| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2012, 12:31
| #16 |
 |  "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Nein, das ist mein privater Laptop. |
|
08.10.2012, 13:20
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Und warum dann eine Professional Edition sowie zwei Netzwerksegmente => 192.168.100.0 und 192.168.2.0 ?
__________________
__________________ |
|
08.10.2012, 13:33
| #18 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Ich habe meinen Laptop ohne Betriebssystem und die Professional Edition - auf anraten der Familie - separat gekauft.
__________________Was zwei Netwerksysteme bedeuten weiß ich nicht. |
|
08.10.2012, 15:43
| #19 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Zitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.10.2012, 17:27
| #20 | |||
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Zitat:
Zitat:
Zitat:
Mein W-Lan hat mich mal immer wieder rausgeworfen und dann konnte ich irgendwann mal keine Verbindung mehr herstellen. Dann habe ich probiert eine zweite aufzubauen, weil ich die alte nicht mehr auswählen konnte. Kann das daran liegen? Oder wenn ich bei Familienmitgliedern im W-Lan drin war? |
|
08.10.2012, 18:45
| #21 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Zitat:
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ --> "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" |
|
08.10.2012, 18:50
| #22 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Klar, verstehe. Das ist mein privater Laptop, die Pro Edition habe ich wie gesagt auf Anraten der Familie gekauft. |
|
09.10.2012, 10:17
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Und genau das Geld hättest du dir sparen können - die Pro-Variante wird zu Huse nicht benötigt, oder braucht man das Feature einer Windows-Domäne beizutreten, wohl kaum oder?  Wie sieht es aus mit Remotedesktop und Windows-XP-Modus, ist alles nur nice2have aber nicht unbedingt ein Muss, vilees lässt sich mit freien Tools nachrüsten wenn man es denn unbedingt braucht! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
FF - user.js - File not found
:Files
C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js
C:\Users\Nadja\Desktop\NADJA_NEU\Dokumente und Einstellungen\Nadja\Desktop\Setup-MsgPlus-500.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (09.10.2012 um 10:25 Uhr) |
|
11.10.2012, 20:04
| #24 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Code:
ATTFilter All processes killed
========== OTL ==========
Folder C:\Users\***\AppData\Roaming\Uraq\ not found.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js not found.
File\Folder C:\Users\***\Desktop\***_NEU\Dokumente und Einstellungen\***\Desktop\Setup-MsgPlus-500.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 573440 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 579925156 bytes
->Opera cache emptied: 9021994 bytes
->Flash cache emptied: 14392 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11890184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1009581188 bytes
Total Files Cleaned = 1.536,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.70.1 log created on 10112012_205506
Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.10.2012, 10:30
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 12:22
| #26 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"Code:
ATTFilter 13:17:24.0371 4760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:17:26.0131 4760 ============================================================
13:17:26.0131 4760 Current date / time: 2012/10/12 13:17:26.0131
13:17:26.0131 4760 SystemInfo:
13:17:26.0131 4760
13:17:26.0131 4760 OS Version: 6.1.7601 ServicePack: 1.0
13:17:26.0131 4760 Product type: Workstation
13:17:26.0131 4760 ComputerName: NADJALAPTOP
13:17:26.0131 4760 UserName: Nadja
13:17:26.0131 4760 Windows directory: C:\Windows
13:17:26.0131 4760 System windows directory: C:\Windows
13:17:26.0131 4760 Running under WOW64
13:17:26.0131 4760 Processor architecture: Intel x64
13:17:26.0131 4760 Number of processors: 2
13:17:26.0131 4760 Page size: 0x1000
13:17:26.0131 4760 Boot type: Normal boot
13:17:26.0131 4760 ============================================================
13:17:51.0734 4760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:51.0754 4760 ============================================================
13:17:51.0754 4760 \Device\Harddisk0\DR0:
13:17:51.0754 4760 MBR partitions:
13:17:51.0754 4760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:17:51.0754 4760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:17:51.0754 4760 ============================================================
13:17:51.0764 4760 C: <-> \Device\Harddisk0\DR0\Partition2
13:17:51.0764 4760 ============================================================
13:17:51.0764 4760 Initialize success
13:17:51.0764 4760 ============================================================
13:19:41.0788 4352 ============================================================
13:19:41.0788 4352 Scan started
13:19:41.0788 4352 Mode: Manual; SigCheck; TDLFS;
13:19:41.0788 4352 ============================================================
13:19:42.0459 4352 ================ Scan system memory ========================
13:19:42.0459 4352 System memory - ok
13:19:42.0459 4352 ================ Scan services =============================
13:19:42.0600 4352 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:19:42.0834 4352 1394ohci - ok
13:19:42.0865 4352 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:19:42.0912 4352 ACPI - ok
13:19:42.0943 4352 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:19:43.0005 4352 AcpiPmi - ok
13:19:43.0083 4352 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:43.0099 4352 AdobeARMservice - ok
13:19:43.0224 4352 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:43.0270 4352 AdobeFlashPlayerUpdateSvc - ok
13:19:43.0317 4352 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:19:43.0380 4352 adp94xx - ok
13:19:43.0442 4352 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:19:43.0520 4352 adpahci - ok
13:19:43.0536 4352 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:19:43.0567 4352 adpu320 - ok
13:19:43.0598 4352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:19:43.0770 4352 AeLookupSvc - ok
13:19:43.0832 4352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:19:43.0894 4352 AFD - ok
13:19:43.0926 4352 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:19:43.0957 4352 agp440 - ok
13:19:44.0004 4352 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:19:44.0035 4352 ALG - ok
13:19:44.0050 4352 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:19:44.0082 4352 aliide - ok
13:19:44.0082 4352 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:19:44.0113 4352 amdide - ok
13:19:44.0160 4352 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:19:44.0206 4352 AmdK8 - ok
13:19:44.0222 4352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:19:44.0269 4352 AmdPPM - ok
13:19:44.0284 4352 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:19:44.0331 4352 amdsata - ok
13:19:44.0362 4352 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:19:44.0394 4352 amdsbs - ok
13:19:44.0409 4352 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:19:44.0425 4352 amdxata - ok
13:19:44.0472 4352 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:19:44.0565 4352 AppID - ok
13:19:44.0581 4352 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:19:44.0674 4352 AppIDSvc - ok
13:19:44.0690 4352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:19:44.0752 4352 Appinfo - ok
13:19:44.0815 4352 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:44.0846 4352 Apple Mobile Device - ok
13:19:44.0862 4352 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:19:44.0924 4352 AppMgmt - ok
13:19:44.0955 4352 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:19:44.0986 4352 arc - ok
13:19:45.0002 4352 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:19:45.0018 4352 arcsas - ok
13:19:45.0049 4352 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:45.0142 4352 AsyncMac - ok
13:19:45.0158 4352 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:19:45.0174 4352 atapi - ok
13:19:45.0205 4352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:45.0283 4352 AudioEndpointBuilder - ok
13:19:45.0283 4352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:19:45.0345 4352 AudioSrv - ok
13:19:45.0470 4352 [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
13:19:45.0548 4352 AVKProxy - ok
13:19:45.0610 4352 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
13:19:45.0642 4352 AVKService - ok
13:19:45.0720 4352 [ 22F1444896844B0462359825EF628507 ] AVKWCtl C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
13:19:45.0829 4352 AVKWCtl - ok
13:19:45.0844 4352 avqferzi - ok
13:19:45.0891 4352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:19:45.0985 4352 AxInstSV - ok
13:19:46.0016 4352 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:19:46.0078 4352 b06bdrv - ok
13:19:46.0110 4352 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:46.0156 4352 b57nd60a - ok
13:19:46.0203 4352 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:19:46.0266 4352 BDESVC - ok
13:19:46.0266 4352 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:19:46.0359 4352 Beep - ok
13:19:46.0406 4352 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:19:46.0500 4352 BFE - ok
13:19:46.0515 4352 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:19:46.0593 4352 BITS - ok
13:19:46.0593 4352 bknyckwb - ok
13:19:46.0640 4352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:46.0671 4352 blbdrive - ok
13:19:46.0718 4352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:19:46.0749 4352 bowser - ok
13:19:46.0780 4352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:19:46.0874 4352 BrFiltLo - ok
13:19:46.0874 4352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:19:46.0905 4352 BrFiltUp - ok
13:19:46.0952 4352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:19:46.0999 4352 Browser - ok
13:19:47.0030 4352 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:19:47.0108 4352 Brserid - ok
13:19:47.0124 4352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:47.0186 4352 BrSerWdm - ok
13:19:47.0202 4352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:47.0248 4352 BrUsbMdm - ok
13:19:47.0264 4352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:47.0311 4352 BrUsbSer - ok
13:19:47.0342 4352 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:19:47.0389 4352 BthEnum - ok
13:19:47.0420 4352 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:47.0467 4352 BTHMODEM - ok
13:19:47.0498 4352 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:19:47.0545 4352 BthPan - ok
13:19:47.0576 4352 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:19:47.0654 4352 BTHPORT - ok
13:19:47.0685 4352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:19:47.0794 4352 bthserv - ok
13:19:47.0810 4352 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:19:47.0841 4352 BTHUSB - ok
13:19:47.0872 4352 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
13:19:47.0888 4352 btusbflt - ok
13:19:47.0904 4352 btwaudio - ok
13:19:47.0904 4352 btwavdt - ok
13:19:47.0919 4352 btwl2cap - ok
13:19:47.0919 4352 btwrchid - ok
13:19:47.0950 4352 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:19:48.0013 4352 cdfs - ok
13:19:48.0060 4352 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:19:48.0106 4352 cdrom - ok
13:19:48.0138 4352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:19:48.0247 4352 CertPropSvc - ok
13:19:48.0278 4352 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:19:48.0294 4352 circlass - ok
13:19:48.0325 4352 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:19:48.0356 4352 CLFS - ok
13:19:48.0403 4352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:48.0434 4352 clr_optimization_v2.0.50727_32 - ok
13:19:48.0465 4352 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:19:48.0496 4352 clr_optimization_v2.0.50727_64 - ok
13:19:48.0543 4352 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:48.0574 4352 CmBatt - ok
13:19:48.0621 4352 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:19:48.0637 4352 cmdide - ok
13:19:48.0684 4352 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:19:48.0746 4352 CNG - ok
13:19:48.0777 4352 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:19:48.0808 4352 Compbatt - ok
13:19:48.0840 4352 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:19:48.0871 4352 CompositeBus - ok
13:19:48.0886 4352 COMSysApp - ok
13:19:48.0902 4352 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:19:48.0918 4352 crcdisk - ok
13:19:48.0964 4352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:19:48.0980 4352 CryptSvc - ok
13:19:49.0027 4352 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:19:49.0089 4352 CSC - ok
13:19:49.0120 4352 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:19:49.0167 4352 CscService - ok
13:19:49.0183 4352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:19:49.0261 4352 DcomLaunch - ok
13:19:49.0261 4352 ddrbijkc - ok
13:19:49.0292 4352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:19:49.0370 4352 defragsvc - ok
13:19:49.0386 4352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:19:49.0448 4352 DfsC - ok
13:19:49.0479 4352 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:19:49.0510 4352 dg_ssudbus - ok
13:19:49.0557 4352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:19:49.0666 4352 Dhcp - ok
13:19:49.0698 4352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:19:49.0776 4352 discache - ok
13:19:49.0807 4352 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:19:49.0838 4352 Disk - ok
13:19:49.0869 4352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:19:49.0916 4352 Dnscache - ok
13:19:49.0932 4352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:19:50.0011 4352 dot3svc - ok
13:19:50.0042 4352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:19:50.0089 4352 DPS - ok
13:19:50.0120 4352 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:19:50.0182 4352 drmkaud - ok
13:19:50.0213 4352 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:19:50.0307 4352 DXGKrnl - ok
13:19:50.0323 4352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:19:50.0401 4352 EapHost - ok
13:19:50.0494 4352 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:19:50.0635 4352 ebdrv - ok
13:19:50.0666 4352 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:19:50.0697 4352 EFS - ok
13:19:50.0744 4352 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:19:50.0837 4352 ehRecvr - ok
13:19:50.0853 4352 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:19:50.0884 4352 ehSched - ok
13:19:50.0947 4352 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:19:50.0993 4352 elxstor - ok
13:19:51.0025 4352 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:19:51.0040 4352 ErrDev - ok
13:19:51.0087 4352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:19:51.0165 4352 EventSystem - ok
13:19:51.0196 4352 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:19:51.0259 4352 exfat - ok
13:19:51.0290 4352 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:19:51.0352 4352 fastfat - ok
13:19:51.0383 4352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:19:51.0446 4352 Fax - ok
13:19:51.0461 4352 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:19:51.0508 4352 fdc - ok
13:19:51.0524 4352 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:19:51.0602 4352 fdPHost - ok
13:19:51.0617 4352 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:19:51.0680 4352 FDResPub - ok
13:19:51.0711 4352 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:19:51.0727 4352 FileInfo - ok
13:19:51.0742 4352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:19:51.0805 4352 Filetrace - ok
13:19:51.0805 4352 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:51.0820 4352 flpydisk - ok
13:19:51.0851 4352 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:19:51.0867 4352 FltMgr - ok
13:19:51.0914 4352 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:19:51.0992 4352 FontCache - ok
13:19:52.0039 4352 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:52.0054 4352 FontCache3.0.0.0 - ok
13:19:52.0085 4352 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:19:52.0101 4352 FsDepends - ok
13:19:52.0163 4352 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:19:52.0195 4352 Fs_Rec - ok
13:19:52.0226 4352 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:19:52.0273 4352 fvevol - ok
13:19:52.0304 4352 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:19:52.0335 4352 gagp30kx - ok
13:19:52.0366 4352 [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
13:19:52.0397 4352 GDBehave - ok
13:19:52.0475 4352 [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
13:19:52.0585 4352 GDFwSvc - ok
13:19:52.0616 4352 [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
13:19:52.0647 4352 GDMnIcpt - ok
13:19:52.0663 4352 [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
13:19:52.0678 4352 GDPkIcpt - ok
13:19:52.0741 4352 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
13:19:52.0787 4352 GDScan - ok
13:19:52.0834 4352 [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
13:19:52.0850 4352 gdwfpcd - ok
13:19:52.0928 4352 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:52.0959 4352 GEARAspiWDM - ok
13:19:52.0990 4352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:19:53.0115 4352 gpsvc - ok
13:19:53.0146 4352 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:19:53.0209 4352 hcw85cir - ok
13:19:53.0240 4352 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:53.0302 4352 HdAudAddService - ok
13:19:53.0333 4352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:19:53.0396 4352 HDAudBus - ok
13:19:53.0411 4352 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:19:53.0443 4352 HidBatt - ok
13:19:53.0458 4352 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:19:53.0489 4352 HidBth - ok
13:19:53.0521 4352 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:19:53.0567 4352 HidIr - ok
13:19:53.0583 4352 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:19:53.0677 4352 hidserv - ok
13:19:53.0708 4352 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:19:53.0755 4352 HidUsb - ok
13:19:53.0801 4352 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:19:53.0895 4352 hkmsvc - ok
13:19:53.0926 4352 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:19:53.0973 4352 HomeGroupListener - ok
13:19:54.0004 4352 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:19:54.0051 4352 HomeGroupProvider - ok
13:19:54.0067 4352 [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
13:19:54.0082 4352 HookCentre - ok
13:19:54.0113 4352 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:19:54.0160 4352 HpSAMD - ok
13:19:54.0207 4352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:19:54.0332 4352 HTTP - ok
13:19:54.0379 4352 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:19:54.0410 4352 hwpolicy - ok
13:19:54.0457 4352 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:54.0488 4352 i8042prt - ok
13:19:54.0535 4352 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:19:54.0581 4352 iaStorV - ok
13:19:54.0613 4352 [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:19:54.0628 4352 IBMPMDRV - ok
13:19:54.0644 4352 [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
13:19:54.0675 4352 IBMPMSVC - ok
13:19:54.0722 4352 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:54.0800 4352 idsvc - ok
13:19:55.0065 4352 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:19:55.0517 4352 igfx - ok
13:19:55.0549 4352 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:19:55.0580 4352 iirsp - ok
13:19:55.0627 4352 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:19:55.0736 4352 IKEEXT - ok
13:19:55.0767 4352 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
13:19:55.0814 4352 Impcd - ok
13:19:55.0845 4352 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:19:55.0907 4352 IntcDAud - ok
13:19:55.0939 4352 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:19:55.0970 4352 intelide - ok
13:19:56.0001 4352 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:19:56.0049 4352 intelppm - ok
13:19:56.0080 4352 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:19:56.0174 4352 IPBusEnum - ok
13:19:56.0189 4352 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:56.0283 4352 IpFilterDriver - ok
13:19:56.0330 4352 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:19:56.0408 4352 iphlpsvc - ok
13:19:56.0423 4352 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:19:56.0454 4352 IPMIDRV - ok
13:19:56.0470 4352 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:19:56.0532 4352 IPNAT - ok
13:19:56.0610 4352 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:19:56.0673 4352 iPod Service - ok
13:19:56.0688 4352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:19:56.0766 4352 IRENUM - ok
13:19:56.0798 4352 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:19:56.0829 4352 isapnp - ok
13:19:56.0860 4352 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:19:56.0907 4352 iScsiPrt - ok
13:19:56.0938 4352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:56.0969 4352 kbdclass - ok
13:19:56.0985 4352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:57.0032 4352 kbdhid - ok
13:19:57.0047 4352 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:19:57.0078 4352 KeyIso - ok
13:19:57.0125 4352 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:19:57.0156 4352 KSecDD - ok
13:19:57.0172 4352 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:19:57.0203 4352 KSecPkg - ok
13:19:57.0234 4352 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:19:57.0297 4352 ksthunk - ok
13:19:57.0328 4352 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:19:57.0390 4352 KtmRm - ok
13:19:57.0422 4352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:19:57.0484 4352 LanmanServer - ok
13:19:57.0500 4352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:57.0609 4352 LanmanWorkstation - ok
13:19:57.0640 4352 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:19:57.0718 4352 lltdio - ok
13:19:57.0749 4352 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:19:57.0827 4352 lltdsvc - ok
13:19:57.0843 4352 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:19:57.0905 4352 lmhosts - ok
13:19:57.0936 4352 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:19:57.0952 4352 LSI_FC - ok
13:19:57.0968 4352 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:19:57.0983 4352 LSI_SAS - ok
13:19:57.0999 4352 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:19:58.0014 4352 LSI_SAS2 - ok
13:19:58.0030 4352 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:19:58.0046 4352 LSI_SCSI - ok
13:19:58.0061 4352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:19:58.0124 4352 luafv - ok
13:19:58.0155 4352 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:19:58.0170 4352 MBAMProtector - ok
13:19:58.0186 4352 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:19:58.0202 4352 MBAMScheduler - ok
13:19:58.0264 4352 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:19:58.0311 4352 MBAMService - ok
13:19:58.0342 4352 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:19:58.0451 4352 Mcx2Svc - ok
13:19:58.0482 4352 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:19:58.0498 4352 megasas - ok
13:19:58.0529 4352 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:19:58.0560 4352 MegaSR - ok
13:19:58.0592 4352 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:19:58.0654 4352 MMCSS - ok
13:19:58.0670 4352 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:19:58.0732 4352 Modem - ok
13:19:58.0763 4352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:19:58.0794 4352 monitor - ok
13:19:58.0826 4352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:19:58.0841 4352 mouclass - ok
13:19:58.0857 4352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:19:58.0888 4352 mouhid - ok
13:19:58.0904 4352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:19:58.0919 4352 mountmgr - ok
13:19:58.0935 4352 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:19:58.0966 4352 mpio - ok
13:19:58.0966 4352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:19:59.0028 4352 mpsdrv - ok
13:19:59.0075 4352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:19:59.0138 4352 MpsSvc - ok
13:19:59.0153 4352 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:19:59.0200 4352 MRxDAV - ok
13:19:59.0216 4352 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:59.0262 4352 mrxsmb - ok
13:19:59.0294 4352 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:59.0309 4352 mrxsmb10 - ok
13:19:59.0325 4352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:59.0340 4352 mrxsmb20 - ok
13:19:59.0356 4352 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:19:59.0372 4352 msahci - ok
13:19:59.0403 4352 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:19:59.0418 4352 msdsm - ok
13:19:59.0434 4352 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:19:59.0465 4352 MSDTC - ok
13:19:59.0496 4352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:19:59.0543 4352 Msfs - ok
13:19:59.0543 4352 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:19:59.0606 4352 mshidkmdf - ok
13:19:59.0621 4352 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:19:59.0637 4352 msisadrv - ok
13:19:59.0668 4352 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:19:59.0762 4352 MSiSCSI - ok
13:19:59.0762 4352 msiserver - ok
13:19:59.0777 4352 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:19:59.0840 4352 MSKSSRV - ok
13:19:59.0840 4352 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:59.0886 4352 MSPCLOCK - ok
13:19:59.0902 4352 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:19:59.0949 4352 MSPQM - ok
13:19:59.0980 4352 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:20:00.0027 4352 MsRPC - ok
13:20:00.0042 4352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:20:00.0074 4352 mssmbios - ok
13:20:00.0105 4352 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:20:00.0198 4352 MSTEE - ok
13:20:00.0198 4352 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:20:00.0230 4352 MTConfig - ok
13:20:00.0245 4352 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:20:00.0276 4352 Mup - ok
13:20:00.0292 4352 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:20:00.0386 4352 napagent - ok
13:20:00.0417 4352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:20:00.0464 4352 NativeWifiP - ok
13:20:00.0510 4352 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:20:00.0573 4352 NDIS - ok
13:20:00.0604 4352 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:20:00.0682 4352 NdisCap - ok
13:20:00.0698 4352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:00.0744 4352 NdisTapi - ok
13:20:00.0776 4352 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:00.0854 4352 Ndisuio - ok
13:20:00.0869 4352 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:00.0947 4352 NdisWan - ok
13:20:00.0963 4352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:20:01.0041 4352 NDProxy - ok
13:20:01.0072 4352 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:20:01.0135 4352 NetBIOS - ok
13:20:01.0167 4352 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:20:01.0213 4352 NetBT - ok
13:20:01.0229 4352 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:20:01.0245 4352 Netlogon - ok
13:20:01.0276 4352 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:20:01.0369 4352 Netman - ok
13:20:01.0369 4352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:20:01.0447 4352 netprofm - ok
13:20:01.0463 4352 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:01.0494 4352 NetTcpPortSharing - ok
13:20:01.0510 4352 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:20:01.0541 4352 nfrd960 - ok
13:20:01.0572 4352 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:20:01.0666 4352 NlaSvc - ok
13:20:01.0681 4352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:20:01.0775 4352 Npfs - ok
13:20:01.0791 4352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:20:01.0884 4352 nsi - ok
13:20:01.0900 4352 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:20:01.0962 4352 nsiproxy - ok
13:20:02.0025 4352 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:20:02.0103 4352 Ntfs - ok
13:20:02.0118 4352 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:20:02.0212 4352 Null - ok
13:20:02.0243 4352 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:20:02.0290 4352 nvraid - ok
13:20:02.0290 4352 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:20:02.0337 4352 nvstor - ok
13:20:02.0352 4352 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:20:02.0383 4352 nv_agp - ok
13:20:02.0399 4352 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:20:02.0430 4352 ohci1394 - ok
13:20:02.0477 4352 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:02.0524 4352 ose - ok
13:20:02.0555 4352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:20:02.0617 4352 p2pimsvc - ok
13:20:02.0649 4352 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:20:02.0680 4352 p2psvc - ok
13:20:02.0711 4352 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:20:02.0727 4352 Parport - ok
13:20:02.0758 4352 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:20:02.0773 4352 partmgr - ok
13:20:02.0805 4352 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:20:02.0851 4352 PcaSvc - ok
13:20:02.0867 4352 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:20:02.0898 4352 pci - ok
13:20:02.0914 4352 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:20:02.0929 4352 pciide - ok
13:20:02.0961 4352 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:20:02.0992 4352 pcmcia - ok
13:20:03.0007 4352 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:20:03.0023 4352 pcw - ok
13:20:03.0054 4352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:20:03.0148 4352 PEAUTH - ok
13:20:03.0195 4352 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:20:03.0273 4352 PeerDistSvc - ok
13:20:03.0366 4352 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:20:03.0413 4352 PerfHost - ok
13:20:03.0475 4352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:20:03.0631 4352 pla - ok
13:20:03.0678 4352 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:20:03.0741 4352 PlugPlay - ok
13:20:03.0756 4352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:20:03.0787 4352 PNRPAutoReg - ok
13:20:03.0819 4352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:20:03.0865 4352 PNRPsvc - ok
13:20:03.0881 4352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:20:03.0959 4352 PolicyAgent - ok
13:20:03.0990 4352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:20:04.0053 4352 Power - ok
13:20:04.0099 4352 [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:20:04.0131 4352 Power Manager DBC Service - ok
13:20:04.0162 4352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:20:04.0240 4352 PptpMiniport - ok
13:20:04.0255 4352 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:20:04.0302 4352 Processor - ok
13:20:04.0333 4352 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:20:04.0427 4352 ProfSvc - ok
13:20:04.0427 4352 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:04.0458 4352 ProtectedStorage - ok
13:20:04.0474 4352 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
13:20:04.0489 4352 psadd - ok
13:20:04.0521 4352 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:20:04.0599 4352 Psched - ok
13:20:04.0630 4352 [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
13:20:04.0645 4352 PwmEWSvc - ok
13:20:04.0708 4352 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:20:04.0786 4352 ql2300 - ok
13:20:04.0817 4352 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:20:04.0848 4352 ql40xx - ok
13:20:04.0848 4352 qsjdfziv - ok
13:20:04.0879 4352 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:20:04.0942 4352 QWAVE - ok
13:20:04.0957 4352 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:20:05.0004 4352 QWAVEdrv - ok
13:20:05.0004 4352 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:20:05.0082 4352 RasAcd - ok
13:20:05.0113 4352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:20:05.0160 4352 RasAgileVpn - ok
13:20:05.0176 4352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:20:05.0223 4352 RasAuto - ok
13:20:05.0254 4352 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:05.0301 4352 Rasl2tp - ok
13:20:05.0332 4352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:20:05.0394 4352 RasMan - ok
13:20:05.0410 4352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:05.0472 4352 RasPppoe - ok
13:20:05.0472 4352 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:20:05.0535 4352 RasSstp - ok
13:20:05.0566 4352 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:20:05.0628 4352 rdbss - ok
13:20:05.0659 4352 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:20:05.0675 4352 rdpbus - ok
13:20:05.0691 4352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:05.0784 4352 RDPCDD - ok
13:20:05.0800 4352 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:20:05.0847 4352 RDPDR - ok
13:20:05.0847 4352 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:20:05.0909 4352 RDPENCDD - ok
13:20:05.0940 4352 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:20:05.0987 4352 RDPREFMP - ok
13:20:06.0003 4352 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:20:06.0065 4352 RDPWD - ok
13:20:06.0081 4352 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:20:06.0127 4352 rdyboost - ok
13:20:06.0143 4352 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:20:06.0221 4352 RemoteAccess - ok
13:20:06.0252 4352 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:20:06.0346 4352 RemoteRegistry - ok
13:20:06.0377 4352 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:06.0408 4352 RFCOMM - ok
13:20:06.0424 4352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:20:06.0486 4352 RpcEptMapper - ok
13:20:06.0502 4352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:20:06.0549 4352 RpcLocator - ok
13:20:06.0580 4352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:20:06.0673 4352 RpcSs - ok
13:20:06.0705 4352 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:20:06.0783 4352 rspndr - ok
13:20:06.0829 4352 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:20:06.0876 4352 RTL8167 - ok
13:20:06.0939 4352 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:20:07.0017 4352 RTL8192Ce - ok
13:20:07.0032 4352 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:20:07.0079 4352 s3cap - ok
13:20:07.0079 4352 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:20:07.0110 4352 SamSs - ok
13:20:07.0126 4352 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:20:07.0157 4352 sbp2port - ok
13:20:07.0173 4352 SBRE - ok
13:20:07.0204 4352 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:20:07.0266 4352 SCardSvr - ok
13:20:07.0297 4352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:20:07.0375 4352 scfilter - ok
13:20:07.0407 4352 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:20:07.0516 4352 Schedule - ok
13:20:07.0531 4352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:20:07.0578 4352 SCPolicySvc - ok
13:20:07.0609 4352 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:20:07.0625 4352 SDRSVC - ok
13:20:07.0656 4352 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:20:07.0765 4352 secdrv - ok
13:20:07.0781 4352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:20:07.0843 4352 seclogon - ok
13:20:07.0875 4352 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:20:07.0968 4352 SENS - ok
13:20:07.0968 4352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:20:08.0015 4352 SensrSvc - ok
13:20:08.0031 4352 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:20:08.0062 4352 Serenum - ok
13:20:08.0077 4352 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:20:08.0109 4352 Serial - ok
13:20:08.0124 4352 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:20:08.0155 4352 sermouse - ok
13:20:08.0187 4352 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:20:08.0249 4352 SessionEnv - ok
13:20:08.0265 4352 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:20:08.0296 4352 sffdisk - ok
13:20:08.0311 4352 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:20:08.0358 4352 sffp_mmc - ok
13:20:08.0358 4352 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:20:08.0389 4352 sffp_sd - ok
13:20:08.0421 4352 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:20:08.0436 4352 sfloppy - ok
13:20:08.0467 4352 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:20:08.0577 4352 SharedAccess - ok
13:20:08.0608 4352 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:08.0670 4352 ShellHWDetection - ok
13:20:08.0701 4352 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:20:08.0733 4352 SiSRaid2 - ok
13:20:08.0748 4352 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:20:08.0779 4352 SiSRaid4 - ok
13:20:08.0826 4352 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:20:08.0904 4352 Smb - ok
13:20:08.0935 4352 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:20:08.0982 4352 SNMPTRAP - ok
13:20:09.0013 4352 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:20:09.0029 4352 spldr - ok
13:20:09.0076 4352 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:20:09.0169 4352 Spooler - ok
13:20:09.0263 4352 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:20:09.0372 4352 sppsvc - ok
13:20:09.0388 4352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:20:09.0450 4352 sppuinotify - ok
13:20:09.0481 4352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:20:09.0528 4352 srv - ok
13:20:09.0559 4352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:20:09.0622 4352 srv2 - ok
13:20:09.0653 4352 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:20:09.0700 4352 srvnet - ok
13:20:09.0731 4352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:20:09.0840 4352 SSDPSRV - ok
13:20:09.0856 4352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:20:09.0918 4352 SstpSvc - ok
13:20:09.0949 4352 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:20:09.0981 4352 ssudmdm - ok
13:20:09.0996 4352 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:20:10.0027 4352 stexstor - ok
13:20:10.0074 4352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:20:10.0137 4352 stisvc - ok
13:20:10.0152 4352 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:20:10.0183 4352 storflt - ok
13:20:10.0199 4352 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:20:10.0261 4352 StorSvc - ok
13:20:10.0277 4352 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:20:10.0308 4352 storvsc - ok
13:20:10.0371 4352 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
13:20:10.0402 4352 SUService - ok
13:20:10.0417 4352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:20:10.0449 4352 swenum - ok
13:20:10.0480 4352 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:20:10.0620 4352 swprv - ok
13:20:10.0683 4352 [ FFBE7C45999252C3131CBDD05E2FA135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:20:10.0761 4352 SynTP - ok
13:20:10.0792 4352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:20:10.0870 4352 SysMain - ok
13:20:10.0901 4352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:10.0917 4352 TabletInputService - ok
13:20:10.0948 4352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:20:10.0995 4352 TapiSrv - ok
13:20:11.0026 4352 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:20:11.0073 4352 TBS - ok
13:20:11.0135 4352 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:20:11.0260 4352 Tcpip - ok
13:20:11.0291 4352 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:20:11.0369 4352 TCPIP6 - ok
13:20:11.0385 4352 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:20:11.0431 4352 tcpipreg - ok
13:20:11.0463 4352 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:20:11.0509 4352 TDPIPE - ok
13:20:11.0541 4352 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:20:11.0587 4352 TDTCP - ok
13:20:11.0619 4352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:20:11.0712 4352 tdx - ok
13:20:11.0728 4352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:20:11.0759 4352 TermDD - ok
13:20:11.0790 4352 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:20:11.0884 4352 TermService - ok
13:20:11.0899 4352 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:20:11.0931 4352 Themes - ok
13:20:11.0946 4352 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:20:11.0993 4352 THREADORDER - ok
13:20:12.0024 4352 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
13:20:12.0040 4352 TPPWRIF - ok
13:20:12.0071 4352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:20:12.0149 4352 TrkWks - ok
13:20:12.0196 4352 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:12.0258 4352 TrustedInstaller - ok
13:20:12.0289 4352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:12.0352 4352 tssecsrv - ok
13:20:12.0383 4352 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:20:12.0430 4352 TsUsbFlt - ok
13:20:12.0461 4352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:20:12.0570 4352 tunnel - ok
13:20:12.0586 4352 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:20:12.0617 4352 uagp35 - ok
13:20:12.0633 4352 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:20:12.0711 4352 udfs - ok
13:20:12.0742 4352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:20:12.0773 4352 UI0Detect - ok
13:20:12.0789 4352 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:20:12.0804 4352 uliagpkx - ok
13:20:12.0835 4352 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:20:12.0867 4352 umbus - ok
13:20:12.0882 4352 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:20:12.0929 4352 UmPass - ok
13:20:12.0960 4352 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:20:13.0007 4352 UmRdpService - ok
13:20:13.0038 4352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:20:13.0116 4352 upnphost - ok
13:20:13.0147 4352 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:20:13.0179 4352 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:20:13.0179 4352 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
13:20:13.0210 4352 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:13.0241 4352 usbccgp - ok
13:20:13.0272 4352 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:20:13.0303 4352 usbcir - ok
13:20:13.0335 4352 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:20:13.0397 4352 usbehci - ok
13:20:13.0413 4352 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:20:13.0444 4352 usbhub - ok
13:20:13.0459 4352 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:20:13.0491 4352 usbohci - ok
13:20:13.0491 4352 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:20:13.0537 4352 usbprint - ok
13:20:13.0553 4352 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:20:13.0615 4352 usbscan - ok
13:20:13.0631 4352 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:13.0678 4352 USBSTOR - ok
13:20:13.0709 4352 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:13.0818 4352 usbuhci - ok
13:20:13.0912 4352 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:20:13.0959 4352 usbvideo - ok
13:20:13.0974 4352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:20:14.0083 4352 UxSms - ok
13:20:14.0099 4352 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:20:14.0115 4352 VaultSvc - ok
13:20:14.0146 4352 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:20:14.0161 4352 vdrvroot - ok
13:20:14.0208 4352 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:20:14.0317 4352 vds - ok
13:20:14.0349 4352 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:14.0380 4352 vga - ok
13:20:14.0395 4352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:20:14.0458 4352 VgaSave - ok
13:20:14.0473 4352 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:20:14.0505 4352 vhdmp - ok
13:20:14.0520 4352 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:20:14.0536 4352 viaide - ok
13:20:14.0551 4352 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:20:14.0567 4352 vmbus - ok
13:20:14.0583 4352 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:20:14.0598 4352 VMBusHID - ok
13:20:14.0614 4352 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:20:14.0629 4352 volmgr - ok
13:20:14.0661 4352 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:20:14.0676 4352 volmgrx - ok
13:20:14.0723 4352 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:20:14.0754 4352 volsnap - ok
13:20:14.0801 4352 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:20:14.0848 4352 vsmraid - ok
13:20:14.0895 4352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:20:15.0004 4352 VSS - ok
13:20:15.0019 4352 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:20:15.0035 4352 vwifibus - ok
13:20:15.0051 4352 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:20:15.0066 4352 vwififlt - ok
13:20:15.0082 4352 vyhqrvwu - ok
13:20:15.0097 4352 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:20:15.0160 4352 W32Time - ok
13:20:15.0175 4352 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:20:15.0207 4352 WacomPen - ok
13:20:15.0238 4352 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0316 4352 WANARP - ok
13:20:15.0331 4352 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0378 4352 Wanarpv6 - ok
13:20:15.0425 4352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:20:15.0487 4352 wbengine - ok
13:20:15.0503 4352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:20:15.0534 4352 WbioSrvc - ok
13:20:15.0565 4352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:20:15.0597 4352 wcncsvc - ok
13:20:15.0612 4352 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:15.0628 4352 WcsPlugInService - ok
13:20:15.0643 4352 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:20:15.0659 4352 Wd - ok
13:20:15.0690 4352 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:20:15.0721 4352 Wdf01000 - ok
13:20:15.0737 4352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:20:15.0815 4352 WdiServiceHost - ok
13:20:15.0831 4352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:20:15.0862 4352 WdiSystemHost - ok
13:20:15.0877 4352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:20:15.0909 4352 WebClient - ok
13:20:15.0924 4352 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:20:15.0987 4352 Wecsvc - ok
13:20:16.0002 4352 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:20:16.0065 4352 wercplsupport - ok
13:20:16.0080 4352 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:20:16.0127 4352 WerSvc - ok
13:20:16.0174 4352 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:20:16.0221 4352 WfpLwf - ok
13:20:16.0221 4352 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:20:16.0236 4352 WIMMount - ok
13:20:16.0268 4352 WinDefend - ok
13:20:16.0268 4352 WinHttpAutoProxySvc - ok
13:20:16.0330 4352 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:20:16.0439 4352 Winmgmt - ok
13:20:16.0502 4352 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:20:16.0642 4352 WinRM - ok
13:20:16.0673 4352 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:20:16.0704 4352 WinUsb - ok
13:20:16.0751 4352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:20:16.0798 4352 Wlansvc - ok
13:20:16.0829 4352 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:20:16.0876 4352 WmiAcpi - ok
13:20:16.0907 4352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:20:16.0970 4352 wmiApSrv - ok
13:20:17.0001 4352 WMPNetworkSvc - ok
13:20:17.0016 4352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:20:17.0063 4352 WPCSvc - ok
13:20:17.0094 4352 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:20:17.0141 4352 WPDBusEnum - ok
13:20:17.0157 4352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:20:17.0219 4352 ws2ifsl - ok
13:20:17.0250 4352 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:20:17.0282 4352 wscsvc - ok
13:20:17.0282 4352 WSearch - ok
13:20:17.0360 4352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:20:17.0453 4352 wuauserv - ok
13:20:17.0469 4352 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:20:17.0578 4352 WudfPf - ok
13:20:17.0625 4352 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:17.0703 4352 WUDFRd - ok
13:20:17.0718 4352 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:20:17.0765 4352 wudfsvc - ok
13:20:17.0781 4352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:20:17.0828 4352 WwanSvc - ok
13:20:17.0843 4352 ================ Scan global ===============================
13:20:17.0859 4352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:20:17.0890 4352 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0890 4352 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0937 4352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:20:17.0952 4352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:20:17.0952 4352 [Global] - ok
13:20:17.0952 4352 ================ Scan MBR ==================================
13:20:17.0968 4352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:20:18.0327 4352 \Device\Harddisk0\DR0 - ok
13:20:18.0327 4352 ================ Scan VBR ==================================
13:20:18.0342 4352 [ CD8B4DD822B82F7F99F633EC54E1617A ] \Device\Harddisk0\DR0\Partition1
13:20:18.0342 4352 \Device\Harddisk0\DR0\Partition1 - ok
13:20:18.0358 4352 [ 0C71FEECFCE4E3ADE6211890BB97154B ] \Device\Harddisk0\DR0\Partition2
13:20:18.0358 4352 \Device\Harddisk0\DR0\Partition2 - ok
13:20:18.0358 4352 ============================================================
13:20:18.0358 4352 Scan finished
13:20:18.0358 4352 ============================================================
13:20:18.0374 3172 Detected object count: 1
13:20:18.0374 3172 Actual detected object count: 1
13:20:28.0326 3172 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:28.0326 3172 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.10.2012, 14:50
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.10.2012, 15:14
| #28 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Ich muss dazu sagen, dass ich Probleme mit dem Combofix hatte. Beim ersten Start erhielt ich die Meldung "Fehler beim Überschreiben...." siehe Anhang- ich bin auf ignorieren gegangen. Bei Stufe 48 hat sich mein PC komplett aufgehängt und ich habe ihn neu gestartet. Beim zweiten Versuch kam ich bis zum zweiten Anhang, danach hat sich über mehrere Stunden gar nichts getan. Nach ca. 7 Stunden habe ich es dann selbst abgebrochen. Beim heutigen dritten Versuch hat es endlich nach 20 Minuten geklappt: Code:
ATTFilter ComboFix 12-10-14.03 - *** 14.10.2012 14:13:42.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3893.2233 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\***\4.0
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-14 bis 2012-10-14 ))))))))))))))))))))))))))))))
.
.
2012-10-14 12:58 . 2012-10-14 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 12:58 . 2012-10-14 12:58 -------- d-----w- c:\users\***\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44 -------- d-----w- C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39 -------- d-----w- c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03 735744 ----a-w- c:\windows\system32\msfeeds.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27 64376 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 avqferzi;avqferzi;c:\windows\system32\drivers\avqferzi.sys [x]
R1 bknyckwb;bknyckwb;c:\windows\system32\drivers\bknyckwb.sys [x]
R1 ddrbijkc;ddrbijkc;c:\windows\system32\drivers\ddrbijkc.sys [x]
R1 qsjdfziv;qsjdfziv;c:\windows\system32\drivers\qsjdfziv.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 vyhqrvwu;vyhqrvwu;c:\windows\system32\drivers\vyhqrvwu.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-14 16:00:52
ComboFix-quarantined-files.txt 2012-10-14 14:00
.
Vor Suchlauf: 10 Verzeichnis(se), 198.765.957.120 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 198.630.305.792 Bytes frei
.
- - End Of File - - CB41F98FC80CA15F34A2472729AAAB55
|
|
14.10.2012, 19:29
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
avqferzi
bknyckwb
ddrbijkc
qsjdfziv
vyhqrvwu
File::
c:\windows\system32\drivers\avqferzi.sys
c:\windows\system32\drivers\bknyckwb.sys
c:\windows\system32\drivers\ddrbijkc.sys
c:\windows\system32\drivers\qsjdfziv.sys
c:\windows\system32\drivers\vyhqrvwu.sys
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 20:34
| #30 |
| | "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" Beim dritten Versucht hat es geklappt. Code:
ATTFilter ComboFix 12-10-15.01 - *** 15.10.2012 21:11:57.6.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3893.2507 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\avqferzi.sys"
"c:\windows\system32\drivers\bknyckwb.sys"
"c:\windows\system32\drivers\ddrbijkc.sys"
"c:\windows\system32\drivers\qsjdfziv.sys"
"c:\windows\system32\drivers\vyhqrvwu.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_avqferzi
-------\Service_bknyckwb
-------\Service_ddrbijkc
-------\Service_qsjdfziv
-------\Service_vyhqrvwu
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-15 bis 2012-10-15 ))))))))))))))))))))))))))))))
.
.
2012-10-15 19:22 . 2012-10-15 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 19:22 . 2012-10-15 19:22 -------- d-----w- c:\users\Bea\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44 -------- d-----w- C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39 -------- d-----w- c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03 735744 ----a-w- c:\windows\system32\msfeeds.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27 64376 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\**\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-15 21:28:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-15 19:28
ComboFix2.txt 2012-10-14 14:00
.
Vor Suchlauf: 14 Verzeichnis(se), 198.272.622.592 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 197.798.793.216 Bytes frei
.
- - End Of File - - 7B661CDC8C55FE3D10C19249BCD97B5F
|
|
| Themen zu "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" |
| ad-aware, antivirus, autorun, bankguard, bho, bonjour, converter, document, error, excel, firefox, flash player, helper, hijack, install.exe, lenovo, logfile, mozilla, mp3, object, plug-in, popup, problem, pwmtr64v.dll, realtek, registry, rundll, search the web, security, siteadvisor, software, svchost.exe |
Linear-Darstellung
