsvc - ok
18:53:00.0350 4640  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
18:53:00.0428 4640  PolicyAgent - ok
18:53:00.0459 4640  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\windows\system32\umpo.dll
18:53:00.0537 4640  Power - ok
18:53:00.0584 4640  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:53:00.0631 4640  PptpMiniport - ok
18:53:00.0662 4640  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\windows\system32\DRIVERS\processr.sys
18:53:00.0725 4640  Processor - ok
18:53:00.0771 4640  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\windows\system32\profsvc.dll
18:53:00.0865 4640  ProfSvc - ok
18:53:00.0896 4640  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:53:00.0927 4640  ProtectedStorage - ok
18:53:00.0990 4640  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:53:01.0068 4640  Psched - ok
18:53:01.0068 4640  PS_MDP - ok
18:53:01.0146 4640  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
18:53:01.0239 4640  ql2300 - ok
18:53:01.0271 4640  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
18:53:01.0286 4640  ql40xx - ok
18:53:01.0317 4640  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\windows\system32\qwave.dll
18:53:01.0349 4640  QWAVE - ok
18:53:01.0364 4640  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:53:01.0395 4640  QWAVEdrv - ok
18:53:01.0427 4640  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:53:01.0489 4640  RasAcd - ok
18:53:01.0583 4640  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
18:53:01.0645 4640  RasAgileVpn - ok
18:53:01.0676 4640  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\windows\System32\rasauto.dll
18:53:01.0707 4640  RasAuto - ok
18:53:01.0770 4640  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
18:53:01.0832 4640  Rasl2tp - ok
18:53:01.0895 4640  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
18:53:01.0973 4640  RasMan - ok
18:53:02.0004 4640  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:53:02.0082 4640  RasPppoe - ok
18:53:02.0129 4640  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
18:53:02.0207 4640  RasSstp - ok
18:53:02.0238 4640  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
18:53:02.0347 4640  rdbss - ok
18:53:02.0378 4640  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
18:53:02.0425 4640  rdpbus - ok
18:53:02.0472 4640  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:53:02.0550 4640  RDPCDD - ok
18:53:02.0550 4640  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:53:02.0612 4640  RDPENCDD - ok
18:53:02.0628 4640  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:53:02.0675 4640  RDPREFMP - ok
18:53:02.0721 4640  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
18:53:02.0784 4640  RDPWD - ok
18:53:02.0877 4640  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:53:02.0909 4640  rdyboost - ok
18:53:02.0924 4640  ReadyComm.DirectRouter - ok
18:53:02.0987 4640  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:53:03.0065 4640  RemoteAccess - ok
18:53:03.0096 4640  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:53:03.0158 4640  RemoteRegistry - ok
18:53:03.0205 4640  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
18:53:03.0236 4640  RFCOMM - ok
18:53:03.0330 4640  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:53:03.0392 4640  RpcEptMapper - ok
18:53:03.0439 4640  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
18:53:03.0470 4640  RpcLocator - ok
18:53:03.0517 4640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\windows\system32\rpcss.dll
18:53:03.0579 4640  RpcSs - ok
18:53:03.0626 4640  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:53:03.0704 4640  rspndr - ok
18:53:03.0782 4640  [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR      C:\windows\system32\Drivers\RtsUStor.sys
18:53:03.0813 4640  RSUSBSTOR - ok
18:53:03.0845 4640  RtsUIR - ok
18:53:03.0876 4640  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\windows\system32\lsass.exe
18:53:03.0891 4640  SamSs - ok
18:53:03.0938 4640  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:53:03.0954 4640  sbp2port - ok
18:53:03.0985 4640  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:53:04.0047 4640  SCardSvr - ok
18:53:04.0079 4640  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:53:04.0125 4640  scfilter - ok
18:53:04.0219 4640  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
18:53:04.0297 4640  Schedule - ok
18:53:04.0344 4640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\windows\System32\certprop.dll
18:53:04.0375 4640  SCPolicySvc - ok
18:53:04.0422 4640  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:53:04.0500 4640  SDRSVC - ok
18:53:04.0562 4640  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:53:04.0656 4640  secdrv - ok
18:53:04.0687 4640  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
18:53:04.0781 4640  seclogon - ok
18:53:04.0827 4640  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
18:53:04.0890 4640  SENS - ok
18:53:04.0921 4640  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:53:04.0952 4640  SensrSvc - ok
18:53:05.0015 4640  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
18:53:05.0061 4640  Serenum - ok
18:53:05.0124 4640  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
18:53:05.0171 4640  Serial - ok
18:53:05.0280 4640  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
18:53:05.0342 4640  sermouse - ok
18:53:05.0389 4640  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
18:53:05.0436 4640  SessionEnv - ok
18:53:05.0467 4640  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
18:53:05.0545 4640  sffdisk - ok
18:53:05.0561 4640  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:53:05.0592 4640  sffp_mmc - ok
18:53:05.0623 4640  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
18:53:05.0670 4640  sffp_sd - ok
18:53:05.0732 4640  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
18:53:05.0748 4640  sfloppy - ok
18:53:05.0857 4640  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:53:05.0919 4640  SharedAccess - ok
18:53:05.0966 4640  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:53:06.0013 4640  ShellHWDetection - ok
18:53:06.0029 4640  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
18:53:06.0044 4640  SiSRaid2 - ok
18:53:06.0075 4640  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
18:53:06.0091 4640  SiSRaid4 - ok
18:53:06.0185 4640  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
18:53:06.0216 4640  SkypeUpdate - ok
18:53:06.0263 4640  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\windows\system32\DRIVERS\smb.sys
18:53:06.0341 4640  Smb - ok
18:53:06.0465 4640  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:53:06.0512 4640  SNMPTRAP - ok
18:53:06.0559 4640  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\windows\system32\drivers\spldr.sys
18:53:06.0559 4640  spldr - ok
18:53:06.0621 4640  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\windows\System32\spoolsv.exe
18:53:06.0668 4640  Spooler - ok
18:53:06.0777 4640  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
18:53:07.0043 4640  sppsvc - ok
18:53:07.0074 4640  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\windows\system32\sppuinotify.dll
18:53:07.0152 4640  sppuinotify - ok
18:53:07.0199 4640  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\windows\system32\DRIVERS\srv.sys
18:53:07.0245 4640  srv - ok
18:53:07.0277 4640  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:53:07.0339 4640  srv2 - ok
18:53:07.0355 4640  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:53:07.0401 4640  srvnet - ok
18:53:07.0464 4640  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
18:53:07.0526 4640  SSDPSRV - ok
18:53:07.0557 4640  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\windows\system32\sstpsvc.dll
18:53:07.0620 4640  SstpSvc - ok
18:53:07.0682 4640  [ E24AEE53D394BF512EC34853C62987A9 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:53:07.0713 4640  Stereo Service - ok
18:53:07.0745 4640  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
18:53:07.0760 4640  stexstor - ok
18:53:07.0823 4640  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
18:53:07.0869 4640  stisvc - ok
18:53:07.0901 4640  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
18:53:07.0916 4640  swenum - ok
18:53:07.0979 4640  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\windows\System32\swprv.dll
18:53:08.0057 4640  swprv - ok
18:53:08.0135 4640  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\windows\system32\sysmain.dll
18:53:08.0275 4640  SysMain - ok
18:53:08.0322 4640  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:53:08.0384 4640  TabletInputService - ok
18:53:08.0431 4640  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\windows\System32\tapisrv.dll
18:53:08.0493 4640  TapiSrv - ok
18:53:08.0540 4640  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\windows\System32\tbssvc.dll
18:53:08.0634 4640  TBS - ok
18:53:08.0712 4640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\windows\system32\drivers\tcpip.sys
18:53:08.0774 4640  Tcpip - ok
18:53:08.0852 4640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:53:08.0899 4640  TCPIP6 - ok
18:53:08.0930 4640  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:53:08.0977 4640  tcpipreg - ok
18:53:09.0024 4640  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:53:09.0086 4640  TDPIPE - ok
18:53:09.0102 4640  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
18:53:09.0149 4640  TDTCP - ok
18:53:09.0211 4640  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
18:53:09.0289 4640  tdx - ok
18:53:09.0336 4640  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
18:53:09.0367 4640  TermDD - ok
18:53:09.0414 4640  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\windows\System32\termsrv.dll
18:53:09.0461 4640  TermService - ok
18:53:09.0492 4640  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
18:53:09.0523 4640  Themes - ok
18:53:09.0554 4640  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\windows\system32\mmcss.dll
18:53:09.0601 4640  THREADORDER - ok
18:53:09.0617 4640  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
18:53:09.0679 4640  TrkWks - ok
18:53:09.0741 4640  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:53:09.0819 4640  TrustedInstaller - ok
18:53:09.0851 4640  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:53:09.0913 4640  tssecsrv - ok
18:53:09.0975 4640  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:53:10.0038 4640  TsUsbFlt - ok
18:53:10.0131 4640  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:53:10.0225 4640  tunnel - ok
18:53:10.0241 4640  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
18:53:10.0256 4640  uagp35 - ok
18:53:10.0303 4640  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:53:10.0412 4640  udfs - ok
18:53:10.0443 4640  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\windows\system32\UI0Detect.exe
18:53:10.0475 4640  UI0Detect - ok
18:53:10.0521 4640  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:53:10.0521 4640  uliagpkx - ok
18:53:10.0584 4640  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\windows\system32\drivers\umbus.sys
18:53:10.0646 4640  umbus - ok
18:53:10.0677 4640  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
18:53:10.0709 4640  UmPass - ok
18:53:10.0755 4640  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
18:53:10.0818 4640  upnphost - ok
18:53:10.0865 4640  [ F49988FBF59413B974B1380D6F743EBC ] upperdev        C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:53:10.0927 4640  upperdev - ok
18:53:10.0989 4640  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
18:53:11.0021 4640  usbaudio - ok
18:53:11.0052 4640  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
18:53:11.0114 4640  usbccgp - ok
18:53:11.0114 4640  USBCCID - ok
18:53:11.0161 4640  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:53:11.0208 4640  usbcir - ok
18:53:11.0223 4640  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\windows\system32\drivers\usbehci.sys
18:53:11.0270 4640  usbehci - ok
18:53:11.0317 4640  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:53:11.0364 4640  usbhub - ok
18:53:11.0379 4640  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\windows\system32\drivers\usbohci.sys
18:53:11.0411 4640  usbohci - ok
18:53:11.0442 4640  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
18:53:11.0473 4640  usbprint - ok
18:53:11.0535 4640  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\windows\system32\drivers\usbser.sys
18:53:11.0598 4640  usbser - ok
18:53:11.0629 4640  [ 0FE9E048FC762DCAC087CB9EE1680079 ] UsbserFilt      C:\windows\system32\DRIVERS\usbser_lowerfltx64j.sys
18:53:11.0676 4640  UsbserFilt - ok
18:53:11.0691 4640  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
18:53:11.0754 4640  USBSTOR - ok
18:53:11.0785 4640  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
18:53:11.0816 4640  usbuhci - ok
18:53:11.0847 4640  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
18:53:11.0910 4640  usbvideo - ok
18:53:11.0972 4640  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\windows\System32\uxsms.dll
18:53:12.0035 4640  UxSms - ok
18:53:12.0081 4640  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
18:53:12.0097 4640  VaultSvc - ok
18:53:12.0128 4640  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:53:12.0144 4640  vdrvroot - ok
18:53:12.0222 4640  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\windows\System32\vds.exe
18:53:12.0284 4640  vds - ok
18:53:12.0347 4640  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
18:53:12.0362 4640  vga - ok
18:53:12.0378 4640  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\windows\System32\drivers\vga.sys
18:53:12.0440 4640  VgaSave - ok
18:53:12.0487 4640  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
18:53:12.0518 4640  vhdmp - ok
18:53:12.0565 4640  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
18:53:12.0581 4640  viaide - ok
18:53:12.0659 4640  [ C49FF968CF459DBE57CFADBC36988AAE ] vm331avs        C:\windows\system32\Drivers\vm331avs.sys
18:53:12.0721 4640  vm331avs - ok
18:53:12.0768 4640  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:53:12.0799 4640  volmgr - ok
18:53:12.0830 4640  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
18:53:12.0846 4640  volmgrx - ok
18:53:12.0877 4640  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\windows\system32\drivers\volsnap.sys
18:53:12.0893 4640  volsnap - ok
18:53:12.0924 4640  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
18:53:12.0955 4640  vsmraid - ok
18:53:13.0095 4640  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\windows\system32\vssvc.exe
18:53:13.0205 4640  VSS - ok
18:53:13.0251 4640  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:53:13.0283 4640  vwifibus - ok
18:53:13.0329 4640  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:53:13.0392 4640  vwififlt - ok
18:53:13.0470 4640  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\windows\system32\w32time.dll
18:53:13.0548 4640  W32Time - ok
18:53:13.0563 4640  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
18:53:13.0595 4640  WacomPen - ok
18:53:13.0657 4640  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:53:13.0735 4640  WANARP - ok
18:53:13.0766 4640  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:53:13.0797 4640  Wanarpv6 - ok
18:53:13.0907 4640  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\windows\system32\Wat\WatAdminSvc.exe
18:53:13.0969 4640  WatAdminSvc - ok
18:53:14.0047 4640  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
18:53:14.0156 4640  wbengine - ok
18:53:14.0187 4640  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:53:14.0219 4640  WbioSrvc - ok
18:53:14.0265 4640  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\windows\System32\wcncsvc.dll
18:53:14.0312 4640  wcncsvc - ok
18:53:14.0328 4640  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:53:14.0359 4640  WcsPlugInService - ok
18:53:14.0390 4640  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
18:53:14.0421 4640  Wd - ok
18:53:14.0484 4640  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:53:14.0531 4640  Wdf01000 - ok
18:53:14.0562 4640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:53:14.0702 4640  WdiServiceHost - ok
18:53:14.0702 4640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\windows\system32\wdi.dll
18:53:14.0718 4640  WdiSystemHost - ok
18:53:14.0765 4640  [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror        C:\windows\system32\DRIVERS\WDMirror.sys
18:53:14.0796 4640  wdmirror - ok
18:53:14.0843 4640  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\windows\System32\webclnt.dll
18:53:14.0889 4640  WebClient - ok
18:53:14.0999 4640  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:53:15.0092 4640  Wecsvc - ok
18:53:15.0139 4640  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\windows\System32\wercplsupport.dll
18:53:15.0217 4640  wercplsupport - ok
18:53:15.0295 4640  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
18:53:15.0373 4640  WerSvc - ok
18:53:15.0482 4640  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:53:15.0529 4640  WfpLwf - ok
18:53:15.0560 4640  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr        C:\windows\system32\DRIVERS\wimfltr.sys
18:53:15.0591 4640  WimFltr - ok
18:53:15.0623 4640  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:53:15.0638 4640  WIMMount - ok
18:53:15.0654 4640  WinDefend - ok
18:53:15.0654 4640  WinHttpAutoProxySvc - ok
18:53:15.0716 4640  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
18:53:15.0825 4640  Winmgmt - ok
18:53:15.0903 4640  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\windows\system32\WsmSvc.dll
18:53:16.0044 4640  WinRM - ok
18:53:16.0122 4640  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\windows\System32\wlansvc.dll
18:53:16.0200 4640  Wlansvc - ok
18:53:16.0309 4640  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:53:16.0325 4640  wlcrasvc - ok
18:53:16.0449 4640  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:53:16.0559 4640  wlidsvc - ok
18:53:16.0621 4640  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
18:53:16.0652 4640  WmiAcpi - ok
18:53:16.0699 4640  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:53:16.0730 4640  wmiApSrv - ok
18:53:16.0793 4640  WMPNetworkSvc - ok
18:53:16.0886 4640  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:53:16.0933 4640  WPCSvc - ok
18:53:16.0964 4640  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:53:16.0995 4640  WPDBusEnum - ok
18:53:17.0042 4640  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
18:53:17.0120 4640  ws2ifsl - ok
18:53:17.0183 4640  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
18:53:17.0229 4640  wscsvc - ok
18:53:17.0245 4640  WSearch - ok
18:53:17.0292 4640  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
18:53:17.0307 4640  wsvd - ok
18:53:17.0432 4640  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
18:53:17.0510 4640  wuauserv - ok
18:53:17.0557 4640  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:53:17.0651 4640  WudfPf - ok
18:53:17.0713 4640  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:53:17.0744 4640  WUDFRd - ok
18:53:17.0775 4640  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
18:53:17.0791 4640  wudfsvc - ok
18:53:17.0822 4640  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\windows\System32\wwansvc.dll
18:53:17.0869 4640  WwanSvc - ok
18:53:17.0900 4640  ================ Scan global ===============================
18:53:17.0963 4640  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:53:18.0009 4640  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
18:53:18.0041 4640  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
18:53:18.0072 4640  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:53:18.0103 4640  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:53:18.0103 4640  [Global] - ok
18:53:18.0103 4640  ================ Scan MBR ==================================
18:53:18.0119 4640  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:53:19.0803 4640  \Device\Harddisk0\DR0 - ok
18:53:19.0819 4640  ================ Scan VBR ==================================
18:53:19.0850 4640  [ D26090C4C6D6CDD28A9EDA6CDF6DC79A ] \Device\Harddisk0\DR0\Partition1
18:53:19.0850 4640  \Device\Harddisk0\DR0\Partition1 - ok
18:53:19.0866 4640  [ 46B1AFB48EDF39D517571E21320C5C34 ] \Device\Harddisk0\DR0\Partition2
18:53:19.0881 4640  \Device\Harddisk0\DR0\Partition2 - ok
18:53:19.0913 4640  [ F4D998C6F4739BBD1002DE4CA51A3D14 ] \Device\Harddisk0\DR0\Partition3
18:53:19.0913 4640  \Device\Harddisk0\DR0\Partition3 - ok
18:53:19.0913 4640  ============================================================
18:53:19.0913 4640  Scan finished
18:53:19.0913 4640  ============================================================
18:53:19.0928 2632  Detected object count: 0
18:53:19.0928 2632  Actual detected object count: 0
Es gab keine Meldungen.
Claudia

markusg 27.12.2012 19:38
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Grashälmchen 27.12.2012 23:09
Danke und entschuldige die verzögerte Antwort. Hier der Log von Combo Fix:


Combofix Logfile:
Code:
ComboFix 12-12-27.03 - Claudia 27.12.2012  22:56:58.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3892.1459 [GMT 1:00]
ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Claudia\AppData\Local\assembly\tmp
c:\users\Claudia\AppData\Roaming\Vyfoqe
c:\users\Claudia\AppData\Roaming\Vyfoqe\wulo.tmp
c:\users\Claudia\AppData\Roaming\Wigog
c:\users\Claudia\AppData\Roaming\Wigog\quri.doy
c:\windows\s.bat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 22:02 . 2012-12-27 22:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-12-27 22:02 . 2012-12-27 22:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 15:46 . 2012-12-27 15:46        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Malwarebytes
2012-12-27 15:46 . 2012-12-27 15:46        --------        d-----w-        c:\programdata\Malwarebytes
2012-12-27 15:46 . 2012-12-27 15:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-27 15:46 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-20 18:41 . 2012-12-20 18:41        --------        d-----w-        C:\found.000
2012-12-16 11:33 . 2012-12-16 11:32        289768        ----a-w-        c:\windows\system32\javaws.exe
2012-12-16 11:33 . 2012-12-16 11:32        916456        ----a-w-        c:\windows\system32\deployJava1.dll
2012-12-16 11:33 . 2012-12-16 11:32        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-12-16 11:32 . 2012-12-16 11:32        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-16 11:32 . 2012-12-16 11:32        189416        ----a-w-        c:\windows\system32\javaw.exe
2012-12-16 11:32 . 2012-12-16 11:32        188904        ----a-w-        c:\windows\system32\java.exe
2012-12-16 11:32 . 2012-12-16 11:32        --------        d-----w-        c:\program files\Java
2012-12-13 17:20 . 2012-12-13 17:20        --------        d-----w-        c:\users\Claudia\AppData\Roaming\AVG2013
2012-12-13 17:16 . 2012-12-13 17:16        --------        d-----w-        c:\users\Claudia\AppData\Roaming\TuneUp Software
2012-12-13 17:13 . 2012-12-13 17:16        --------        d-----w-        c:\programdata\AVG2013
2012-12-13 17:10 . 2012-12-27 07:02        --------        d-----w-        c:\users\Claudia\AppData\Local\Avg2013
2012-12-13 17:10 . 2012-12-13 17:10        --------        d-----w-        c:\users\Claudia\AppData\Local\MFAData
2012-12-13 10:50 . 2012-10-04 17:38        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 17:55 . 2011-03-03 19:46        67413224        ----a-w-        c:\windows\system32\MRT.exe
2012-12-13 12:26 . 2012-04-13 17:03        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 12:26 . 2011-06-11 07:41        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-22 12:02 . 2012-10-22 12:02        154464        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-27 18:30        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:30        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:30        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48        63328        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 19:37        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 19:37        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 19:37        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 19:37        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32 . 2012-10-05 02:32        111456        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-13 10:51        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 19:35        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 19:35        70656        ----a-w-        c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 19:35        303104        ----a-w-        c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 19:35        246272        ----a-w-        c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 19:35        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 19:35        216576        ----a-w-        c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 19:35        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 19:35        18944        ----a-w-        c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 19:35        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 19:35        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 19:35        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 02:30 . 2012-10-02 02:30        185696        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28        1307928        ----a-w-        c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-16 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-5-10 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-16 220672]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-11 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-09-14 24680]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-14 235624]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-02-24 215040]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16638052
*Deregistered* - 16638052
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs        REG_MULTI_SZ          ReadyComm.DirectRouter PS_MDP
<NO NAME>        REG_SZ               
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:26]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 21:27]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 21:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-20 10151968]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-20 908320]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-05 345896]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-21 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-04-21 7069088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\g9xypjhb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-27  23:05:00
ComboFix-quarantined-files.txt  2012-12-27 22:05
.
Vor Suchlauf: 7 Verzeichnis(se), 334.061.076.480 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 334.779.985.920 Bytes frei
.
- - End Of File - - 98C8E152823A91C3BC03D88994854371
--- --- ---


Danke für deine Hilfe!

markusg 28.12.2012 15:07
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Grashälmchen 29.12.2012 11:00
Hallo Markus, ja, mache ich sobald es geht - ich bin gerade unterwegs und habe nur sporadisch Zugang zum Netz. Es kann also etwas dauern :-(. Danke für deine Geduld! Claudia

markusg 02.01.2013 21:15
hi
einfach melden wenn du Zeit hast.

Grashälmchen 04.01.2013 22:21
Hallo Markus - danke für deine Geduld und ein gesundes neues Jahr!

Hier der Logfile von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Claudia :: CLAUDIA-LAPTOP [Administrator]

04.01.2013 19:39:44
mbam-log-2013-01-04 (19-39-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 493993
Laufzeit: 1 Stunde(n), 33 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich muss allerdings dazu sagen, dass AVG im Hintergrund ebenfalls einen Scan gestartet hatte, ich das aber erst spät bemerkt habe. Da wurden 3 Bedrohungen gefunden, die Kurzübersicht sieht so aus:
Code:
Geplanter Scan                       
Hohe Priorität        3        3        0
Ausgewählte Ordner:        Gesamten Computer scannen               
Gestartet/beendet:        03.01.2013, 21:08:29 / 03.01.2013, 22:44:27               
Gescannter Objekte:        1843091               
Benutzer:        SYSTEM               
                       
Status        Priorität        Name        Beschreibung
Geheilt        Hoch        Virus gefunden: JS/Redir        C:\Users\Claudia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPFZYGX2\giga-slot_biz[1].htm
Geheilt        Hoch        Trojaner: Dropper.Generic7.AEYP        C:\Users\Claudia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-2ffb88d9
Geheilt        Hoch        Trojaner: Exploit_c.WMC        C:\Users\Claudia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPFZYGX2\Port_Anyway[1].htm
Danke und viele Grüße,
Claudia

markusg 05.01.2013 15:54
Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Grashälmchen 05.01.2013 16:36
Hallo Markus, hier die Liste. Ich war mir bei manchen Sachen nicht ganz sicher (die Treiber und die Dinge die von Haus aus von Lenovo hier installiert waren, habe ich nie deinstalliert, so dass ich bei manchen DIngen nicht sicher entscheiden konnte. Gleiches gilt für die Microsoft Programme, ich habe die erst mal mit "notwendig" gekennzeichnet.

Danke!

Code:
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        13.12.2012        6,00MB        11.5.502.135        notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        13.12.2012        6,00MB        11.5.502.135        notwendig
Adobe Reader 9.5.2 - Deutsch        Adobe Systems Incorporated        05.10.2012        118MB        9.5.2                notwendig
ALPS Touch Pad Driver        Alps Electric        28.11.2010                Version 7.107.1611.204                        notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver        Atheros Communications Inc.        28.11.2010        1.0.0.26        notwendig
AVG 2013        AVG Technologies        13.12.2012                2013.0.2805        notwendig
Bing Bar        Microsoft Corporation        22.04.2012        464KB        7.1.361.0        unnötig
CCleaner        Piriform        19.12.2012                3.26                        notwendig
Cisco Systems VPN Client 5.0.07.0290                18.05.2012        10,6MB                notwendig
Citavi        Swiss Academic Software        08.01.2012        62,8MB        3.1.15.0                notwendig
Compatibility Pack für 2007 Office System        Microsoft Corporation        13.12.2012        116MB        12.0.6612.1000        notwendig
ConvertHelper 2.2        DownloadHelper        02.09.2011                                                                notwendig
CyberLink YouCam        CyberLink Corp.        28.11.2010        134MB        3.0.2626                                        unnötig
DivX-Setup        DivX, LLC        20.11.2011                2.6.0.34                                                notwendig
ElsterFormular-Update        Landesfinanzdirektion Thüringen        15.04.2012                1.0                                notwendig
Energy Management        Lenovo        28.11.2010                5.4.2.0                                                        notwendig
Google Chrome        Google Inc.        03.08.2012                23.0.1271.97                                                unnötig
Intel(R) Control Center        Intel Corporation        28.11.2010                1.2.1.1007                                notwendig
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        23.02.2011                8.15.10.2119        notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        28.11.2010                9.6.0.1014                notwendig
IZArc 4.1.6        Ivan Zahariev        08.05.2011        13,3MB        4.1.6                                                        unbekannt
Java 7 Update 9 (64-bit)        Oracle        16.12.2012        127MB        7.0.90                                                notwendig
Java(TM) 6 Update 29        Oracle        25.02.2011        97,0MB        6.0.290                                                        notwendig
Lenovo Bluetooth with Enhanced Data Rate Software        Broadcom Corporation        28.11.2010        144MB        6.2.1.2100        notwendig
Lenovo DirectShare        ArcSoft        28.11.2010        37,8MB        1.0.1.38                                                unnötig
Lenovo EasyCamera        Vimicro        28.11.2010                2.10.0223.1                                                notwendig
Lenovo Games Console        Oberon Media Inc.        28.11.2010                0.38.389.2                                unnötig
Lenovo MuteSync        Lenovo        28.11.2010        393KB        1.0.0.3                                                                notwendig
Lenovo OneKey Recovery        CyberLink Corp.        28.11.2010                7.0.1230                                        notwendig
Lenovo ReadyComm 5        Lenovo        28.11.2010                5.1.1.20                                                notwendig
Lenovo_Wireless_Driver        Lenovo        28.11.2010                1.02.01                                                        notwendig
LyX 2.0.2-1        LyX Team        30.12.2011                2.0.2-1                                                        notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        03.01.2013        18,4MB        1.70.0.1100        notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        26.02.2011        38,8MB        4.0.30319                notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        26.02.2011        2,93MB        4.0.30319        notwendig
Microsoft Office 2010        Microsoft Corporation        28.11.2010        6,31MB        14.0.4763.1000                                notwendig
Microsoft Office Live Add-in 1.5        Microsoft Corporation        14.09.2012        508KB        2.0.4024.1                notwendig
Microsoft Office XP Professional mit FrontPage        Microsoft Corporation        04.09.2011        416MB        10.0.6626.0        notwendig
Microsoft Silverlight        Microsoft Corporation        13.05.2012        50,6MB        5.1.10411.0                                notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        28.11.2010        1,69MB        3.1.0000        notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        27.08.2011        300KB        8.0.56336        notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        28.11.2010        708KB        8.0.61000        notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        25.02.2011        784KB        9.0.30729.4148        notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        27.08.2011        788KB        9.0.30729.6161        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        25.02.2011        592KB        9.0.30729.4148        notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        06.08.2011        600KB        9.0.30729.6161        notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.12.2012        16,5MB        10.0.40219        notwendig
MiKTeX 2.9        MiKTeX.org        30.12.2011                2.9                notwendig
Mozilla Firefox 17.0.1 (x86 de)        Mozilla        13.12.2012        46,3MB        17.0.1        notwendig
Mozilla Maintenance Service        Mozilla        13.12.2012        329KB        17.0.1        notwendig
Nokia Connectivity Cable Driver                04.03.2011                6.80.5.1        unnötig
NVIDIA Display Control Panel        NVIDIA Corporation        28.11.2010        135MB        6.14.12.5970        notwendig
NVIDIA Drivers        NVIDIA Corporation        28.11.2010        63,0MB        1.10.62.40        notwendig
NVIDIA Stereoscopic 3D Driver        NVIDIA Corporation        28.11.2010                7.17.12.5970        notwendig
OneKey Recovery        CyberLink Corp.        28.11.2010                7.0.1230        notwendig
Onekey Theater        Lenovo        28.11.2010                2.0.1.7                        unbekannt
OpenOffice.org 3.3        OpenOffice.org        25.02.2011        414MB        3.3.9567        notwendig
Power2Go        CyberLink Corp.        28.11.2010                5.6.0.4809d4                notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        28.11.2010                6.0.1.6093        notwendig
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        28.11.2010                6.1.7100.30098                notwendig
Skype Click to Call        Skype Technologies S.A.        19.02.2012        17,7MB        5.6.8442                                notwendig
Skype™ 5.10        Skype Technologies S.A.        09.08.2012        19,4MB        5.10.116                                        notwendig
Smart PDF Converter 6.3.0.467        Smart Soft        09.01.2012        53,3MB        6.3.0.467                                notwendig
Spotify        Spotify AB        16.12.2012                0.8.5.1333.g822e0de8                                                notwendig
SPSS Statistics 17.0        SPSS Inc.        24.09.2011        691MB        17.0.1                                                notwendig
Stata11        StataCorp LP        10.05.2011        214MB        11.0                                                                notwendig
Visual Studio 2008 x64 Redistributables        AVG Technologies        26.04.2011        8,14MB        10.0.0.2                notwendig
Visual Studio 2010 x64 Redistributables        AVG Technologies        13.12.2012        12,4MB        13.0.0.1                notwendig
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)        Broadcom        28.11.2010                04/08/2010 6.3.5.430        notwendig
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)        Broadcom        28.11.2010                07/28/2009 6.2.0.9800                notwendig
Windows Live Essentials        Microsoft Corporation        28.11.2010                15.4.3502.0922                                                                notwendig
Windows Live Mesh ActiveX Control for Remote Connections        Microsoft Corporation        28.11.2010        5,57MB        15.4.5722.2        notwendig
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        28.11.2010        5,57MB        15.4.5722.2        notwendig
Windows Media Player Firefox Plugin        Microsoft Corp        18.11.2012        296KB        1.0.0.8                                                notwendig
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)        Lenovo        28.11.2010                10/19/2009 5.4.0.1        notwendig
Zattoo4 4.0.5        Zattoo Inc.        03.08.2012                4.0.5                                                                        notwendig

markusg 05.01.2013 19:31
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
CyberLink
Google
IZArc
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Nokia

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Grashälmchen 06.01.2013 14:00
Hallo Markus,

ich habe alle Programme deinstalliert bzw. neuinstalliert und auch den CC CLeaner schon laufen lassen. ADW CLeaner wird von meinem AVG als Trojerner erkannt und gibt mir die Option das entweder zu ignorieren oder auszuführen. Daher nur die kurze RÜckfrage - ist das "normal" und kann ich das unbesrogt ausführen? Der Trojaner wird unter folgendem Namen angezeigt: IDP.Trojan.97AC54E5

Außerdem habe ich festgestellt, dass manche Dateiordner jetzt schreibgeschützt auftauchen und dieser Schreibschutz sich auch nicht entfernen lässt. Ich weiß nicht, ob das eine Rolle spielt.

Danke und viele Grüße,
Claudia

markusg 06.01.2013 17:22
Hi
die Ordner waren schon immer da, nur versteckt, der Schreibschutz ist ok.
Deaktiviere mal AVG während ADWCleaner, dann gehts.

Grashälmchen 06.01.2013 17:35
Gut, wollte nur sicher gehen. Hier der Log:

Code:
# AdwCleaner v2.104 - Datei am 06/01/2013 um 17:33:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Claudia - CLAUDIA-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Users\Claudia\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKU\S-1-5-21-2987378647-4131978001-2987175761-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\g9xypjhb.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1517 octets] - [06/01/2013 17:33:32]

########## EOF - C:\AdwCleaner[R1].txt - [1577 octets] ##########


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:03 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28