| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Progressive Protection befallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 23:27
| #1 |
| |  System Progressive Protection befall Hallo, mein laptop wurde gerade von System Progressive Protection befallen. Ich habe dann sofort eine systemstartreparatur durchgeführt. nach einem neustart war von System Progressive Protection nichts mehr zu sehen. Jetzt führe ich gerade einen scan mit Malwarebytes durch (werde die log datei posetn sobald es fertig ist). was muss ich sonst noch alles machen? vielan dank für eure hilfe hier ist die log datei Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Thomas :: THOMAS-THINKPAD [Administrator] 10.10.2012 00:10:55 mbam-log-2012-10-10 (00-38-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195084 Laufzeit: 27 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\$Recycle.Bin\S-1-5-18\$cc48889fe41583e9a4ebb7d0a7c7d25d\n (Trojan.0Access) -> Keine Aktion durchgeführt. C:\$Recycle.Bin\S-1-5-21-1387034888-72800942-1361957130-1000\$cc48889fe41583e9a4ebb7d0a7c7d25d\n (Trojan.0Access) -> Keine Aktion durchgeführt. (Ende) |
|
10.10.2012, 06:36
| #2 |
  | System Progressive Protection befall Hi,
__________________da ist noch ein Rootkit aktiv, löschen lassen und dann MAM updaten und einen Fullscan durchführen, Log posten. Zusätzlich: TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
10.10.2012, 13:00
| #3 |
| | System Progressive Protection befall habe jetzt einen fullscan durchgeführt:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Thomas :: THOMAS-THINKPAD [Administrator] 10.10.2012 09:48:50 mbam-log-2012-10-10 (09-48-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 463619 Laufzeit: 4 Stunde(n), 7 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-18\$cc48889fe41583e9a4ebb7d0a7c7d25d\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt. (Ende) TDSS report: Code:
ATTFilter 14:12:17.0697 2468 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:12:17.0853 2468 ============================================================
14:12:17.0853 2468 Current date / time: 2012/10/10 14:12:17.0853
14:12:17.0853 2468 SystemInfo:
14:12:17.0853 2468
14:12:17.0853 2468 OS Version: 6.1.7601 ServicePack: 1.0
14:12:17.0853 2468 Product type: Workstation
14:12:17.0853 2468 ComputerName: THOMAS-THINKPAD
14:12:17.0853 2468 UserName: Thomas
14:12:17.0853 2468 Windows directory: C:\Windows
14:12:17.0853 2468 System windows directory: C:\Windows
14:12:17.0853 2468 Processor architecture: Intel x86
14:12:17.0853 2468 Number of processors: 2
14:12:17.0853 2468 Page size: 0x1000
14:12:17.0853 2468 Boot type: Normal boot
14:12:17.0853 2468 ============================================================
14:12:22.0470 2468 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:12:22.0470 2468 ============================================================
14:12:22.0470 2468 \Device\Harddisk0\DR0:
14:12:22.0470 2468 MBR partitions:
14:12:22.0470 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:12:22.0470 2468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
14:12:22.0470 2468 ============================================================
14:12:22.0517 2468 C: <-> \Device\Harddisk0\DR0\Partition2
14:12:22.0517 2468 ============================================================
14:12:22.0517 2468 Initialize success
14:12:22.0517 2468 ============================================================
14:13:53.0933 2664 ============================================================
14:13:53.0933 2664 Scan started
14:13:53.0933 2664 Mode: Manual; SigCheck; TDLFS;
14:13:53.0933 2664 ============================================================
14:13:56.0039 2664 ================ Scan system memory ========================
14:13:56.0039 2664 System memory - ok
14:13:56.0039 2664 ================ Scan services =============================
14:13:56.0258 2664 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:13:56.0476 2664 1394ohci - ok
14:13:56.0539 2664 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:13:56.0570 2664 ACPI - ok
14:13:56.0632 2664 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:13:56.0710 2664 AcpiPmi - ok
14:13:56.0851 2664 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:13:56.0882 2664 AdobeARMservice - ok
14:13:56.0929 2664 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:13:56.0991 2664 adp94xx - ok
14:13:57.0007 2664 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:13:57.0053 2664 adpahci - ok
14:13:57.0069 2664 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:13:57.0100 2664 adpu320 - ok
14:13:57.0147 2664 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:13:57.0209 2664 AeLookupSvc - ok
14:13:57.0303 2664 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:13:57.0397 2664 AFD - ok
14:13:57.0443 2664 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:13:57.0475 2664 agp440 - ok
14:13:57.0521 2664 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:13:57.0553 2664 aic78xx - ok
14:13:57.0584 2664 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:13:57.0646 2664 ALG - ok
14:13:57.0677 2664 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:13:57.0709 2664 aliide - ok
14:13:57.0787 2664 [ CC91047EC4A39A3120AF6AED1B3663B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:13:57.0865 2664 AMD External Events Utility - ok
14:13:57.0911 2664 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:13:57.0958 2664 amdagp - ok
14:13:57.0989 2664 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:13:58.0005 2664 amdide - ok
14:13:58.0052 2664 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:13:58.0099 2664 AmdK8 - ok
14:13:58.0114 2664 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:13:58.0161 2664 AmdPPM - ok
14:13:58.0208 2664 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:13:58.0270 2664 amdsata - ok
14:13:58.0286 2664 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:13:58.0333 2664 amdsbs - ok
14:13:58.0348 2664 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:13:58.0379 2664 amdxata - ok
14:13:58.0473 2664 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:13:58.0504 2664 AntiVirSchedulerService - ok
14:13:58.0551 2664 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:13:58.0598 2664 AntiVirService - ok
14:13:58.0660 2664 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:13:58.0785 2664 AppID - ok
14:13:58.0816 2664 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:13:58.0879 2664 AppIDSvc - ok
14:13:58.0972 2664 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:13:59.0035 2664 Appinfo - ok
14:13:59.0066 2664 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:13:59.0113 2664 AppMgmt - ok
14:13:59.0159 2664 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:13:59.0206 2664 arc - ok
14:13:59.0222 2664 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:13:59.0253 2664 arcsas - ok
14:13:59.0409 2664 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:13:59.0471 2664 aspnet_state - ok
14:13:59.0518 2664 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:59.0612 2664 AsyncMac - ok
14:13:59.0690 2664 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:13:59.0705 2664 atapi - ok
14:13:59.0752 2664 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
14:13:59.0799 2664 AtiHdmiService - ok
14:13:59.0971 2664 [ DAAF32567F02697A698EAF82E1F04FA6 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:14:00.0220 2664 atikmdag - ok
14:14:00.0267 2664 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:14:00.0298 2664 AtiPcie - ok
14:14:00.0392 2664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:14:00.0470 2664 AudioEndpointBuilder - ok
14:14:00.0485 2664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:14:00.0532 2664 Audiosrv - ok
14:14:00.0579 2664 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:14:00.0610 2664 avgntflt - ok
14:14:00.0657 2664 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:14:00.0688 2664 avipbb - ok
14:14:00.0751 2664 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:14:00.0782 2664 avkmgr - ok
14:14:00.0860 2664 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:14:00.0938 2664 AxInstSV - ok
14:14:00.0985 2664 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:14:01.0187 2664 b06bdrv - ok
14:14:01.0421 2664 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:14:01.0453 2664 b57nd60x - ok
14:14:01.0593 2664 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:14:01.0733 2664 BDESVC - ok
14:14:01.0889 2664 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:14:01.0967 2664 Beep - ok
14:14:02.0123 2664 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:14:02.0201 2664 BFE - ok
14:14:02.0233 2664 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:14:02.0404 2664 BITS - ok
14:14:02.0451 2664 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:02.0513 2664 blbdrive - ok
14:14:02.0591 2664 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:14:02.0638 2664 bowser - ok
14:14:02.0685 2664 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:02.0779 2664 BrFiltLo - ok
14:14:02.0810 2664 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:02.0857 2664 BrFiltUp - ok
14:14:02.0919 2664 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:14:03.0028 2664 Browser - ok
14:14:03.0059 2664 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:14:03.0137 2664 Brserid - ok
14:14:03.0169 2664 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:03.0247 2664 BrSerWdm - ok
14:14:03.0293 2664 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:03.0340 2664 BrUsbMdm - ok
14:14:03.0371 2664 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:03.0481 2664 BrUsbSer - ok
14:14:03.0512 2664 BTCFilterService - ok
14:14:03.0543 2664 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:03.0621 2664 BTHMODEM - ok
14:14:03.0699 2664 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:14:03.0793 2664 bthserv - ok
14:14:03.0824 2664 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:14:03.0886 2664 cdfs - ok
14:14:04.0073 2664 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:14:04.0229 2664 cdrom - ok
14:14:04.0292 2664 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:14:04.0354 2664 CertPropSvc - ok
14:14:04.0385 2664 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:14:04.0417 2664 circlass - ok
14:14:04.0463 2664 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:14:04.0526 2664 CLFS - ok
14:14:05.0165 2664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:05.0243 2664 clr_optimization_v2.0.50727_32 - ok
14:14:06.0320 2664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:07.0630 2664 clr_optimization_v4.0.30319_32 - ok
14:14:07.0693 2664 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:07.0739 2664 CmBatt - ok
14:14:07.0833 2664 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:14:07.0849 2664 cmdide - ok
14:14:07.0927 2664 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:14:07.0989 2664 CNG - ok
14:14:08.0051 2664 [ C7FF2F6DF3FB4D4A0DF899CA744B0C27 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
14:14:08.0114 2664 CnxtHdAudService - ok
14:14:08.0161 2664 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:14:08.0176 2664 Compbatt - ok
14:14:08.0254 2664 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:14:08.0301 2664 CompositeBus - ok
14:14:08.0317 2664 COMSysApp - ok
14:14:08.0348 2664 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:08.0379 2664 crcdisk - ok
14:14:08.0457 2664 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:14:08.0519 2664 CryptSvc - ok
14:14:08.0956 2664 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:14:09.0034 2664 CSC - ok
14:14:09.0112 2664 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:14:09.0175 2664 CscService - ok
14:14:09.0237 2664 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
14:14:09.0299 2664 CVirtA - ok
14:14:09.0393 2664 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:14:09.0502 2664 CVPND - ok
14:14:09.0565 2664 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
14:14:09.0627 2664 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:14:09.0627 2664 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:14:09.0705 2664 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:14:09.0767 2664 DcomLaunch - ok
14:14:09.0814 2664 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:14:09.0923 2664 defragsvc - ok
14:14:10.0033 2664 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:14:10.0095 2664 DfsC - ok
14:14:10.0189 2664 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:14:10.0267 2664 Dhcp - ok
14:14:10.0282 2664 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:14:10.0345 2664 discache - ok
14:14:10.0376 2664 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:14:10.0407 2664 Disk - ok
14:14:10.0469 2664 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
14:14:10.0485 2664 DNE - ok
14:14:10.0579 2664 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:14:10.0922 2664 Dnscache - ok
14:14:10.0984 2664 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:14:11.0062 2664 dot3svc - ok
14:14:11.0125 2664 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:14:11.0203 2664 DPS - ok
14:14:11.0234 2664 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:14:11.0265 2664 drmkaud - ok
14:14:11.0421 2664 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:14:11.0530 2664 DXGKrnl - ok
14:14:11.0593 2664 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:14:11.0671 2664 EapHost - ok
14:14:11.0951 2664 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:14:12.0170 2664 ebdrv - ok
14:14:12.0232 2664 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:14:12.0295 2664 EFS - ok
14:14:12.0451 2664 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:14:12.0638 2664 ehRecvr - ok
14:14:12.0887 2664 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:14:12.0965 2664 ehSched - ok
14:14:13.0106 2664 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:14:13.0153 2664 elxstor - ok
14:14:13.0168 2664 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:14:13.0262 2664 ErrDev - ok
14:14:13.0309 2664 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:14:13.0387 2664 EventSystem - ok
14:14:13.0402 2664 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:14:13.0480 2664 exfat - ok
14:14:13.0496 2664 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:14:13.0574 2664 fastfat - ok
14:14:13.0667 2664 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:14:13.0792 2664 Fax - ok
14:14:13.0839 2664 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:14:13.0901 2664 fdc - ok
14:14:13.0917 2664 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:14:14.0026 2664 fdPHost - ok
14:14:14.0057 2664 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:14:14.0120 2664 FDResPub - ok
14:14:14.0167 2664 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:14:14.0198 2664 FileInfo - ok
14:14:14.0229 2664 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:14:14.0291 2664 Filetrace - ok
14:14:14.0323 2664 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:14.0369 2664 flpydisk - ok
14:14:14.0401 2664 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:14:14.0479 2664 FltMgr - ok
14:14:14.0588 2664 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:14:15.0040 2664 FontCache - ok
14:14:15.0118 2664 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:14:15.0134 2664 FontCache3.0.0.0 - ok
14:14:15.0165 2664 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:14:15.0212 2664 FsDepends - ok
14:14:15.0259 2664 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:14:15.0290 2664 Fs_Rec - ok
14:14:15.0399 2664 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:14:15.0446 2664 fvevol - ok
14:14:15.0493 2664 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:15.0524 2664 gagp30kx - ok
14:14:15.0602 2664 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:14:15.0742 2664 gpsvc - ok
14:14:15.0789 2664 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:14:15.0836 2664 hcw85cir - ok
14:14:15.0898 2664 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:14:15.0961 2664 HdAudAddService - ok
14:14:16.0007 2664 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:14:16.0039 2664 HDAudBus - ok
14:14:16.0070 2664 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:16.0101 2664 HidBatt - ok
14:14:16.0132 2664 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:14:16.0226 2664 HidBth - ok
14:14:16.0257 2664 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:14:16.0304 2664 HidIr - ok
14:14:16.0335 2664 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:14:16.0460 2664 hidserv - ok
14:14:16.0538 2664 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:14:16.0569 2664 HidUsb - ok
14:14:16.0990 2664 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:14:17.0084 2664 hkmsvc - ok
14:14:17.0193 2664 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:14:17.0302 2664 HomeGroupListener - ok
14:14:17.0396 2664 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:14:17.0489 2664 HomeGroupProvider - ok
14:14:17.0770 2664 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:14:17.0833 2664 HpSAMD - ok
14:14:17.0957 2664 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:14:18.0035 2664 HTTP - ok
14:14:18.0113 2664 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:14:18.0207 2664 hwpolicy - ok
14:14:18.0301 2664 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:14:18.0363 2664 i8042prt - ok
14:14:18.0410 2664 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:14:18.0457 2664 iaStorV - ok
14:14:18.0535 2664 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:14:18.0550 2664 IBMPMDRV - ok
14:14:18.0847 2664 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
14:14:18.0862 2664 IBMPMSVC - ok
14:14:19.0049 2664 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:14:19.0159 2664 idsvc - ok
14:14:19.0205 2664 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:14:19.0237 2664 iirsp - ok
14:14:19.0330 2664 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:14:19.0471 2664 IKEEXT - ok
14:14:19.0580 2664 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:14:19.0611 2664 intelide - ok
14:14:19.0658 2664 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:14:19.0689 2664 intelppm - ok
14:14:19.0736 2664 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:14:19.0798 2664 IPBusEnum - ok
14:14:19.0845 2664 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:19.0939 2664 IpFilterDriver - ok
14:14:20.0032 2664 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:14:20.0204 2664 iphlpsvc - ok
14:14:20.0344 2664 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:14:20.0391 2664 IPMIDRV - ok
14:14:20.0422 2664 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:14:20.0469 2664 IPNAT - ok
14:14:20.0516 2664 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:14:21.0187 2664 IRENUM - ok
14:14:21.0202 2664 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:14:21.0233 2664 isapnp - ok
14:14:21.0374 2664 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:14:21.0436 2664 iScsiPrt - ok
14:14:21.0452 2664 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:21.0483 2664 kbdclass - ok
14:14:21.0545 2664 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:21.0608 2664 kbdhid - ok
14:14:21.0639 2664 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:14:21.0655 2664 KeyIso - ok
14:14:21.0733 2664 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:14:21.0764 2664 KSecDD - ok
14:14:21.0873 2664 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:14:21.0904 2664 KSecPkg - ok
14:14:21.0982 2664 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:14:22.0060 2664 KtmRm - ok
14:14:22.0107 2664 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:14:22.0169 2664 LanmanServer - ok
14:14:22.0201 2664 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:14:22.0263 2664 LanmanWorkstation - ok
14:14:22.0403 2664 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:14:22.0450 2664 LBTServ - ok
14:14:22.0544 2664 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:14:22.0575 2664 LENOVO.CAMMUTE - ok
14:14:22.0871 2664 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:14:22.0903 2664 LENOVO.MICMUTE - ok
14:14:22.0934 2664 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
14:14:22.0981 2664 lenovo.smi - ok
14:14:23.0012 2664 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:14:23.0043 2664 LENOVO.TPKNRSVC - ok
14:14:23.0074 2664 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:14:23.0105 2664 Lenovo.VIRTSCRLSVC - ok
14:14:23.0168 2664 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
14:14:23.0183 2664 LEqdUsb - ok
14:14:23.0215 2664 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
14:14:23.0246 2664 LHidEqd - ok
14:14:23.0339 2664 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:14:23.0371 2664 LHidFilt - ok
14:14:23.0417 2664 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:14:23.0480 2664 lltdio - ok
14:14:23.0527 2664 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:14:23.0589 2664 lltdsvc - ok
14:14:23.0605 2664 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:14:23.0667 2664 lmhosts - ok
14:14:23.0729 2664 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:14:23.0761 2664 LMouFilt - ok
14:14:23.0807 2664 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:23.0885 2664 LSI_FC - ok
14:14:23.0901 2664 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:23.0948 2664 LSI_SAS - ok
14:14:23.0963 2664 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:24.0010 2664 LSI_SAS2 - ok
14:14:24.0041 2664 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:24.0073 2664 LSI_SCSI - ok
14:14:24.0104 2664 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:14:24.0151 2664 luafv - ok
14:14:24.0307 2664 [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
14:14:24.0385 2664 lxecCATSCustConnectService - ok
14:14:24.0400 2664 lxec_device - ok
14:14:24.0463 2664 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:14:24.0494 2664 Mcx2Svc - ok
14:14:24.0525 2664 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:14:24.0556 2664 megasas - ok
14:14:24.0697 2664 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:24.0728 2664 MegaSR - ok
14:14:24.0790 2664 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:14:24.0868 2664 MMCSS - ok
14:14:24.0915 2664 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:14:24.0977 2664 Modem - ok
14:14:25.0055 2664 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:14:25.0102 2664 monitor - ok
14:14:25.0133 2664 motccgp - ok
14:14:25.0133 2664 motccgpfl - ok
14:14:25.0149 2664 motmodem - ok
14:14:25.0165 2664 MotoSwitchService - ok
14:14:25.0196 2664 Motousbnet - ok
14:14:25.0211 2664 motusbdevice - ok
14:14:25.0274 2664 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:14:25.0305 2664 mouclass - ok
14:14:25.0336 2664 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:14:25.0383 2664 mouhid - ok
14:14:25.0445 2664 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:14:25.0477 2664 mountmgr - ok
14:14:25.0555 2664 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:14:25.0601 2664 mpio - ok
14:14:25.0648 2664 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:14:25.0804 2664 mpsdrv - ok
14:14:26.0007 2664 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:14:26.0272 2664 MpsSvc - ok
14:14:26.0319 2664 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:14:26.0397 2664 MRxDAV - ok
14:14:26.0459 2664 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:26.0537 2664 mrxsmb - ok
14:14:26.0584 2664 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:26.0756 2664 mrxsmb10 - ok
14:14:26.0834 2664 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:26.0865 2664 mrxsmb20 - ok
14:14:26.0912 2664 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:14:26.0943 2664 msahci - ok
14:14:27.0005 2664 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:14:27.0037 2664 msdsm - ok
14:14:27.0068 2664 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:14:27.0161 2664 MSDTC - ok
14:14:27.0208 2664 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:14:27.0255 2664 Msfs - ok
14:14:27.0286 2664 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:14:27.0349 2664 mshidkmdf - ok
14:14:27.0395 2664 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:14:27.0427 2664 msisadrv - ok
14:14:27.0473 2664 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:14:27.0536 2664 MSiSCSI - ok
14:14:27.0551 2664 msiserver - ok
14:14:27.0583 2664 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:14:27.0629 2664 MSKSSRV - ok
14:14:27.0661 2664 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:27.0723 2664 MSPCLOCK - ok
14:14:27.0754 2664 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:14:27.0801 2664 MSPQM - ok
14:14:27.0863 2664 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:14:27.0895 2664 MsRPC - ok
14:14:27.0973 2664 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:14:27.0988 2664 mssmbios - ok
14:14:28.0019 2664 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:14:28.0066 2664 MSTEE - ok
14:14:28.0097 2664 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:28.0144 2664 MTConfig - ok
14:14:28.0191 2664 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:14:28.0222 2664 Mup - ok
14:14:28.0300 2664 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:14:28.0347 2664 napagent - ok
14:14:28.0425 2664 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:14:28.0487 2664 NativeWifiP - ok
14:14:28.0737 2664 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:14:28.0799 2664 NDIS - ok
14:14:28.0831 2664 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:28.0893 2664 NdisCap - ok
14:14:28.0924 2664 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:28.0987 2664 NdisTapi - ok
14:14:29.0049 2664 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:29.0111 2664 Ndisuio - ok
14:14:29.0158 2664 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:29.0221 2664 NdisWan - ok
14:14:29.0252 2664 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:14:29.0361 2664 NDProxy - ok
14:14:29.0392 2664 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:14:29.0455 2664 NetBIOS - ok
14:14:29.0517 2664 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:14:29.0595 2664 NetBT - ok
14:14:29.0611 2664 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:14:29.0642 2664 Netlogon - ok
14:14:29.0689 2664 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:14:29.0751 2664 Netman - ok
14:14:29.0813 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:29.0845 2664 NetMsmqActivator - ok
14:14:29.0860 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:29.0876 2664 NetPipeActivator - ok
14:14:29.0923 2664 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:14:30.0001 2664 netprofm - ok
14:14:30.0047 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:30.0063 2664 NetTcpActivator - ok
14:14:30.0110 2664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:30.0125 2664 NetTcpPortSharing - ok
14:14:30.0172 2664 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:30.0219 2664 nfrd960 - ok
14:14:30.0297 2664 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:14:30.0406 2664 NlaSvc - ok
14:14:30.0547 2664 [ 99145C5D4B6C4D6F5CE83EE6ABFFE294 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
14:14:30.0734 2664 nmwcdnsu - ok
14:14:30.0874 2664 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:14:30.0968 2664 Npfs - ok
14:14:31.0077 2664 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:14:31.0155 2664 nsi - ok
14:14:31.0186 2664 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:14:31.0249 2664 nsiproxy - ok
14:14:31.0436 2664 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:14:31.0561 2664 Ntfs - ok
14:14:31.0592 2664 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:14:31.0654 2664 Null - ok
14:14:31.0685 2664 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:14:31.0717 2664 nvraid - ok
14:14:31.0795 2664 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:14:31.0826 2664 nvstor - ok
14:14:31.0888 2664 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:14:31.0935 2664 nv_agp - ok
14:14:31.0997 2664 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:14:32.0122 2664 ohci1394 - ok
14:14:32.0169 2664 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:32.0200 2664 ose - ok
14:14:32.0247 2664 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:14:32.0325 2664 p2pimsvc - ok
14:14:32.0356 2664 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:14:32.0387 2664 p2psvc - ok
14:14:32.0419 2664 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:14:32.0465 2664 Parport - ok
14:14:32.0528 2664 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:14:32.0559 2664 partmgr - ok
14:14:32.0606 2664 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:14:32.0684 2664 Parvdm - ok
14:14:32.0731 2664 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:14:32.0793 2664 PcaSvc - ok
14:14:32.0887 2664 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{3037D694-FD904ACA-06020200}_0 c:\program files\pc-doctor\pcdsrvc.pkms
14:14:32.0949 2664 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
14:14:32.0996 2664 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:14:33.0011 2664 pci - ok
14:14:33.0136 2664 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:14:33.0167 2664 pciide - ok
14:14:33.0199 2664 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:33.0245 2664 pcmcia - ok
14:14:33.0261 2664 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:14:33.0292 2664 pcw - ok
14:14:33.0370 2664 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:14:33.0495 2664 PEAUTH - ok
14:14:33.0542 2664 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:14:33.0651 2664 PeerDistSvc - ok
14:14:33.0947 2664 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:14:34.0088 2664 pla - ok
14:14:34.0119 2664 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:14:34.0197 2664 PlugPlay - ok
14:14:34.0244 2664 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:14:34.0291 2664 PNRPAutoReg - ok
14:14:34.0337 2664 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:14:34.0353 2664 PNRPsvc - ok
14:14:34.0509 2664 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:14:34.0634 2664 PolicyAgent - ok
14:14:34.0712 2664 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:14:34.0774 2664 Power - ok
14:14:34.0852 2664 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:14:34.0883 2664 Power Manager DBC Service - ok
14:14:34.0915 2664 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:14:34.0977 2664 PptpMiniport - ok
14:14:35.0008 2664 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:14:35.0055 2664 Processor - ok
14:14:35.0117 2664 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:14:35.0180 2664 ProfSvc - ok
14:14:35.0195 2664 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:14:35.0211 2664 ProtectedStorage - ok
14:14:35.0258 2664 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:14:35.0320 2664 Psched - ok
14:14:35.0445 2664 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:14:35.0648 2664 ql2300 - ok
14:14:35.0710 2664 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:14:35.0741 2664 ql40xx - ok
14:14:35.0788 2664 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:14:35.0835 2664 QWAVE - ok
14:14:35.0882 2664 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:14:35.0944 2664 QWAVEdrv - ok
14:14:35.0975 2664 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:14:36.0038 2664 RasAcd - ok
14:14:36.0069 2664 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:14:36.0131 2664 RasAgileVpn - ok
14:14:36.0147 2664 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:14:36.0241 2664 RasAuto - ok
14:14:36.0272 2664 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:14:36.0334 2664 Rasl2tp - ok
14:14:36.0428 2664 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:14:36.0506 2664 RasMan - ok
14:14:36.0537 2664 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:14:36.0599 2664 RasPppoe - ok
14:14:36.0631 2664 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:14:36.0709 2664 RasSstp - ok
14:14:36.0818 2664 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:14:36.0927 2664 rdbss - ok
14:14:36.0974 2664 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:14:37.0021 2664 rdpbus - ok
14:14:37.0083 2664 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:14:37.0208 2664 RDPCDD - ok
14:14:37.0317 2664 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:14:37.0395 2664 RDPDR - ok
14:14:37.0442 2664 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:14:37.0489 2664 RDPENCDD - ok
14:14:37.0520 2664 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:14:37.0567 2664 RDPREFMP - ok
14:14:37.0691 2664 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:14:37.0785 2664 RDPWD - ok
14:14:37.0847 2664 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:14:37.0894 2664 rdyboost - ok
14:14:37.0910 2664 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:14:37.0972 2664 RemoteAccess - ok
14:14:38.0019 2664 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:14:38.0097 2664 RemoteRegistry - ok
14:14:38.0144 2664 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:14:38.0206 2664 RpcEptMapper - ok
14:14:38.0237 2664 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:14:38.0284 2664 RpcLocator - ok
14:14:38.0315 2664 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:14:38.0362 2664 RpcSs - ok
14:14:38.0393 2664 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:14:38.0549 2664 rspndr - ok
14:14:38.0659 2664 [ 7CC293D2F95F8D0A5A4883E21B303D89 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:14:38.0721 2664 RSUSBSTOR - ok
14:14:38.0861 2664 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:14:38.0908 2664 RTL8167 - ok
14:14:38.0971 2664 [ 8E2CB65B05B102F2ADEEBE4C76BF11B6 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
14:14:39.0111 2664 rtl8192se - ok
14:14:39.0205 2664 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:14:39.0267 2664 s3cap - ok
14:14:39.0298 2664 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:14:39.0314 2664 SamSs - ok
14:14:39.0392 2664 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:14:39.0423 2664 sbp2port - ok
14:14:39.0439 2664 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:14:39.0517 2664 SCardSvr - ok
14:14:39.0563 2664 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:14:39.0673 2664 scfilter - ok
14:14:39.0797 2664 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:14:39.0922 2664 Schedule - ok
14:14:39.0985 2664 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:14:40.0031 2664 SCPolicySvc - ok
14:14:40.0047 2664 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:14:40.0125 2664 SDRSVC - ok
14:14:40.0187 2664 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:14:40.0234 2664 secdrv - ok
14:14:40.0297 2664 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:14:40.0390 2664 seclogon - ok
14:14:40.0421 2664 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:14:40.0484 2664 SENS - ok
14:14:40.0546 2664 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:14:40.0624 2664 SensrSvc - ok
14:14:40.0655 2664 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:14:40.0780 2664 Serenum - ok
14:14:40.0811 2664 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:14:40.0874 2664 Serial - ok
14:14:40.0889 2664 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:14:40.0921 2664 sermouse - ok
14:14:41.0077 2664 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:14:41.0170 2664 SessionEnv - ok
14:14:41.0248 2664 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:14:41.0373 2664 sffdisk - ok
14:14:41.0389 2664 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:14:41.0420 2664 sffp_mmc - ok
14:14:41.0467 2664 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:14:41.0529 2664 sffp_sd - ok
14:14:41.0560 2664 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:14:41.0607 2664 sfloppy - ok
14:14:41.0669 2664 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:14:41.0747 2664 SharedAccess - ok
14:14:41.0825 2664 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:14:41.0903 2664 ShellHWDetection - ok
14:14:41.0919 2664 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:14:41.0950 2664 sisagp - ok
14:14:41.0997 2664 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:14:42.0028 2664 SiSRaid2 - ok
14:14:42.0044 2664 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:14:42.0075 2664 SiSRaid4 - ok
14:14:42.0137 2664 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:14:42.0200 2664 Smb - ok
14:14:42.0247 2664 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:14:42.0262 2664 SNMPTRAP - ok
14:14:42.0309 2664 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:14:42.0325 2664 spldr - ok
14:14:42.0387 2664 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:14:42.0434 2664 Spooler - ok
14:14:42.0699 2664 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:14:42.0855 2664 sppsvc - ok
14:14:42.0933 2664 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:14:42.0980 2664 sppuinotify - ok
14:14:43.0089 2664 [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd C:\Windows\System32\Drivers\sptd.sys
14:14:43.0089 2664 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
14:14:43.0105 2664 sptd ( LockedFile.Multi.Generic ) - warning
14:14:43.0105 2664 sptd - detected LockedFile.Multi.Generic (1)
14:14:43.0214 2664 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:14:43.0323 2664 srv - ok
14:14:43.0339 2664 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:14:43.0401 2664 srv2 - ok
14:14:43.0432 2664 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:14:43.0463 2664 srvnet - ok
14:14:43.0510 2664 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:14:43.0604 2664 SSDPSRV - ok
14:14:43.0666 2664 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:14:43.0697 2664 ssmdrv - ok
14:14:43.0744 2664 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:14:43.0822 2664 SstpSvc - ok
14:14:43.0885 2664 Steam Client Service - ok
14:14:43.0931 2664 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:14:43.0963 2664 stexstor - ok
14:14:44.0056 2664 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:14:44.0181 2664 StiSvc - ok
14:14:44.0243 2664 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:14:44.0259 2664 storflt - ok
14:14:44.0306 2664 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:14:44.0337 2664 StorSvc - ok
14:14:44.0431 2664 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:14:44.0477 2664 storvsc - ok
14:14:44.0524 2664 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
14:14:44.0618 2664 swenum - ok
14:14:44.0774 2664 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:14:44.0883 2664 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:14:44.0883 2664 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:14:44.0914 2664 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:14:44.0992 2664 swprv - ok
14:14:45.0039 2664 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:14:45.0070 2664 SynTP - ok
14:14:45.0211 2664 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:14:45.0273 2664 SysMain - ok
14:14:45.0320 2664 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:14:45.0367 2664 TabletInputService - ok
14:14:45.0476 2664 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:14:45.0554 2664 TapiSrv - ok
14:14:45.0585 2664 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:14:45.0663 2664 TBS - ok
14:14:45.0819 2664 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:14:45.0975 2664 Tcpip - ok
14:14:46.0037 2664 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:14:46.0084 2664 TCPIP6 - ok
14:14:46.0178 2664 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:14:46.0318 2664 tcpipreg - ok
14:14:46.0396 2664 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:14:46.0459 2664 TDPIPE - ok
14:14:46.0521 2664 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:14:46.0552 2664 TDTCP - ok
14:14:46.0615 2664 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:14:46.0677 2664 tdx - ok
14:14:46.0817 2664 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:14:46.0864 2664 TermDD - ok
14:14:46.0942 2664 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:14:47.0020 2664 TermService - ok
14:14:47.0051 2664 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:14:47.0098 2664 Themes - ok
14:14:47.0129 2664 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:14:47.0176 2664 THREADORDER - ok
14:14:47.0239 2664 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:14:47.0270 2664 TPHKSVC - ok
14:14:47.0332 2664 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
14:14:47.0348 2664 TPPWRIF - ok
14:14:47.0395 2664 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:14:47.0519 2664 TrkWks - ok
14:14:47.0613 2664 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:14:47.0660 2664 TrustedInstaller - ok
14:14:47.0753 2664 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:14:47.0847 2664 tssecsrv - ok
14:14:47.0925 2664 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:14:47.0987 2664 TsUsbFlt - ok
14:14:48.0065 2664 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:14:48.0128 2664 tunnel - ok
14:14:48.0159 2664 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:14:48.0190 2664 uagp35 - ok
14:14:48.0253 2664 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:14:48.0331 2664 udfs - ok
14:14:48.0377 2664 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:14:48.0424 2664 UI0Detect - ok
14:14:48.0471 2664 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:14:48.0502 2664 uliagpkx - ok
14:14:48.0580 2664 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
14:14:48.0643 2664 umbus - ok
14:14:48.0689 2664 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:14:48.0721 2664 UmPass - ok
14:14:48.0799 2664 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:14:48.0923 2664 UmRdpService - ok
14:14:48.0986 2664 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:14:49.0079 2664 upnphost - ok
14:14:49.0142 2664 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:14:49.0189 2664 usbaudio - ok
14:14:49.0267 2664 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:14:49.0313 2664 usbccgp - ok
14:14:49.0376 2664 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:14:49.0438 2664 usbcir - ok
14:14:49.0501 2664 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:14:49.0532 2664 usbehci - ok
14:14:49.0563 2664 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:14:49.0625 2664 usbhub - ok
14:14:49.0672 2664 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:14:49.0719 2664 usbohci - ok
14:14:49.0766 2664 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:14:49.0797 2664 usbprint - ok
14:14:49.0859 2664 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:14:49.0906 2664 usbscan - ok
14:14:49.0969 2664 [ 07EA2284C901AD3F5D1CF56268DADC6D ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
14:14:50.0031 2664 usbsmi - ok
14:14:50.0047 2664 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:50.0109 2664 USBSTOR - ok
14:14:50.0171 2664 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:14:50.0234 2664 usbuhci - ok
14:14:50.0281 2664 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:14:50.0327 2664 usbvideo - ok
14:14:50.0374 2664 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:14:50.0515 2664 UxSms - ok
14:14:50.0530 2664 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:14:50.0561 2664 VaultSvc - ok
14:14:50.0577 2664 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:14:50.0608 2664 vdrvroot - ok
14:14:50.0702 2664 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:14:50.0858 2664 vds - ok
14:14:50.0905 2664 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:50.0936 2664 vga - ok
14:14:50.0951 2664 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:14:51.0014 2664 VgaSave - ok
14:14:51.0123 2664 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:14:51.0185 2664 vhdmp - ok
14:14:51.0232 2664 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:14:51.0263 2664 viaagp - ok
14:14:51.0295 2664 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:14:51.0341 2664 ViaC7 - ok
14:14:51.0357 2664 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:14:51.0388 2664 viaide - ok
14:14:51.0466 2664 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:14:51.0544 2664 vmbus - ok
14:14:51.0560 2664 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:14:51.0607 2664 VMBusHID - ok
14:14:51.0638 2664 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:14:51.0669 2664 volmgr - ok
14:14:51.0731 2664 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:14:51.0856 2664 volmgrx - ok
14:14:51.0950 2664 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:14:51.0997 2664 volsnap - ok
14:14:52.0012 2664 vpnva - ok
14:14:52.0059 2664 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:52.0090 2664 vsmraid - ok
14:14:52.0246 2664 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:14:52.0402 2664 VSS - ok
14:14:52.0433 2664 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:14:52.0496 2664 vwifibus - ok
14:14:52.0511 2664 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:14:52.0558 2664 vwififlt - ok
14:14:52.0605 2664 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:14:52.0636 2664 vwifimp - ok
14:14:52.0699 2664 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:14:52.0855 2664 W32Time - ok
14:14:52.0917 2664 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:14:52.0979 2664 WacomPen - ok
14:14:52.0995 2664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:14:53.0057 2664 WANARP - ok
14:14:53.0057 2664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:14:53.0120 2664 Wanarpv6 - ok
14:14:53.0213 2664 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:14:53.0432 2664 WatAdminSvc - ok
14:14:53.0681 2664 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:14:53.0853 2664 wbengine - ok
14:14:53.0915 2664 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:14:53.0993 2664 WbioSrvc - ok
14:14:54.0071 2664 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:14:54.0149 2664 wcncsvc - ok
14:14:54.0181 2664 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:14:54.0243 2664 WcsPlugInService - ok
14:14:54.0274 2664 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:14:54.0337 2664 Wd - ok
14:14:54.0383 2664 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:14:54.0524 2664 Wdf01000 - ok
14:14:54.0571 2664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:14:54.0633 2664 WdiServiceHost - ok
14:14:54.0649 2664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:14:54.0680 2664 WdiSystemHost - ok
14:14:54.0742 2664 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:14:54.0914 2664 WebClient - ok
14:14:54.0945 2664 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:14:55.0007 2664 Wecsvc - ok
14:14:55.0039 2664 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:14:55.0101 2664 wercplsupport - ok
14:14:55.0132 2664 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:14:55.0226 2664 WerSvc - ok
14:14:55.0257 2664 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:55.0304 2664 WfpLwf - ok
14:14:55.0335 2664 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:14:55.0429 2664 WIMMount - ok
14:14:55.0507 2664 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:14:55.0600 2664 WinDefend - ok
14:14:55.0616 2664 WinHttpAutoProxySvc - ok
14:14:55.0772 2664 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:14:55.0865 2664 Winmgmt - ok
14:14:55.0990 2664 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:14:56.0131 2664 WinRM - ok
14:14:56.0224 2664 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:56.0287 2664 WinUsb - ok
14:14:56.0411 2664 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:14:56.0505 2664 Wlansvc - ok
14:14:56.0583 2664 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:14:56.0630 2664 WmiAcpi - ok
14:14:56.0661 2664 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:14:56.0708 2664 wmiApSrv - ok
14:14:56.0942 2664 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:14:57.0020 2664 WMPNetworkSvc - ok
14:14:57.0051 2664 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:14:57.0098 2664 WPCSvc - ok
14:14:57.0160 2664 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:14:57.0207 2664 WPDBusEnum - ok
14:14:57.0238 2664 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:14:57.0301 2664 ws2ifsl - ok
14:14:57.0332 2664 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:14:57.0379 2664 wscsvc - ok
14:14:57.0394 2664 WSearch - ok
14:14:57.0675 2664 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:14:57.0784 2664 wuauserv - ok
14:14:57.0815 2664 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:14:57.0862 2664 WudfPf - ok
14:14:57.0940 2664 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:58.0003 2664 WUDFRd - ok
14:14:58.0127 2664 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:14:58.0221 2664 wudfsvc - ok
14:14:58.0268 2664 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:14:58.0361 2664 WwanSvc - ok
14:14:58.0393 2664 ================ Scan global ===============================
14:14:58.0439 2664 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:14:58.0580 2664 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:14:58.0720 2664 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:14:58.0861 2664 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:14:58.0892 2664 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:14:58.0923 2664 [Global] - ok
14:14:58.0923 2664 ================ Scan MBR ==================================
14:14:58.0939 2664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:15:00.0171 2664 \Device\Harddisk0\DR0 - ok
14:15:00.0171 2664 ================ Scan VBR ==================================
14:15:00.0202 2664 [ FE6A91DF3DAC081941B11F8CE7C173E8 ] \Device\Harddisk0\DR0\Partition1
14:15:00.0218 2664 \Device\Harddisk0\DR0\Partition1 - ok
14:15:00.0233 2664 [ 0ACF6B2ADBBF808296BECFB8330489E4 ] \Device\Harddisk0\DR0\Partition2
14:15:00.0233 2664 \Device\Harddisk0\DR0\Partition2 - ok
14:15:00.0249 2664 ============================================================
14:15:00.0249 2664 Scan finished
14:15:00.0249 2664 ============================================================
14:15:00.0280 2812 Detected object count: 3
14:15:00.0280 2812 Actual detected object count: 3
14:15:23.0899 2812 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:23.0899 2812 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:15:23.0899 2812 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:15:23.0899 2812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:15:23.0914 2812 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:23.0914 2812 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 14:18:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 59,03% Memory free 3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 81,01 Gb Free Space | 34,80% Space Free | Partition Type: NTFS Computer Name: THOMAS-THINKPAD | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) ========== Modules (No Company Name) ========== MOD - C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (lxec_device) -- C:\Windows\System32\lxeccoms.exe ( ) SRV - (lxecCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe () SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2967869 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 DC 53 11 51 D1 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "GIGA Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.9 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.backup.ftp: "94.185.245.84" FF - prefs.js..network.proxy.backup.ftp_port: 3129 FF - prefs.js..network.proxy.backup.gopher: "94.185.245.84" FF - prefs.js..network.proxy.backup.gopher_port: 3129 FF - prefs.js..network.proxy.backup.socks: "94.185.245.84" FF - prefs.js..network.proxy.backup.socks_port: 3129 FF - prefs.js..network.proxy.backup.ssl: "94.185.245.84" FF - prefs.js..network.proxy.backup.ssl_port: 3129 FF - prefs.js..network.proxy.ftp: "93.189.5.138" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "93.189.5.138" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "93.189.5.138" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "93.189.5.138" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "93.189.5.138" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 14:43:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.20 14:43:31 | 000,000,000 | ---D | M] [2010.10.01 19:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.09.13 12:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\5b47xun6.default\extensions [2012.07.25 10:01:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 12:51:02 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011.08.31 11:28:22 | 000,000,927 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\searchplugins\conduit.xml [2010.10.21 19:45:55 | 000,001,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\5b47xun6.default\searchplugins\urban-dictionary.xml [2012.04.06 08:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.06 08:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.01.20 14:43:30 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.06 08:37:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.20 14:43:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.20 14:43:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.20 14:43:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.20 14:43:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.20 14:43:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.20 14:43:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.30 19:37:05 | 000,002,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O1 - Hosts: 46 more lines... O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24486484-D838-4D66-AA29-C56ED9E69508}: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{96af0c33-4275-11e0-83cd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{96af0c33-4275-11e0-83cd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -a O33 - MountPoints2\{d6639e4f-d6df-11df-bdb2-60eb6915f9b9}\Shell - "" = AutoRun O33 - MountPoints2\{d6639e4f-d6df-11df-bdb2-60eb6915f9b9}\Shell\AutoRun\command - "" = D:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 14:17:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.10 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\tdsskiller [2012.10.10 01:27:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.10.10 01:23:03 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 01:23:02 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 00:58:52 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe [2012.10.10 00:39:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 00:39:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 00:39:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 00:39:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 00:39:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 00:39:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 00:39:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 00:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 00:39:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 00:39:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 00:38:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 00:38:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 00:38:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 00:38:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 00:38:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 00:38:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 00:38:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 00:38:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 00:09:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.10.10 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.10 00:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.10 00:08:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.10 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.10 00:06:44 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Thomas\Desktop\mbam-setup-1.65.0.1400.exe [2012.10.09 23:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0980A25954AD723600FF097FA44CE46C [2012.09.27 19:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung OCR Software [2012.09.24 15:34:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.24 15:34:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.24 15:34:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.24 15:34:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.24 15:34:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.24 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Unified Remote [2012.09.21 11:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2012.09.21 11:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.09.21 11:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.09.12 09:33:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.09.12 09:33:39 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.12 09:33:39 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.09.12 09:33:18 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [1 C:\Users\Thomas\*.tmp files -> C:\Users\Thomas\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 14:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.10.10 14:15:52 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 14:15:52 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 14:08:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.10.10 14:08:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 14:08:04 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 14:03:48 | 002,193,278 | ---- | M] () -- C:\Users\Thomas\Desktop\tdsskiller.zip [2012.10.10 01:27:28 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.10 01:27:28 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.10 01:27:28 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.10 01:27:28 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.10 00:58:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe [2012.10.10 00:08:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.10 00:07:17 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Thomas\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.27 19:27:27 | 000,407,865 | ---- | M] () -- C:\Users\Thomas\Desktop\Ganzseitiges Foto.pdf [2012.09.27 16:33:22 | 000,268,187 | ---- | M] () -- C:\Users\Thomas\Desktop\NONE.pdf [2012.09.26 19:21:52 | 000,070,253 | ---- | M] () -- C:\Users\Thomas\Desktop\Booking.com_ Bestätigung.pdf [2012.09.21 11:50:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.09.18 13:31:05 | 000,016,668 | ---- | M] () -- C:\Users\Thomas\Desktop\test.png [2012.09.18 12:55:14 | 000,629,169 | ---- | M] () -- C:\Users\Thomas\Desktop\Sheet_001.jpg [2012.09.17 20:04:23 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.09.14 22:39:00 | 000,109,930 | ---- | M] () -- C:\Users\Thomas\Desktop\232323232%7Ffp635;9)nu=;45 ) 66)25;)WSNRCG=33;8498;5334(nu0mrj.jpg [2012.09.14 22:10:41 | 000,278,998 | ---- | M] () -- C:\Users\Thomas\Desktop\Foto.JPG [2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.09.12 15:26:55 | 000,000,473 | ---- | M] () -- C:\Users\Thomas\Desktop\ras [2012.09.10 18:30:29 | 003,578,715 | ---- | M] () -- C:\Users\Thomas\Documents\.RData [2012.09.10 18:30:29 | 000,012,233 | ---- | M] () -- C:\Users\Thomas\Documents\.Rhistory [1 C:\Users\Thomas\*.tmp files -> C:\Users\Thomas\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 14:03:44 | 002,193,278 | ---- | C] () -- C:\Users\Thomas\Desktop\tdsskiller.zip [2012.10.10 00:08:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.27 19:25:08 | 000,407,865 | ---- | C] () -- C:\Users\Thomas\Desktop\Ganzseitiges Foto.pdf [2012.09.27 16:33:22 | 000,268,187 | ---- | C] () -- C:\Users\Thomas\Desktop\NONE.pdf [2012.09.26 19:21:48 | 000,070,253 | ---- | C] () -- C:\Users\Thomas\Desktop\Booking.com_ Bestätigung.pdf [2012.09.21 11:50:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.09.18 13:31:05 | 000,016,668 | ---- | C] () -- C:\Users\Thomas\Desktop\test.png [2012.09.14 22:39:00 | 000,109,930 | ---- | C] () -- C:\Users\Thomas\Desktop\232323232%7Ffp635;9)nu=;45 ) 66)25;)WSNRCG=33;8498;5334(nu0mrj.jpg [2012.09.14 22:00:18 | 000,278,998 | ---- | C] () -- C:\Users\Thomas\Desktop\Foto.JPG [2012.09.14 15:50:45 | 000,629,169 | ---- | C] () -- C:\Users\Thomas\Desktop\Sheet_001.jpg [2012.09.10 18:30:28 | 003,578,715 | ---- | C] () -- C:\Users\Thomas\Documents\.RData [2012.02.19 22:23:54 | 000,000,551 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\AutoGK.ini [2012.01.18 11:29:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.11.30 23:03:29 | 000,000,032 | ---- | C] () -- C:\Users\Thomas\.simfy [2011.10.07 10:25:08 | 000,000,337 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Perfmon.PerfmonCfg [2011.09.27 02:57:59 | 000,007,791 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2011.09.20 14:35:18 | 000,011,230 | ---- | C] () -- C:\Users\Thomas\gsview32.ini [2011.06.25 18:43:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.16 23:27:00 | 000,004,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.20 13:33:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll [2010.12.20 13:33:29 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll [2010.12.20 13:33:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll [2010.12.20 13:33:26 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll [2010.12.20 13:33:26 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll [2010.12.20 13:32:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll [2010.12.20 13:32:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll [2010.12.20 13:32:22 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll [2010.12.20 13:32:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll [2010.12.20 13:32:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll [2010.12.20 13:32:22 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe [2010.12.20 13:32:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll [2010.12.20 13:32:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe [2010.12.20 13:32:22 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll [2010.12.20 13:32:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll [2010.12.20 13:32:22 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll [2010.12.20 13:32:22 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll [2010.12.20 13:32:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll [2010.12.20 13:32:22 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe [2010.12.20 13:32:22 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll [2010.12.20 13:32:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll [2010.12.20 13:32:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll [2010.12.20 13:32:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll [2010.12.20 13:32:22 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll [2010.12.20 13:32:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll [2010.12.20 13:32:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll [2010.12.20 13:32:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll [2010.12.20 13:32:12 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll [2010.12.20 13:32:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll [2010.10.19 01:16:36 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.10.18 23:38:21 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
10.10.2012, 13:43
| #4 |
| | System Progressive Protection befall Extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 14:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 59,03% Memory free
3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 81,01 Gb Free Space | 34,80% Space Free | Partition Type: NTFS
Computer Name: THOMAS-THINKPAD | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074EBA3C-4B6B-4B32-9CCD-D3E80EB45A27}" = lport=137 | protocol=17 | dir=in | app=system |
"{16FE0E3D-664C-493D-A198-D4176BEEF4A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2876C5D6-4C80-432F-A0EC-EB60676F87EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39E8556A-0ED6-4A45-B496-A448C41EAB51}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CBF43FF-3340-4940-9FAC-B400F3F472E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CB155AF-76E0-4119-8ED0-DCF974A8751F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57502307-87FF-447E-9751-82DB3CEC31F8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{57D5F687-0176-4D06-A26F-66E0A2FF52FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C1DF542-5E17-4E81-9D68-A7B121D97C09}" = rport=10243 | protocol=6 | dir=out | app=system |
"{653E446A-A762-4F44-B663-9A455258318F}" = lport=445 | protocol=6 | dir=in | app=system |
"{74AC0643-0925-4623-9647-A82E0A5435CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87F69C0C-C6B3-4DAA-8706-93B795BCB968}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{93D01BC5-CCDF-43FF-B04D-58069A6CD605}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9435A8FA-B44D-46B0-8959-A8D32D7581FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{984601BE-64AD-46DA-9F11-1C3F93CAEB63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACADBFA9-DB78-4CE9-9730-38537481D11E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD1CDE6F-D356-4481-8034-7A7F80694F32}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7E876C4-5E9C-4623-95A3-5A163F57CAD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C165B4F6-2A8E-43B1-913A-93CF9B7954D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{C30E294C-1077-4834-89DC-A767BF232818}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C44E21E3-56BA-4B5F-AE2A-9DA6F11AA055}" = lport=139 | protocol=6 | dir=in | app=system |
"{C77CBBC6-D17A-4D8F-98DB-45CD8EA88267}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFA170AF-CAB0-47C9-AA49-E05E03F9C64E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E445CE15-7C65-4B80-AF97-74E74C225752}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0537FC7B-FBE3-42CC-A239-C4CA38BFDEDF}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{0D7CD63D-27CF-4D32-9C59-ED0EFB279991}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{201820DB-667B-4026-BEF6-EDFCED919C28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35F95FD2-2E37-45F9-9BA2-F571705A2FF9}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{44AD69AD-59DC-40E4-93AF-849B8C153171}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52872838-0488-4B7F-B263-E5DFCC80AD12}" = protocol=6 | dir=in | app=c:\program files\remote mouse\server\server.exe |
"{54728AD5-0E81-44DE-9FE6-CC70FFF46079}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A057E55-EABF-4DEE-8E78-34B23F3E714F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CCCE8DE-04BA-41D2-8F35-36173C330155}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D3DF4FC-0016-4B1D-8786-8054D4E93D96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F3B4C08-0AE2-45BC-A6E5-90106391661E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94D5D289-99A3-49E0-B88E-AC56277A1363}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96AC5F3D-9E88-492F-A01C-770E7063CBDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{98B3FF7E-33A4-4779-AB93-18EFFE760934}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{AD2A4203-7559-45D0-B7D2-D9F70C89A05F}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B02CB1C9-42CF-4FC9-943F-96E23581FA7D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B5D138D8-CBDC-429E-8E7A-A24A1C8377B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F28E63-7037-44AB-B39D-9608E3DAA4A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB40A9C8-75E1-4FAD-B0AD-9E9D6CFFFF2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF71A376-33F0-4CCC-8A05-6984D8E3C925}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D700BF59-C152-48C3-91D5-52C04050EDCE}" = protocol=6 | dir=out | app=system |
"{DB7D4E66-D029-4D6C-BA0B-F9A543085285}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC654D7E-9BD7-473E-ABAF-20EF44EB8370}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4942C8D-C0E1-409D-96F0-715405443A93}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{E973773F-1E55-41BC-9E10-E29F21886432}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{EFB64EB4-CF43-474F-A333-57298D550CBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4D0F04B-C237-4D3F-88E4-A23C785E4370}" = protocol=17 | dir=in | app=c:\program files\remote mouse\server\server.exe |
"{F4F01DE2-826E-4FA6-BB7B-4122B18AFB77}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{F984CED7-59A6-44FA-AD10-553F967889D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{01DA9E4E-D35C-43CA-8CA8-F13CDE555247}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2552C77B-06A3-46E7-8489-DA645B3F16F2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{32C8A253-1FCA-4285-99BA-CC58610470D6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{45A78FFF-A88E-4662-8D9E-BE5588DCCA3B}C:\program files\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files\tulox\tulox.exe |
"TCP Query User{5467833D-A427-47D1-A525-36842EFC87C6}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{80C7368E-8204-4F93-8B43-9D89461037E2}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{A38C45FD-5597-433C-817E-45B440B5E5D4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A9A3A94E-7F56-493D-AACD-3186698BED74}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B3124602-B1C6-4455-8ED0-D68DDB0F4F02}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{EC44A0F0-E598-44D6-8201-5658D42BA484}C:\users\thomas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F09536A2-926B-45C8-A648-B7B896EEBD97}C:\program files\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files\tulox\tulox.exe |
"UDP Query User{044CB631-C02A-4B27-9E21-D9C9442BB73A}C:\program files\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files\tulox\tulox.exe |
"UDP Query User{09885FDC-F145-48F8-8CAE-338217FDAE4B}C:\users\thomas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3C1C4BF1-E085-43A0-BF63-4D784B960F0F}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"UDP Query User{3EBD35D1-CA4F-4CEC-881A-9DEF98DFA941}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{47936D40-2E71-4FD9-9429-B0CA502E1CCA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6B8D01E8-B319-4E30-A79F-87C920545E68}C:\program files\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files\tulox\tulox.exe |
"UDP Query User{8F576BED-70EB-4F20-958F-A7133298F8C3}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{BCB1B5CE-5711-4AEA-BD2D-F2E1BF3C5C5D}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{BDFE0B4A-57F5-4BD9-AA99-E2E4BE05E2FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DB8C77CE-FD2C-4955-963E-D34D5FC5623A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EC10CCEC-7A7E-41DA-ADA0-4F5FB60D2CCB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03307ADB-5DCC-44B2-4A6E-DEF5FBDEBF8F}" = Catalyst Control Center Graphics Full New
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09D12A04-7868-7E7A-FBEE-2D8B84A0CEC1}" = ccc-core-static
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13EDE453-1B5D-C894-399C-6F97B8F5AABD}" = CCC Help English
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{174E7E6E-EE32-E978-1775-7354B4BB708E}" = CCC Help Portuguese
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E0BAB0C-62D6-050E-0F03-300D49C4367A}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2B3FC7F2-B03D-5317-BC39-28E424D560DE}" = CCC Help Italian
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{449F6C53-3BDE-7CFA-442B-86FEEC99BE40}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6672CCD8-3F97-C941-316D-2ADD845C2806}" = CCC Help German
"{67CC1309-4B7B-8E02-05F4-24893D7E2695}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD782EA-43B4-0FE7-0D66-BED8FA74B4D7}" = CCC Help Russian
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CAAA8A-8DFB-608B-ADB5-0BF970F51816}" = CCC Help Chinese Standard
"{78FD9D18-8EF1-5B9D-04D4-4B3AA0EF91EF}" = CCC Help Thai
"{7A6DF1F2-CD27-7B7D-5D38-3EF996C4BA09}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89E3D86B-F03E-4956-20BB-FC63C57EE600}" = Catalyst Control Center Core Implementation
"{8C050D9C-3C82-EB28-3E42-DB750646ED58}" = CCC Help Swedish
"{8CDAA241-56BA-2753-159E-D94A331C857B}" = CCC Help Polish
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{96514462-396E-58AB-E7D8-40E68DF0540E}" = CCC Help Danish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974321BB-4C1B-E2DD-8681-9299A0612220}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0288703-7C15-BB9C-67F4-87BD77254B5B}" = CCC Help Hungarian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA4BB734-4ECD-ED8E-CDF6-9B46A7EA4723}" = CCC Help Dutch
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA771B73-87FD-176A-080D-CB7B565B9D02}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BF4DF3F7-5350-4F71-A656-F73E95D82E5F}" = Mindjet MindManager 8
"{C4C6D61E-812A-7D27-1253-8DC94BC2949C}" = ATI Catalyst Install Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CA9E11D5-AEFA-4E99-9DF9-842E5BE68DFA}" = Microsoft Camera Codec Pack
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CF45FA39-F1DF-68F3-8D58-376FAA730B82}" = Catalyst Control Center InstallProxy
"{D08227C9-78C3-48E0-B460-63A7C1DFCBF0}" = Motorola Software Update
"{D0CFEF60-D6C3-6B73-3942-39F1996C2590}" = CCC Help French
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D54B026D-BBEC-F673-F6AF-01E70DCA8AC7}" = CCC Help Czech
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA30454E-6F71-352B-E9D8-587D27A29167}" = CCC Help Chinese Traditional
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{EC40CFB8-D427-2369-035B-3C687136189D}" = CCC Help Finnish
"{EE0693CF-56A7-F290-C26C-908CA6CB1852}" = CCC Help Greek
"{F2091915-62C0-8B8C-CDAE-E25DCC2671CF}" = ccc-utility
"{F7237FF7-DEF7-E05A-9695-404D02D48739}" = Catalyst Control Center Graphics Previews Vista
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F964875D-648A-E867-9158-C2EFA46DCF67}" = CCC Help Korean
"{FD0F6896-7BAF-7D9C-A6A9-A50B8854F8E4}" = CCC Help Spanish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"CaptureOne6_is1" = Capture One 6.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"DivX Setup.divx.com" = DivX-Setup
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"G'MIC for GIMP_is1" = G'MIC for GIMP Version 1.5.0.0
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"IrfanView" = IrfanView (remove only)
"jEdit_is1" = jEdit 4.5.1
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"ManyCam" = ManyCam 2.6.1 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PPTools IMAGE_EXPORT" = PPTools (Uninstall ALL)
"R for Windows 2.15.0_is1" = R for Windows 2.15.0
"sp6" = Logitech SetPoint 6.32
"Spotify" = Spotify
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"tulox" = tulox
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"WinDjView" = WinDjView 1.0.3
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2011 01:34:01 | Computer Name = Thomas-ThinkPad | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 03:16:51 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 12.08.2011 11:50:21 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 14.08.2011 06:56:11 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 18.08.2011 16:23:47 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 18.08.2011 16:52:10 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 20.08.2011 19:01:53 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 20.08.2011 21:20:57 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 23.08.2011 01:36:53 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
Error - 23.08.2011 07:56:32 | Computer Name = Thomas-ThinkPad | Source = EventSystem | ID = 4621
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 452 Invoked
Function: ConnectIfc::sendRequest Return Code: -29949906 (0xFE37002E) Description:
CTRANSPORT_ERROR_TIMEOUT
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::TranslateStatusCode File: .\ConnectIfc.cpp Line:
2874 Invoked Function: ConnectIfc::TranslateStatusCode Return Code: -29949906 (0xFE37002E)
Description:
CTRANSPORT_ERROR_TIMEOUT Connection attempt has timed out. Please verify Internet
connectivity.
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::doConnectIfcConnect File: .\ConnectMgr.cpp Line:
1867 Invoked Function: ConnectIfc::connect Return Code: -29949906 (0xFE37002E) Description:
CTRANSPORT_ERROR_TIMEOUT
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2315
Content
type (unknown) received. Response type (host unreachable) from vpn.uni-mannheim.de:
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2380
Unable
to contact vpn.uni-mannheim.de
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1922 ConnectMgr::processIfcData
failed
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 983
Connection
failed.
Error - 17.11.2011 17:02:10 | Computer Name = Thomas-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnIpcMessageReceivedAtDepot File: .\MainThread.cpp
Line:
4315 Invoked Function: CNotifyAgentPreTunnelTlv Return Code: -32374782 (0xFE120002)
Description:
TLV_ERROR_BAD_PARAMETER
Error - 17.11.2011 17:02:12 | Computer Name = Thomas-ThinkPad | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 568 Invoked Function:
ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
Error - 17.11.2011 17:03:55 | Computer Name = Thomas-ThinkPad | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ System Events ]
Error - 09.10.2012 19:33:29 | Computer Name = Thomas-ThinkPad | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Update für Windows 7 (KB2756822)
Error - 09.10.2012 19:33:29 | Computer Name = Thomas-ThinkPad | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2749655)
Error - 09.10.2012 19:33:29 | Computer Name = Thomas-ThinkPad | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB2647753)
Error - 10.10.2012 03:41:05 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows-Audio" wurde nicht richtig gestartet.
Error - 10.10.2012 03:42:35 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Adobe Acrobat Update Service erreicht.
Error - 10.10.2012 03:43:05 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 10.10.2012 03:43:05 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.10.2012 03:44:32 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10.10.2012 05:12:51 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 10.10.2012 08:08:44 | Computer Name = Thomas-ThinkPad | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
10.10.2012, 15:57
| #5 |
| | System Progressive Protection befall Hi MAM den Fund löschen lassen... DNS ist komisch, stimmt der? 78.42.43.62 (Kirchberg An Der Murr)... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
10.10.2012, 17:51
| #6 |
| | System Progressive Protection befall Hi, habe den fund mit MAM löschen lassen. Der DNS stimmt nicht! ich befinde mich in mannheim. Was hat das zu bedeuten? hier das log von combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-10.02 - Thomas 10.10.2012 18:29:01.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1790.1033 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLFAE1.tmp
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Cov_b_3x9x640_with_norm.mat
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Cov_Laplace_3x9x640_with_norm.mat
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\WIm_3x9x640.mat
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-10 bis 2012-10-10 ))))))))))))))))))))))))))))))
.
.
2012-10-10 16:41 . 2012-10-10 16:42 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 23:27 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-09 23:27 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:23 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 23:23 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 15:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 22:38 . 2012-08-20 15:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 22:38 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 22:38 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 22:09 . 2012-10-09 22:09 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-10-09 22:08 . 2012-10-09 22:08 -------- d-----w- c:\programdata\Malwarebytes
2012-10-09 22:08 . 2012-10-09 22:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 22:08 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 21:14 . 2012-10-09 22:30 -------- d-----w- c:\programdata\0980A25954AD723600FF097FA44CE46C
2012-09-27 17:34 . 2012-10-09 22:30 -------- d-----w- c:\program files\Common Files\Samsung OCR Software
2012-09-24 13:28 . 2012-09-24 13:28 -------- d-----w- c:\users\Thomas\AppData\Roaming\Unified Remote
2012-09-21 09:50 . 2012-09-21 12:33 -------- d-----w- c:\program files\Common Files\Steam
2012-09-21 09:50 . 2012-09-24 10:51 -------- d-----w- c:\program files\Steam
2012-09-12 07:33 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:33 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:33 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:33 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:33 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 09:17 . 2011-10-20 10:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-18 17:47 . 2012-09-10 11:15 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 12:43 . 2012-01-20 12:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-17 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cAudioFilterAgent]
2010-01-29 10:09 494136 ------w- c:\program files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-05-17 09:14 148280 ----a-w- c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 20:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxecmon.exe]
2010-05-17 09:14 770728 ----a-w- c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2009-12-18 12:21 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
2011-12-07 09:39 1066304 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-04-17 12:33 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [x]
R4 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-10-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2967869
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.42.43.62 82.212.62.62
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5b47xun6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - 93.189.5.138
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 93.189.5.138
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 93.189.5.138
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 93.189.5.138
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 93.189.5.138
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Unified Remote v2 - c:\program files\Unified Remote\RemoteServer.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Facebook Update - c:\users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Google Update - c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-tulox - c:\program files\tulox\Unwise32
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-10 18:46:12
ComboFix-quarantined-files.txt 2012-10-10 16:46
.
Vor Suchlauf: 11 Verzeichnis(se), 87.157.567.488 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 91.792.039.936 Bytes frei
.
- - End Of File - - 761DB01030E60E0CEE2AC30890BF2CB0
|
|
11.10.2012, 06:37
| #7 |
| | System Progressive Protection befall Hi, ist ein DNS-Server von Kabel-BW... Das sieht soweit gut aus... Aufräumen: Backups von OTL, Avenger&Co (falls vorhanden) löschen: Falls der Rechner einwandfrei läuft, können die Backups der Bereinigungstools gelöscht werden (soweit vorhanden):
Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
11.10.2012, 07:58
| #8 |
| | System Progressive Protection befall Hi, vielen Dank für deine Hilfe! habe die Punkte oben jetzt abgearbeitet, und der rechner läuft wieder einwandfrei. Gibt es sonst noch etwas was ich tun sollte? |
|
11.10.2012, 11:29
| #9 |
| | System Progressive Protection befall Hi, Rechner absichern: Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden, einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online, Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu System Progressive Protection befall |
| befall, datei, fertig, laptop, log, log datei, malwarebytes, neustart, nichts, progressive, progressive protection, protection, recycle.bin, reparatur, scan, sobald, sofort, system, system progressive protection, systems |
Linear-Darstellung
