| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.12.2012, 04:20
| #1 |
 |  Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hallo  Ich hab mir diesen BKA-Trojaner auf meinem Vistalaptop eingefangen. Ich konnte aufs Adminkonto nicht mehr zugreifen, weil sofort die Meldung auftauchte mit der 100 Euro Zahlungsaufforderung. Für eine kurze Zeit war ich dann mit einem anderen konto angemeldet bis meine maus ständig Seiten in einem Fenster nach unten scrollte und den Pfeil hin und her wandern ließ. So war eine Benützung unmöglich. Da das notebook an einer dockingstation angesteckt ist um mit einem PC-Monitor zu benützen, versuchte ich nun nur mit dem eigenen screen des notebooks zu arbeiten. Beim Starten meldete sich plötzlich das rescoveryprogramm von lenovo (ist ein lenovo PC), aber ich habe es gleich wieder geschlossen. Ab diesem Zeitunkt war der weiße Bildschirm beim Adminkonto auch weg, jedoch die Mausprobleme tauchten wieder auf. Ich schreibe deshalb diese Zeilen auf einen 2. Pc. Wie bereinige ich dann den infizierten Pc? Ich gehe davon aus, dass dieser Trojaner noch immer auf meiner Festplatte schlummert und hoffe jemand zeigt mir die nötigen Schritte. Danke! |
|
15.12.2012, 13:09
| #2 |
| /// Malware-holic   | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hi,
__________________1. alle Schritte im Admin Konto durchführen 2. Frage: ist das ne externe Maus? wenn ja, trenne mal die Verbindung der Maus zum Gerät, schaue, ob noch gescrollt wird. Wenn ja, öffne die Maus, säubere sie von innen, wenn möglich. Wenn es eine Funkmaus ist, tausche mal die Baterie. Teste dann, ob sie wieder läuft. 3. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.12.2012, 17:37
| #3 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Die Maus ist kabelgebunden, auch das Abstecken verhindert nicht das ständige rauf/runter des cursors. Ich habe das notebook von der dockingstation abgekoppelt, jetzt funktioniert die maus auch wieder.
__________________Ich hab leider überlesen, dass ich vor dem Scan die Einstellungen wie z.B minimal output ändern muss. Soll ich den scan wiederholen? Code:
ATTFilter OTL logfile created on: 15.12.2012 16:03:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\adadr\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,31% Memory free 4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,18 Gb Total Space | 29,33 Gb Free Space | 41,78% Space Free | Partition Type: NTFS Computer Name: ***-LENOVO | User Name: adadr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.15 15:59:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\adadr\Desktop\OTL.exe PRC - [2012.12.15 00:04:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe PRC - [2012.08.09 22:45:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.04.22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.02.06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2006.12.24 19:00:00 | 000,056,368 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2006.12.15 15:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2006.12.14 20:00:06 | 000,116,272 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2006.12.14 19:58:40 | 000,120,368 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2006.12.14 19:58:04 | 000,419,376 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2006.12.14 19:57:46 | 000,194,096 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2006.12.14 19:57:40 | 000,083,504 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2006.12.13 22:13:02 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2006.12.13 21:59:04 | 000,022,016 | ---- | M] () -- C:\Programme\Common Files\Lenovo\Logger\logmon.exe PRC - [2006.12.13 20:46:08 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006.12.13 10:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.11.20 06:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE PRC - [2006.11.15 15:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006.11.10 05:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2006.11.07 11:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE PRC - [2006.10.13 05:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2006.10.13 05:08:56 | 000,055,928 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2006.09.06 08:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe ========== Modules (No Company Name) ========== MOD - [2006.12.24 19:00:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll MOD - [2006.12.24 19:00:00 | 000,063,024 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSP4I.DLL MOD - [2006.12.24 19:00:00 | 000,056,368 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe MOD - [2006.12.24 19:00:00 | 000,054,832 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSPIF.DLL MOD - [2006.12.19 18:01:00 | 000,120,368 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMIF32V.DLL MOD - [2006.12.19 18:01:00 | 000,035,376 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2006.12.13 21:58:20 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll MOD - [2006.12.13 10:24:40 | 000,110,592 | ---- | M] () -- C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll MOD - [2006.11.28 18:30:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL MOD - [2006.11.28 18:00:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL MOD - [2006.11.10 05:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe MOD - [2006.11.10 05:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll MOD - [2006.10.13 05:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe MOD - [2006.09.06 08:37:02 | 000,079,400 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPLHMM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2012.12.15 00:04:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.02.06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2006.12.15 15:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006.12.14 19:57:46 | 000,194,096 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2006.12.14 19:57:40 | 000,083,504 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2006.12.13 22:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2006.12.13 20:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.12.13 10:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.11.20 06:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2006.10.13 05:08:56 | 000,055,928 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.14 17:36:26 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.30 11:26:22 | 000,092,672 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cxbp0wdm.sys -- (OMNCXBP) DRV - [2009.06.30 11:26:22 | 000,092,672 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cxbp0wdm.sys -- (cxbp0wdm) DRV - [2008.01.19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.10.15 19:29:28 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.12.25 21:05:00 | 000,100,144 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2006.12.25 21:03:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2006.12.19 18:01:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2006.12.14 04:32:08 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.27 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.06 09:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.09.13 11:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2006.09.13 06:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2006.08.30 11:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com/welcome IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://orf.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL () O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found O4 - HKLM..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe (Lenovo) O4 - HKLM..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe (Lenovo) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe () O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Users\adadr\AppData\Local\Temp\purzidphwppqlaviqmd.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [VSD3DRefDebug] C:\Users\adadr\AppData\Local\Microsoft\Windows\2742\VSD3DRefDebug.exe File not found O4 - Startup: C:\Users\adadr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\adadr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D92715B-51C6-48BE-A06A-41F74FAC5453}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1920x1200-Swoosh.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1920x1200-Swoosh.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 0 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.15 15:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\adadr\Desktop\OTL.exe [2012.11.22 22:18:24 | 000,000,000 | ---D | C] -- C:\Users\adadr\AppData\Roaming\hellomoto ========== Files - Modified Within 30 Days ========== [2012.12.15 16:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.15 16:03:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.15 15:59:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\adadr\Desktop\OTL.exe [2012.12.15 15:53:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.15 15:53:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.15 15:53:25 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.15 15:53:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.15 15:46:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.15 15:45:47 | 000,005,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.15 15:45:46 | 000,005,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.15 15:45:43 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2012.12.15 15:45:43 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2012.12.15 15:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.15 15:44:58 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2012.12.15 15:14:49 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat [2012.12.15 15:12:57 | 000,304,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.21 21:24:26 | 000,252,013 | ---- | M] () -- C:\Users\adadr\Desktop\rem.jpg [2012.11.20 00:52:41 | 000,557,589 | ---- | M] () -- C:\Users\adadr\Desktop\Artaud. Das Theater der Grausamkeit.pdf [2012.11.19 23:44:08 | 000,073,695 | ---- | M] () -- C:\Users\adadr\Documents\Philosophie nach dem Medial Turn.pdf [2012.11.19 22:34:54 | 000,002,617 | ---- | M] () -- C:\Users\adadr\Desktop\Microsoft Word 2010.lnk [2012.11.15 22:56:53 | 000,039,414 | ---- | M] () -- C:\Users\adadr\Desktop\marina_abramovic_relation_work__detour-710247.jpg ========== Files Created - No Company Name ========== [2014.06.28 17:51:01 | 000,305,140 | ---- | C] () -- C:\Users\adadr\Desktop\t200802088.pdf [2012.12.11 02:46:16 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012.12.11 02:46:16 | 000,001,155 | ---- | C] () -- C:\Users\adadr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.11.21 21:24:48 | 000,252,013 | ---- | C] () -- C:\Users\adadr\Desktop\rem.jpg [2012.11.20 01:06:52 | 000,126,042 | ---- | C] () -- C:\Users\adadr\Desktop\VOC022.WAV [2012.11.20 01:06:40 | 000,012,890 | ---- | C] () -- C:\Users\adadr\Desktop\VOC021.WAV [2012.11.20 01:06:28 | 000,137,818 | ---- | C] () -- C:\Users\adadr\Desktop\VOC020.WAV [2012.11.20 01:06:16 | 000,220,250 | ---- | C] () -- C:\Users\adadr\Desktop\VOC019.WAV [2012.11.20 01:05:51 | 003,791,450 | ---- | C] () -- C:\Users\adadr\Desktop\VOC016.WAV [2012.11.20 01:04:55 | 042,635,866 | ---- | C] () -- C:\Users\adadr\Desktop\FM007.WAV [2012.11.20 01:04:28 | 010,185,818 | ---- | C] () -- C:\Users\adadr\Desktop\FM006.WAV [2012.11.20 01:01:43 | 026,389,082 | ---- | C] () -- C:\Users\adadr\Desktop\FM005.WAV [2012.11.20 01:00:56 | 024,660,570 | ---- | C] () -- C:\Users\adadr\Desktop\FM001.WAV [2012.11.20 00:53:13 | 000,557,589 | ---- | C] () -- C:\Users\adadr\Desktop\Artaud. Das Theater der Grausamkeit.pdf [2012.11.19 23:44:06 | 000,073,695 | ---- | C] () -- C:\Users\adadr\Documents\Philosophie nach dem Medial Turn.pdf [2012.11.16 00:55:56 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.16 00:55:51 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.15 22:57:05 | 000,039,414 | ---- | C] () -- C:\Users\adadr\Desktop\marina_abramovic_relation_work__detour-710247.jpg [2012.07.06 01:27:36 | 011,852,278 | ---- | C] () -- C:\Program Files\7WarSti12.rar [2012.03.04 23:21:22 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2012.03.04 23:21:21 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2012.03.04 23:21:20 | 000,511,488 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.03.04 22:45:49 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2012.01.17 00:41:54 | 000,138,056 | ---- | C] () -- C:\Users\adadr\AppData\Roaming\PnkBstrK.sys [2012.01.17 00:41:29 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.25 00:59:20 | 000,069,207 | ---- | C] () -- C:\Users\adadr\Selected Collection Image 28.mht [2011.06.13 11:32:48 | 000,004,608 | ---- | C] () -- C:\Users\adadr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.11 00:17:55 | 000,000,093 | ---- | C] () -- C:\Users\adadr\appletfile.props [2011.04.12 22:05:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.12 22:05:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.12 22:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.12 22:04:19 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.09 09:13:06 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.09 09:13:06 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.09 09:13:06 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.09 09:13:06 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.04.09 00:40:41 | 000,002,032 | ---- | C] () -- C:\Users\adadr\AppData\Local\d3d9caps.dat [2011.04.08 23:36:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2011.04.08 23:33:05 | 000,099,888 | ---- | C] () -- C:\Windows\PWMBTHLV.EXE [2011.04.08 23:33:03 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.15 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\.minecraft [2012.03.17 00:46:37 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Audacity [2011.04.17 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Canneverbe Limited [2012.03.04 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\concept design [2012.12.15 01:28:12 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Dropbox [2012.02.11 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\DVDVideoSoft [2012.02.11 21:31:40 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.17 19:48:30 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Foxit Software [2012.11.22 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\hellomoto [2011.04.09 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Lenovo [2012.09.09 16:40:05 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\NCH Swift Sound [2012.03.05 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\adadr\AppData\Roaming\Tobit ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.11 01:58:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.04.12 22:43:35 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.04.09 00:35:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.08 23:59:25 | 000,000,000 | ---D | M] -- C:\DRIVERS [2011.11.30 15:01:51 | 000,000,000 | ---D | M] -- C:\Games [2011.04.08 23:47:58 | 000,000,000 | ---D | M] -- C:\Icons [2011.04.08 23:36:38 | 000,000,000 | ---D | M] -- C:\Intel [2011.05.10 21:22:46 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.05.18 12:46:25 | 000,000,000 | ---D | M] -- C:\My Documents [2011.04.11 22:36:28 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.15 00:00:23 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.15 01:42:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.09 00:35:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.09 00:10:44 | 000,000,000 | RHSD | M] -- C:\RRbackups [2012.12.15 16:17:47 | 000,000,000 | ---D | M] -- C:\SWSHARE [2011.04.09 00:40:49 | 000,000,000 | ---D | M] -- C:\SWTOOLS [2012.12.15 16:08:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.08 23:28:05 | 000,000,000 | ---D | M] -- C:\temp [2012.03.17 00:56:51 | 000,000,000 | R--D | M] -- C:\Users [2012.12.15 03:15:32 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:23 | 000,032,628 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.30 16:23:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.11.16 00:55:51 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.11.16 00:55:56 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.04.10 23:00:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.04.10 23:00:25 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2011.04.10 23:00:24 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.04.10 23:00:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2011.04.10 21:49:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2011.04.10 21:49:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.05.20 22:24:41 | 000,000,093 | ---- | M] () -- C:\Users\adadr\appletfile.props [2012.12.15 16:03:33 | 003,670,016 | -HS- | M] () -- C:\Users\adadr\ntuser.dat [2012.12.15 16:03:32 | 000,262,144 | -H-- | M] () -- C:\Users\adadr\ntuser.dat.LOG1 [2011.04.09 00:40:41 | 000,000,000 | -H-- | M] () -- C:\Users\adadr\ntuser.dat.LOG2 [2012.12.15 15:35:53 | 000,065,536 | -HS- | M] () -- C:\Users\adadr\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2012.12.15 15:35:53 | 000,524,288 | -HS- | M] () -- C:\Users\adadr\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2011.04.09 01:16:39 | 000,524,288 | -HS- | M] () -- C:\Users\adadr\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms [2006.11.02 14:03:49 | 000,000,020 | -HS- | M] () -- C:\Users\adadr\ntuser.ini [2011.09.25 00:59:21 | 000,069,207 | ---- | M] () -- C:\Users\adadr\Selected Collection Image 28.mht [2012.04.16 21:29:15 | 000,000,162 | -H-- | M] () -- C:\Users\adadr\~$exander Kluge.doc < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.12.2012 16:03:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\adadr\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,31% Memory free
4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,18 Gb Total Space | 29,33 Gb Free Space | 41,78% Space Free | Partition Type: NTFS
Computer Name: ***-LENOVO | User Name: adadr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3285A26D-93B3-43FD-8649-B83078677776}" = lport=139 | protocol=6 | dir=in | app=system |
"{34504194-E137-431E-B90E-132B391592E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{34A0E171-8639-4623-A1A9-71A6C600A01E}" = rport=445 | protocol=6 | dir=out | app=system |
"{508677A3-DAA0-48B4-A185-70C8C1622ADF}" = rport=138 | protocol=17 | dir=out | app=system |
"{79E7FFA4-0600-4ECC-9A98-12E9CB5C9992}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A54C6725-2D44-4B18-B12B-D31A976C4430}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9662B57-88F0-434B-A27F-C7C6852104B0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C373BE1D-A935-4528-A1A1-EF089973B977}" = lport=137 | protocol=17 | dir=in | app=system |
"{D4D46063-551E-4C32-9F57-F1DC62C44F33}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0339D09-6B68-4711-81D3-2615BF6131EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{E54F586D-A871-4E7C-916A-9A314449F50D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FE26A85C-EA29-4049-AC6D-54BDEFB03E0C}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C61057A-C1B6-45AB-9797-ECFB58B780DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0E804EA0-5AD7-4715-BE9F-5A309004EDE1}" = protocol=17 | dir=in | app=c:\users\adadr\appdata\roaming\dropbox\bin\dropbox.exe |
"{13704434-BC30-47EF-B67E-2666782E4728}" = protocol=17 | dir=in | app=c:\users\adadr\appdata\local\temp\7zs38ea.tmp\symnrt.exe |
"{174ADFDB-E4B0-4B17-B773-71CD97EA409F}" = protocol=6 | dir=in | app=c:\users\adadr\appdata\local\temp\7zs38ea.tmp\symnrt.exe |
"{19DB85DB-4D6A-4C05-A2A0-181DE71BCBD1}" = protocol=6 | dir=in | app=c:\users\adadr\appdata\roaming\dropbox\bin\dropbox.exe |
"{1AC8A737-546B-4643-9FE5-BAA4D57309C3}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{1E07E71F-FFCA-47B0-9B9C-0BDA54A7068A}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{3828C648-796A-487C-9727-4C538BDC2D78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{405343D7-F3D7-4F05-8545-9F69E69B6496}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{755D8F79-9184-4FB0-A43B-120DE7676CB2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7757ACD1-99E3-4D4B-89CD-67598F9103DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{82D41083-46C2-494D-A1B9-ED3A18ACB6FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{96EE50B1-3897-454C-B26A-1828BDB4A342}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B1B4479-AA62-4F08-A428-0839F29D7683}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{D2FA47BF-CC5C-4AF9-B1BE-D5BAE85C8CC4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D369ED32-2D6D-4D0C-B6DE-34CB60624E17}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{DEFEF9B9-F012-406B-BDBA-55DCE8F970D1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E76AF072-0B05-427E-B868-711BFB19F2B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED073684-36DA-4BD9-A769-2A2DCA0C74F3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FFC42D22-4859-4662-B81A-D55508496170}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{3C7C8EDA-872F-4242-95BF-83EFE0234DE5}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{6C5BB695-25C8-4732-B6F6-86FE806F41C8}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{7A2C8E75-6AAE-4DF9-B68A-C683B95A72C6}C:\program files\ea games\battlefield 2 demo\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2 demo\bf2_w32ded.exe |
"TCP Query User{7C4C51D8-26E5-4079-9037-FC4BB76E29B0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{896F905D-189C-41B7-8DDB-D6B7CD36DDA9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{946A2574-F820-4972-BEE3-8B25177CE0C7}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BE4BA9BA-4C23-4D04-BD8D-9EFFAFFBAACE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F1ED1FDC-A92E-4BD2-B483-8B39C59BF739}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1EE607AB-1DDF-4281-A590-CAD3E9B7D556}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{2B1CB717-6735-4C04-B08A-E9119846231C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{49BD77CD-053D-41CE-A531-390DBDEDACA1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9431DFA6-B1ED-4B46-A5DA-902CDB28FF90}C:\program files\ea games\battlefield 2 demo\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2 demo\bf2_w32ded.exe |
"UDP Query User{A2446482-F76E-41E4-A6FF-84CC3660AB8D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A7B5E5D7-0E77-4C87-BA76-F5CA8D433363}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D1864022-1A65-432A-919A-D61BFCD74886}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D5B76C5D-EE3B-4F44-A3CE-4E9FD4A732B4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1B0FC1-BEEA-47DB-88DE-CFD8F26C2D0D}" = Thinkpad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0EF321A-1949-451B-9484-7886F4F4719E}" = ThinkPad Mobility Center Customization
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"AdBeGone 1.21" = AdBeGone 1.21
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"Doxillion" = Doxillion Document Converter
"Foxit Reader" = Foxit Reader
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 19:01:13 | Computer Name = ***-Lenovo | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b6bc Anfangszeit: 01cdc9c1a2118260 Zeitpunkt
der Beendigung: 43
Error - 23.11.2012 19:48:19 | Computer Name = ***-Lenovo | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 80a0 Anfangszeit: 01cdc9ce6fae43f0 Zeitpunkt
der Beendigung: 11
Error - 23.11.2012 20:38:49 | Computer Name = ***-Lenovo | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 20f0 Anfangszeit: 01cdc9d503a8e5f0 Zeitpunkt
der Beendigung: 360
Error - 25.11.2012 16:16:17 | Computer Name = ***-Lenovo | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul PWMTR32V.DLL, Version 1.0.0.0, Zeitstempel 0x45897f64,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000280f, Prozess-ID 0xbc0, Anwendungsstartzeit
01cdcb499622f317.
Error - 25.11.2012 18:03:39 | Computer Name = ***-Lenovo | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16455, Zeitstempel
0x507284ba, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x6f2168b4, Prozess-ID 0x8d0, Anwendungsstartzeit
01cdcb4a5ba43a97.
Error - 25.11.2012 18:03:50 | Computer Name = ***-Lenovo | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16455, Zeitstempel
0x507284ba, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x6f2168b4, Prozess-ID 0x420, Anwendungsstartzeit
01cdcb58bb87ecf7.
Error - 25.11.2012 18:04:04 | Computer Name = ***-Lenovo | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16455, Zeitstempel
0x507284ba, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x6f2168b4, Prozess-ID 0x1660, Anwendungsstartzeit
01cdcb58c3e35c47.
Error - 02.12.2012 13:06:46 | Computer Name = ***-Lenovo | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16455, Zeitstempel
0x507284ba, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x19544580, Prozess-ID 0x13e8, Anwendungsstartzeit
01cdd03afe2514c0.
Error - 03.12.2012 19:36:36 | Computer Name = ***-Lenovo | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 14.0.6123.5005 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1e6c Anfangszeit: 01cdccfe9c4c6058 Zeitpunkt
der Beendigung: 0
Error - 04.12.2012 08:57:49 | Computer Name = ***-Lenovo | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1b88 Anfangszeit: 01cdcc096c122990 Zeitpunkt
der Beendigung: 377
[ System Events ]
Error - 15.12.2012 10:45:41 | Computer Name = ***-Lenovo | Source = SCardSvr | ID = 602
Description =
Error - 15.12.2012 10:46:41 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7000
Description =
Error - 15.12.2012 10:46:41 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7000
Description =
Error - 15.12.2012 10:47:19 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7009
Description =
Error - 15.12.2012 10:47:19 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7000
Description =
Error - 15.12.2012 10:48:38 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.12.2012 10:49:18 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.12.2012 10:49:48 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.12.2012 10:50:18 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7011
Description =
Error - 15.12.2012 10:50:37 | Computer Name = ***-Lenovo | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von alan505 (15.12.2012 um 18:02 Uhr) |
|
15.12.2012, 18:47
| #4 |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Passt auch erst mal so. Wie siehts aus, wenn du ihn wieder an der Station anschließt? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.12.2012, 19:49
| #5 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus An der station spinnt die maus wieder. Code:
ATTFilter 19:30:30.0891 4448 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:30:31.0110 4448 ============================================================
19:30:31.0110 4448 Current date / time: 2012/12/15 19:30:31.0110
19:30:31.0110 4448 SystemInfo:
19:30:31.0110 4448
19:30:31.0110 4448 OS Version: 6.0.6002 ServicePack: 2.0
19:30:31.0110 4448 Product type: Workstation
19:30:31.0110 4448 ComputerName: ADRIAN-LENOVO
19:30:31.0110 4448 UserName: adadr
19:30:31.0110 4448 Windows directory: C:\Windows
19:30:31.0110 4448 System windows directory: C:\Windows
19:30:31.0110 4448 Processor architecture: Intel x86
19:30:31.0110 4448 Number of processors: 2
19:30:31.0110 4448 Page size: 0x1000
19:30:31.0110 4448 Boot type: Normal boot
19:30:31.0110 4448 ============================================================
19:30:32.0451 4448 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:30:32.0451 4448 ============================================================
19:30:32.0451 4448 \Device\Harddisk0\DR0:
19:30:32.0451 4448 MBR partitions:
19:30:32.0451 4448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8B1800, BlocksNum 0x8C5D800
19:30:32.0451 4448 ============================================================
19:30:32.0529 4448 C: <-> \Device\Harddisk0\DR0\Partition1
19:30:32.0529 4448 ============================================================
19:30:32.0529 4448 Initialize success
19:30:32.0529 4448 ============================================================
19:31:24.0228 5468 ============================================================
19:31:24.0228 5468 Scan started
19:31:24.0228 5468 Mode: Manual; SigCheck; TDLFS;
19:31:24.0228 5468 ============================================================
19:31:26.0022 5468 ================ Scan system memory ========================
19:31:26.0022 5468 System memory - ok
19:31:26.0022 5468 ================ Scan services =============================
19:31:26.0490 5468 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:31:26.0724 5468 ACPI - ok
19:31:27.0129 5468 [ F92610CDDCBBCDF63B35755719AF8FF3 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
19:31:27.0161 5468 AcPrfMgrSvc - ok
19:31:27.0254 5468 [ A5DAF650B51A388C671C1A25034744B0 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
19:31:27.0270 5468 AcSvc - ok
19:31:27.0332 5468 [ A51EA92451897824C5C7474A160AF773 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
19:31:27.0488 5468 ADIHdAudAddService - ok
19:31:27.0597 5468 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:27.0629 5468 AdobeFlashPlayerUpdateSvc - ok
19:31:27.0707 5468 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:31:27.0800 5468 adp94xx - ok
19:31:27.0831 5468 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:31:27.0863 5468 adpahci - ok
19:31:27.0956 5468 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:31:28.0034 5468 adpu160m - ok
19:31:28.0065 5468 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:31:28.0097 5468 adpu320 - ok
19:31:28.0159 5468 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
19:31:28.0190 5468 AEADIFilters - ok
19:31:28.0237 5468 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:31:28.0393 5468 AeLookupSvc - ok
19:31:28.0518 5468 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:31:28.0627 5468 AFD - ok
19:31:28.0689 5468 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:31:28.0705 5468 agp440 - ok
19:31:28.0736 5468 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:31:28.0767 5468 aic78xx - ok
19:31:28.0799 5468 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:31:29.0033 5468 ALG - ok
19:31:29.0095 5468 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:31:29.0126 5468 aliide - ok
19:31:29.0189 5468 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:31:29.0204 5468 amdagp - ok
19:31:29.0235 5468 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:31:29.0267 5468 amdide - ok
19:31:29.0313 5468 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:31:29.0532 5468 AmdK7 - ok
19:31:29.0563 5468 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:31:29.0688 5468 AmdK8 - ok
19:31:29.0828 5468 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:31:29.0844 5468 AntiVirSchedulerService - ok
19:31:29.0922 5468 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:31:29.0937 5468 AntiVirService - ok
19:31:30.0000 5468 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:31:30.0078 5468 Appinfo - ok
19:31:30.0140 5468 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
19:31:30.0265 5468 AppMgmt - ok
19:31:30.0312 5468 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:31:30.0343 5468 arc - ok
19:31:30.0374 5468 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:31:30.0390 5468 arcsas - ok
19:31:30.0437 5468 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:30.0515 5468 AsyncMac - ok
19:31:30.0608 5468 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:31:30.0639 5468 atapi - ok
19:31:30.0702 5468 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys
19:31:30.0827 5468 athr - ok
19:31:30.0951 5468 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:31:31.0045 5468 AudioEndpointBuilder - ok
19:31:31.0201 5468 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:31:31.0248 5468 Audiosrv - ok
19:31:31.0263 5468 Automatisches LiveUpdate - Scheduler - ok
19:31:31.0295 5468 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:31:31.0341 5468 avgntflt - ok
19:31:31.0388 5468 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:31:31.0404 5468 avipbb - ok
19:31:31.0451 5468 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:31:31.0466 5468 avkmgr - ok
19:31:31.0513 5468 [ 8E287EB3A52FD30C999482C576F4A61B ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:31:31.0638 5468 b57nd60x - ok
19:31:31.0747 5468 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:31:31.0809 5468 Beep - ok
19:31:31.0872 5468 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:31:31.0965 5468 BFE - ok
19:31:32.0137 5468 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:31:32.0293 5468 BITS - ok
19:31:32.0309 5468 blbdrive - ok
19:31:32.0480 5468 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:31:32.0558 5468 bowser - ok
19:31:32.0621 5468 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:31:32.0699 5468 BrFiltLo - ok
19:31:32.0730 5468 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:31:32.0792 5468 BrFiltUp - ok
19:31:32.0901 5468 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:31:33.0011 5468 Browser - ok
19:31:33.0089 5468 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:31:33.0213 5468 Brserid - ok
19:31:33.0307 5468 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:31:33.0416 5468 BrSerWdm - ok
19:31:33.0447 5468 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:31:33.0588 5468 BrUsbMdm - ok
19:31:33.0619 5468 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:31:33.0713 5468 BrUsbSer - ok
19:31:33.0775 5468 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:31:33.0869 5468 BTHMODEM - ok
19:31:33.0931 5468 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:31:34.0087 5468 cdfs - ok
19:31:34.0134 5468 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:31:34.0196 5468 cdrom - ok
19:31:34.0259 5468 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:31:34.0337 5468 CertPropSvc - ok
19:31:34.0415 5468 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:31:34.0555 5468 circlass - ok
19:31:34.0586 5468 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:31:34.0633 5468 CLFS - ok
19:31:34.0867 5468 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:34.0914 5468 clr_optimization_v2.0.50727_32 - ok
19:31:35.0007 5468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:35.0054 5468 clr_optimization_v4.0.30319_32 - ok
19:31:35.0085 5468 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:31:35.0179 5468 CmBatt - ok
19:31:35.0241 5468 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:31:35.0273 5468 cmdide - ok
19:31:35.0429 5468 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:31:35.0444 5468 Compbatt - ok
19:31:35.0460 5468 COMSysApp - ok
19:31:35.0491 5468 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:31:35.0522 5468 crcdisk - ok
19:31:35.0553 5468 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:31:35.0709 5468 Crusoe - ok
19:31:35.0850 5468 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:31:35.0912 5468 CryptSvc - ok
19:31:36.0099 5468 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
19:31:36.0271 5468 CSC - ok
19:31:36.0489 5468 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
19:31:36.0583 5468 CscService - ok
19:31:36.0645 5468 [ BDADECBF7D4FC30B6281B92FA1F7A082 ] cxbp0wdm C:\Windows\system32\DRIVERS\cxbp0wdm.sys
19:31:36.0755 5468 cxbp0wdm - ok
19:31:37.0020 5468 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:31:37.0145 5468 DcomLaunch - ok
19:31:37.0191 5468 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:31:37.0316 5468 DfsC - ok
19:31:37.0519 5468 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:31:37.0784 5468 DFSR - ok
19:31:37.0847 5468 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:31:37.0909 5468 Dhcp - ok
19:31:37.0956 5468 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:31:37.0987 5468 disk - ok
19:31:38.0143 5468 [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
19:31:38.0205 5468 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
19:31:38.0205 5468 Diskeeper - detected UnsignedFile.Multi.Generic (1)
19:31:38.0268 5468 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:31:38.0330 5468 Dnscache - ok
19:31:38.0377 5468 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:31:38.0455 5468 dot3svc - ok
19:31:38.0549 5468 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:31:38.0611 5468 DPS - ok
19:31:38.0658 5468 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:31:38.0720 5468 drmkaud - ok
19:31:38.0829 5468 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:31:38.0907 5468 DXGKrnl - ok
19:31:38.0970 5468 [ 422CA8361D33DA819976B428B9C8E560 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:31:39.0001 5468 e1express - ok
19:31:39.0079 5468 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:31:39.0173 5468 E1G60 - ok
19:31:39.0235 5468 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:31:39.0282 5468 EapHost - ok
19:31:39.0344 5468 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:31:39.0375 5468 Ecache - ok
19:31:39.0422 5468 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:31:39.0453 5468 elxstor - ok
19:31:39.0516 5468 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:31:39.0656 5468 EMDMgmt - ok
19:31:39.0968 5468 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:31:40.0062 5468 EventSystem - ok
19:31:40.0124 5468 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:31:40.0202 5468 exfat - ok
19:31:40.0280 5468 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:31:40.0530 5468 fastfat - ok
19:31:40.0608 5468 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
19:31:40.0748 5468 Fax - ok
19:31:40.0795 5468 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:31:40.0904 5468 fdc - ok
19:31:40.0967 5468 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:31:41.0013 5468 fdPHost - ok
19:31:41.0045 5468 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:31:41.0138 5468 FDResPub - ok
19:31:41.0232 5468 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:31:41.0263 5468 FileInfo - ok
19:31:41.0310 5468 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:31:41.0435 5468 Filetrace - ok
19:31:41.0513 5468 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:31:41.0653 5468 flpydisk - ok
19:31:41.0715 5468 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:31:41.0809 5468 FltMgr - ok
19:31:41.0918 5468 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:31:42.0074 5468 FontCache - ok
19:31:42.0215 5468 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:31:42.0246 5468 FontCache3.0.0.0 - ok
19:31:42.0293 5468 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:31:42.0339 5468 Fs_Rec - ok
19:31:42.0386 5468 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:31:42.0417 5468 gagp30kx - ok
19:31:42.0527 5468 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:31:42.0620 5468 gpsvc - ok
19:31:42.0667 5468 gupdate - ok
19:31:42.0714 5468 gupdatem - ok
19:31:42.0729 5468 gusvc - ok
19:31:42.0823 5468 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:31:42.0932 5468 HdAudAddService - ok
19:31:43.0088 5468 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:31:43.0182 5468 HDAudBus - ok
19:31:43.0229 5468 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:31:43.0322 5468 HidBth - ok
19:31:43.0478 5468 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:31:43.0603 5468 HidIr - ok
19:31:43.0759 5468 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:31:43.0821 5468 hidserv - ok
19:31:43.0868 5468 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:31:43.0946 5468 HidUsb - ok
19:31:44.0009 5468 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:31:44.0087 5468 hkmsvc - ok
19:31:44.0118 5468 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:31:44.0165 5468 HpCISSs - ok
19:31:44.0289 5468 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:31:44.0367 5468 HSFHWAZL - ok
19:31:44.0617 5468 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:31:44.0804 5468 HSF_DPV - ok
19:31:44.0835 5468 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:31:44.0867 5468 HSXHWAZL - ok
19:31:45.0038 5468 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:31:45.0101 5468 HTTP - ok
19:31:45.0147 5468 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:31:45.0179 5468 i2omp - ok
19:31:45.0225 5468 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:31:45.0272 5468 i8042prt - ok
19:31:45.0475 5468 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
19:31:45.0740 5468 ialm - ok
19:31:45.0849 5468 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:31:45.0881 5468 iaStorV - ok
19:31:45.0943 5468 [ BF648877413F6160E480814A24942B65 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:31:45.0990 5468 IBMPMDRV - ok
19:31:46.0037 5468 [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
19:31:46.0052 5468 IBMPMSVC - ok
19:31:46.0177 5468 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:31:46.0208 5468 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:31:46.0208 5468 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:31:46.0349 5468 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:31:46.0645 5468 idsvc - ok
19:31:46.0988 5468 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:31:47.0207 5468 igfx - ok
19:31:47.0347 5468 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:31:47.0394 5468 iirsp - ok
19:31:47.0456 5468 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:31:47.0612 5468 IKEEXT - ok
19:31:47.0690 5468 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
19:31:47.0753 5468 intelide - ok
19:31:47.0799 5468 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:31:47.0862 5468 intelppm - ok
19:31:48.0002 5468 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:31:48.0080 5468 IPBusEnum - ok
19:31:48.0205 5468 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:31:48.0267 5468 IpFilterDriver - ok
19:31:48.0330 5468 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:31:48.0392 5468 iphlpsvc - ok
19:31:48.0408 5468 IpInIp - ok
19:31:48.0470 5468 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:31:48.0657 5468 IPMIDRV - ok
19:31:48.0704 5468 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:31:48.0767 5468 IPNAT - ok
19:31:48.0860 5468 [ CAB0D5BFD4F66613D18C9225C7FED334 ] IPSSVC C:\Windows\system32\IPSSVC.EXE
19:31:48.0876 5468 IPSSVC - ok
19:31:48.0985 5468 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
19:31:49.0079 5468 irda - ok
19:31:49.0219 5468 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:31:49.0266 5468 IRENUM - ok
19:31:49.0375 5468 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
19:31:49.0484 5468 Irmon - ok
19:31:49.0671 5468 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:31:49.0734 5468 isapnp - ok
19:31:49.0781 5468 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:31:49.0812 5468 iScsiPrt - ok
19:31:49.0921 5468 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:31:49.0937 5468 iteatapi - ok
19:31:49.0968 5468 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:31:49.0999 5468 iteraid - ok
19:31:50.0093 5468 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:31:50.0186 5468 kbdclass - ok
19:31:50.0233 5468 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:31:50.0342 5468 kbdhid - ok
19:31:50.0389 5468 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:31:50.0436 5468 KeyIso - ok
19:31:50.0483 5468 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:31:50.0561 5468 KSecDD - ok
19:31:50.0701 5468 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:31:50.0795 5468 KtmRm - ok
19:31:50.0888 5468 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:31:51.0029 5468 LanmanServer - ok
19:31:51.0153 5468 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:31:51.0200 5468 LanmanWorkstation - ok
19:31:51.0263 5468 [ 63DE2C8974F5D528FBC3D6978FD8AD6A ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
19:31:51.0294 5468 lenovo.smi - ok
19:31:51.0325 5468 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:31:51.0387 5468 lltdio - ok
19:31:51.0434 5468 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:31:51.0559 5468 lltdsvc - ok
19:31:51.0621 5468 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:31:51.0762 5468 lmhosts - ok
19:31:51.0871 5468 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:31:51.0965 5468 LSI_FC - ok
19:31:51.0980 5468 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:31:52.0011 5468 LSI_SAS - ok
19:31:52.0043 5468 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:31:52.0074 5468 LSI_SCSI - ok
19:31:52.0105 5468 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:31:52.0167 5468 luafv - ok
19:31:52.0214 5468 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:31:52.0245 5468 mdmxsdk - ok
19:31:52.0308 5468 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:31:52.0448 5468 megasas - ok
19:31:52.0511 5468 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:31:52.0604 5468 MMCSS - ok
19:31:52.0776 5468 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:31:52.0916 5468 Modem - ok
19:31:53.0010 5468 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:31:53.0088 5468 monitor - ok
19:31:53.0119 5468 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:31:53.0166 5468 mouclass - ok
19:31:53.0181 5468 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:31:53.0228 5468 mouhid - ok
19:31:53.0369 5468 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:31:53.0400 5468 MountMgr - ok
19:31:53.0509 5468 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:31:53.0603 5468 mpio - ok
19:31:53.0649 5468 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:31:53.0743 5468 mpsdrv - ok
19:31:53.0821 5468 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:31:53.0946 5468 MpsSvc - ok
19:31:54.0086 5468 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:31:54.0133 5468 Mraid35x - ok
19:31:54.0180 5468 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:31:54.0242 5468 MRxDAV - ok
19:31:54.0383 5468 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:31:54.0429 5468 mrxsmb - ok
19:31:54.0476 5468 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:31:54.0617 5468 mrxsmb10 - ok
19:31:54.0663 5468 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:31:54.0773 5468 mrxsmb20 - ok
19:31:54.0804 5468 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
19:31:54.0835 5468 msahci - ok
19:31:54.0882 5468 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:31:54.0929 5468 msdsm - ok
19:31:55.0007 5468 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:31:55.0069 5468 MSDTC - ok
19:31:55.0147 5468 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:31:55.0225 5468 Msfs - ok
19:31:55.0272 5468 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:31:55.0287 5468 msisadrv - ok
19:31:55.0334 5468 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:31:55.0412 5468 MSiSCSI - ok
19:31:55.0412 5468 msiserver - ok
19:31:55.0475 5468 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:31:55.0521 5468 MSKSSRV - ok
19:31:55.0568 5468 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:31:55.0631 5468 MSPCLOCK - ok
19:31:55.0693 5468 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:31:55.0755 5468 MSPQM - ok
19:31:55.0958 5468 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:31:55.0974 5468 MsRPC - ok
19:31:56.0021 5468 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:31:56.0036 5468 mssmbios - ok
19:31:56.0099 5468 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:31:56.0223 5468 MSTEE - ok
19:31:56.0286 5468 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:31:56.0317 5468 Mup - ok
19:31:56.0411 5468 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:31:56.0489 5468 napagent - ok
19:31:56.0551 5468 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:31:56.0582 5468 NativeWifiP - ok
19:31:56.0769 5468 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:31:56.0847 5468 NDIS - ok
19:31:56.0910 5468 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:31:56.0988 5468 NdisTapi - ok
19:31:57.0035 5468 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:31:57.0128 5468 Ndisuio - ok
19:31:57.0222 5468 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:31:57.0269 5468 NdisWan - ok
19:31:57.0300 5468 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:31:57.0347 5468 NDProxy - ok
19:31:57.0409 5468 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:31:57.0456 5468 NetBIOS - ok
19:31:57.0596 5468 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:31:57.0674 5468 netbt - ok
19:31:57.0705 5468 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:31:57.0721 5468 Netlogon - ok
19:31:57.0799 5468 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:31:57.0861 5468 Netman - ok
19:31:57.0955 5468 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:31:58.0517 5468 netprofm - ok
19:31:58.0579 5468 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:31:58.0595 5468 NetTcpPortSharing - ok
19:31:58.0641 5468 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:31:58.0688 5468 nfrd960 - ok
19:31:58.0751 5468 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:31:58.0891 5468 NlaSvc - ok
19:31:58.0953 5468 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:31:59.0000 5468 Npfs - ok
19:31:59.0063 5468 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
19:31:59.0187 5468 NSCIRDA - ok
19:31:59.0234 5468 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:31:59.0312 5468 nsi - ok
19:31:59.0390 5468 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:31:59.0468 5468 nsiproxy - ok
19:31:59.0577 5468 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:31:59.0796 5468 Ntfs - ok
19:31:59.0843 5468 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:31:59.0967 5468 ntrigdigi - ok
19:32:00.0030 5468 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:32:00.0139 5468 Null - ok
19:32:00.0170 5468 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:32:00.0201 5468 nvraid - ok
19:32:00.0264 5468 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:32:00.0311 5468 nvstor - ok
19:32:00.0357 5468 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:32:00.0389 5468 nv_agp - ok
19:32:00.0389 5468 NwlnkFlt - ok
19:32:00.0404 5468 NwlnkFwd - ok
19:32:00.0498 5468 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:32:00.0591 5468 ohci1394 - ok
19:32:00.0763 5468 [ BDADECBF7D4FC30B6281B92FA1F7A082 ] OMNCXBP C:\Windows\system32\DRIVERS\cxbp0wdm.sys
19:32:00.0779 5468 OMNCXBP - ok
19:32:01.0153 5468 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:01.0184 5468 ose - ok
19:32:01.0559 5468 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:32:02.0417 5468 osppsvc - ok
19:32:02.0495 5468 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:32:02.0604 5468 p2pimsvc - ok
19:32:02.0635 5468 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:32:02.0729 5468 p2psvc - ok
19:32:02.0775 5468 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:32:02.0838 5468 Parport - ok
19:32:02.0963 5468 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:32:02.0994 5468 partmgr - ok
19:32:03.0009 5468 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:32:03.0056 5468 Parvdm - ok
19:32:03.0103 5468 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:32:03.0165 5468 PcaSvc - ok
19:32:03.0275 5468 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:32:03.0321 5468 pci - ok
19:32:03.0368 5468 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:32:03.0399 5468 pciide - ok
19:32:03.0493 5468 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:03.0524 5468 pcmcia - ok
19:32:03.0649 5468 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:32:03.0821 5468 PEAUTH - ok
19:32:04.0055 5468 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:32:04.0273 5468 pla - ok
19:32:04.0351 5468 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:04.0413 5468 PlugPlay - ok
19:32:04.0585 5468 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:32:04.0663 5468 PNRPAutoReg - ok
19:32:04.0741 5468 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:32:04.0866 5468 PNRPsvc - ok
19:32:04.0975 5468 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:05.0022 5468 PolicyAgent - ok
19:32:05.0084 5468 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:05.0147 5468 PptpMiniport - ok
19:32:05.0193 5468 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\Windows\system32\DRIVERS\PROCDD.SYS
19:32:05.0271 5468 PROCDD - ok
19:32:05.0287 5468 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:32:05.0412 5468 Processor - ok
19:32:05.0474 5468 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:05.0537 5468 ProfSvc - ok
19:32:05.0568 5468 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:05.0599 5468 ProtectedStorage - ok
19:32:05.0661 5468 [ CE5114C9D3AB67E6F6F8017C5F975292 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
19:32:05.0677 5468 psadd - ok
19:32:05.0724 5468 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:32:05.0802 5468 PSched - ok
19:32:05.0973 5468 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:32:05.0989 5468 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0989 5468 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:32:06.0223 5468 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:32:06.0317 5468 ql2300 - ok
19:32:06.0348 5468 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:32:06.0395 5468 ql40xx - ok
19:32:06.0457 5468 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:32:06.0566 5468 QWAVE - ok
19:32:06.0660 5468 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:06.0691 5468 QWAVEdrv - ok
19:32:06.0722 5468 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:06.0800 5468 RasAcd - ok
19:32:06.0831 5468 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:32:06.0925 5468 RasAuto - ok
19:32:06.0956 5468 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:07.0019 5468 Rasl2tp - ok
19:32:07.0081 5468 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:32:07.0143 5468 RasMan - ok
19:32:07.0206 5468 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:07.0284 5468 RasPppoe - ok
19:32:07.0331 5468 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:07.0362 5468 RasSstp - ok
19:32:07.0440 5468 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:07.0502 5468 rdbss - ok
19:32:07.0580 5468 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:07.0627 5468 RDPCDD - ok
19:32:07.0705 5468 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
19:32:07.0752 5468 rdpdr - ok
19:32:07.0752 5468 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:07.0814 5468 RDPENCDD - ok
19:32:07.0892 5468 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:07.0970 5468 RDPWD - ok
19:32:08.0048 5468 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:08.0126 5468 RemoteAccess - ok
19:32:08.0157 5468 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:08.0220 5468 RemoteRegistry - ok
19:32:08.0267 5468 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:32:08.0345 5468 RpcLocator - ok
19:32:08.0423 5468 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:32:08.0469 5468 RpcSs - ok
19:32:08.0532 5468 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:08.0610 5468 rspndr - ok
19:32:08.0657 5468 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:32:08.0672 5468 SamSs - ok
19:32:08.0813 5468 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:08.0844 5468 sbp2port - ok
19:32:08.0937 5468 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:09.0000 5468 SCardSvr - ok
19:32:09.0093 5468 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:32:09.0234 5468 Schedule - ok
19:32:09.0281 5468 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:09.0312 5468 SCPolicySvc - ok
19:32:09.0374 5468 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:09.0468 5468 SDRSVC - ok
19:32:09.0515 5468 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:09.0624 5468 secdrv - ok
19:32:09.0717 5468 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:32:09.0811 5468 seclogon - ok
19:32:09.0873 5468 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:32:09.0936 5468 SENS - ok
19:32:10.0123 5468 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:32:10.0201 5468 Serenum - ok
19:32:10.0232 5468 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:32:10.0279 5468 Serial - ok
19:32:10.0310 5468 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:32:10.0373 5468 sermouse - ok
19:32:10.0419 5468 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:10.0497 5468 SessionEnv - ok
19:32:10.0560 5468 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:10.0700 5468 sffdisk - ok
19:32:10.0794 5468 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:10.0887 5468 sffp_mmc - ok
19:32:10.0934 5468 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:11.0059 5468 sffp_sd - ok
19:32:11.0106 5468 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:32:11.0215 5468 sfloppy - ok
19:32:11.0340 5468 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:11.0433 5468 SharedAccess - ok
19:32:11.0558 5468 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:11.0636 5468 ShellHWDetection - ok
19:32:11.0683 5468 [ 0B3E58FDC92E944F875B72E150D6D85D ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
19:32:11.0714 5468 Shockprf - ok
19:32:11.0777 5468 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:32:11.0823 5468 sisagp - ok
19:32:11.0855 5468 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:32:11.0886 5468 SiSRaid2 - ok
19:32:11.0917 5468 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:32:11.0948 5468 SiSRaid4 - ok
19:32:12.0479 5468 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:32:12.0791 5468 slsvc - ok
19:32:12.0837 5468 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:32:12.0947 5468 SLUINotify - ok
19:32:12.0993 5468 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:13.0025 5468 Smb - ok
19:32:13.0087 5468 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:13.0103 5468 SNMPTRAP - ok
19:32:13.0149 5468 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:13.0181 5468 spldr - ok
19:32:13.0243 5468 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:13.0305 5468 Spooler - ok
19:32:13.0368 5468 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:13.0415 5468 srv - ok
19:32:13.0477 5468 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:13.0539 5468 srv2 - ok
19:32:13.0633 5468 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:13.0695 5468 srvnet - ok
19:32:13.0727 5468 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:13.0805 5468 SSDPSRV - ok
19:32:13.0836 5468 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:32:13.0851 5468 ssmdrv - ok
19:32:13.0883 5468 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:13.0945 5468 SstpSvc - ok
19:32:13.0992 5468 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:14.0101 5468 stisvc - ok
19:32:14.0210 5468 [ 6B79112C59D6A620299D298FB4BD4AD6 ] SUService c:\Program Files\Lenovo\System Update\SUService.exe
19:32:14.0226 5468 SUService ( UnsignedFile.Multi.Generic ) - warning
19:32:14.0226 5468 SUService - detected UnsignedFile.Multi.Generic (1)
19:32:14.0257 5468 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:32:14.0273 5468 swenum - ok
19:32:14.0397 5468 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:32:14.0475 5468 swprv - ok
19:32:14.0522 5468 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:32:14.0553 5468 Symc8xx - ok
19:32:14.0585 5468 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:32:14.0616 5468 Sym_hi - ok
19:32:14.0647 5468 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:32:14.0663 5468 Sym_u3 - ok
19:32:14.0725 5468 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:32:14.0772 5468 SynTP - ok
19:32:14.0850 5468 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:32:14.0990 5468 SysMain - ok
19:32:15.0037 5468 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:15.0068 5468 TabletInputService - ok
19:32:15.0099 5468 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:15.0177 5468 TapiSrv - ok
19:32:15.0240 5468 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:32:15.0349 5468 TBS - ok
19:32:15.0583 5468 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:15.0708 5468 Tcpip - ok
19:32:15.0770 5468 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:15.0833 5468 Tcpip6 - ok
19:32:15.0879 5468 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:15.0989 5468 tcpipreg - ok
19:32:16.0051 5468 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:16.0113 5468 TDPIPE - ok
19:32:16.0160 5468 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:16.0223 5468 TDTCP - ok
19:32:16.0410 5468 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:32:16.0503 5468 tdx - ok
19:32:16.0535 5468 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:32:16.0566 5468 TermDD - ok
19:32:16.0613 5468 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:32:16.0706 5468 TermService - ok
19:32:16.0800 5468 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:32:16.0831 5468 Themes - ok
19:32:16.0987 5468 [ 613DD949CD3D2AF0ED8BC9652BBB8D9A ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
19:32:17.0018 5468 ThinkVantage Registry Monitor Service - ok
19:32:17.0049 5468 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:32:17.0112 5468 THREADORDER - ok
19:32:17.0159 5468 [ F39EEF399CC6726024011F7AEAB1A53A ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
19:32:17.0174 5468 TPDIGIMN - ok
19:32:17.0252 5468 [ 050E28B770D1CEC2E0F5CE4432F922CD ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
19:32:17.0268 5468 TPHDEXLGSVC - ok
19:32:17.0361 5468 [ 422962C6EC9EF36817D8B0C32A8938EC ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
19:32:17.0377 5468 TPHKSVC - ok
19:32:17.0595 5468 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
19:32:17.0627 5468 TPM - ok
19:32:17.0689 5468 [ 1BD5719EF160E0AB739CD0FF3BA5E298 ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
19:32:17.0705 5468 TPPWRIF - ok
19:32:17.0767 5468 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:32:17.0814 5468 TrkWks - ok
19:32:17.0954 5468 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:18.0017 5468 TrustedInstaller - ok
19:32:18.0219 5468 [ 7BA181CD98CC34DFF83A2DE7BBA0DC56 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
19:32:18.0329 5468 TSSCoreService - ok
19:32:18.0375 5468 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:18.0469 5468 tssecsrv - ok
19:32:18.0594 5468 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:32:18.0609 5468 tunmp - ok
19:32:18.0672 5468 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:32:18.0734 5468 tunnel - ok
19:32:18.0921 5468 [ 92487F5C32233AF6DE772CA40007332D ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
19:32:18.0953 5468 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
19:32:18.0953 5468 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
19:32:19.0343 5468 [ 8081921BD31CA8BF968E51BABE520610 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
19:32:19.0467 5468 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0467 5468 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
19:32:19.0686 5468 [ 8ADD96A9D4A7618CBFE8E357AC34B09C ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
19:32:19.0779 5468 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0779 5468 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
19:32:19.0811 5468 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
19:32:19.0842 5468 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0842 5468 tvtfilter - detected UnsignedFile.Multi.Generic (1)
19:32:19.0904 5468 [ C254BFF0A928EA7D5CCDC2522D56FD01 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
19:32:19.0920 5468 TVTI2C - ok
19:32:19.0967 5468 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
19:32:19.0967 5468 tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0967 5468 tvtnetwk - detected UnsignedFile.Multi.Generic (1)
19:32:20.0076 5468 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:32:20.0091 5468 uagp35 - ok
19:32:20.0279 5468 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:32:20.0325 5468 udfs - ok
19:32:20.0528 5468 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:32:20.0591 5468 UI0Detect - ok
19:32:20.0606 5468 UIUSys - ok
19:32:20.0700 5468 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:32:20.0747 5468 uliagpkx - ok
19:32:20.0825 5468 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:32:20.0918 5468 uliahci - ok
19:32:20.0949 5468 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:32:20.0981 5468 UlSata - ok
19:32:21.0027 5468 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:32:21.0059 5468 ulsata2 - ok
19:32:21.0090 5468 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:32:21.0199 5468 umbus - ok
19:32:21.0277 5468 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
19:32:21.0339 5468 UmRdpService - ok
19:32:21.0402 5468 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:32:21.0495 5468 upnphost - ok
19:32:21.0573 5468 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
19:32:21.0683 5468 usbccgp - ok
19:32:21.0729 5468 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:32:21.0839 5468 usbcir - ok
19:32:21.0979 5468 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:32:22.0057 5468 usbehci - ok
19:32:22.0088 5468 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:32:22.0135 5468 usbhub - ok
19:32:22.0182 5468 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:32:22.0260 5468 usbohci - ok
19:32:22.0291 5468 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:32:22.0400 5468 usbprint - ok
19:32:22.0478 5468 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:22.0556 5468 USBSTOR - ok
19:32:22.0603 5468 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:32:22.0650 5468 usbuhci - ok
19:32:22.0728 5468 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:32:22.0775 5468 UxSms - ok
19:32:22.0821 5468 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:32:22.0931 5468 vds - ok
19:32:22.0993 5468 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:23.0102 5468 vga - ok
19:32:23.0133 5468 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:32:23.0196 5468 VgaSave - ok
19:32:23.0336 5468 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:32:23.0367 5468 viaagp - ok
19:32:23.0399 5468 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:32:23.0492 5468 ViaC7 - ok
19:32:23.0555 5468 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:32:23.0570 5468 viaide - ok
19:32:23.0601 5468 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:32:23.0648 5468 volmgr - ok
19:32:23.0804 5468 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:32:23.0851 5468 volmgrx - ok
19:32:23.0898 5468 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:32:23.0945 5468 volsnap - ok
19:32:23.0991 5468 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:32:24.0007 5468 vsmraid - ok
19:32:24.0288 5468 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:32:24.0444 5468 VSS - ok
19:32:24.0522 5468 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:32:24.0615 5468 W32Time - ok
19:32:24.0740 5468 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:32:24.0912 5468 WacomPen - ok
19:32:24.0959 5468 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:32:25.0021 5468 Wanarp - ok
19:32:25.0021 5468 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:32:25.0068 5468 Wanarpv6 - ok
19:32:25.0208 5468 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
19:32:25.0458 5468 wbengine - ok
19:32:25.0832 5468 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:32:25.0895 5468 wcncsvc - ok
19:32:25.0941 5468 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:26.0004 5468 WcsPlugInService - ok
19:32:26.0113 5468 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:32:26.0144 5468 Wd - ok
19:32:26.0316 5468 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:32:26.0394 5468 Wdf01000 - ok
19:32:26.0425 5468 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:32:26.0487 5468 WdiServiceHost - ok
19:32:26.0503 5468 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:32:26.0565 5468 WdiSystemHost - ok
19:32:26.0643 5468 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:32:26.0706 5468 WebClient - ok
19:32:26.0846 5468 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:32:26.0893 5468 Wecsvc - ok
19:32:26.0924 5468 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:32:27.0002 5468 wercplsupport - ok
19:32:27.0049 5468 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:32:27.0096 5468 WerSvc - ok
19:32:27.0174 5468 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:32:27.0205 5468 WimFltr - ok
19:32:27.0455 5468 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:32:27.0579 5468 winachsf - ok
19:32:27.0704 5468 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:32:27.0735 5468 WinDefend - ok
19:32:27.0751 5468 WinHttpAutoProxySvc - ok
19:32:27.0985 5468 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:32:28.0047 5468 Winmgmt - ok
19:32:28.0125 5468 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:32:28.0344 5468 WinRM - ok
19:32:28.0437 5468 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:32:28.0531 5468 Wlansvc - ok
19:32:28.0874 5468 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:28.0999 5468 wlidsvc - ok
19:32:29.0108 5468 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:32:29.0202 5468 WmiAcpi - ok
19:32:29.0280 5468 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:32:29.0327 5468 wmiApSrv - ok
19:32:29.0420 5468 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:32:29.0561 5468 WMPNetworkSvc - ok
19:32:29.0623 5468 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:32:29.0748 5468 WPDBusEnum - ok
19:32:29.0810 5468 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:32:29.0857 5468 WpdUsb - ok
19:32:30.0107 5468 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:32:30.0247 5468 WPFFontCache_v0400 - ok
19:32:30.0309 5468 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:32:30.0403 5468 ws2ifsl - ok
19:32:30.0434 5468 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:32:30.0465 5468 wscsvc - ok
19:32:30.0481 5468 WSearch - ok
19:32:30.0653 5468 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:32:30.0871 5468 wuauserv - ok
19:32:30.0933 5468 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:31.0011 5468 WUDFRd - ok
19:32:31.0121 5468 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:32:31.0167 5468 wudfsvc - ok
19:32:31.0230 5468 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:32:31.0245 5468 XAudio - ok
19:32:31.0355 5468 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:32:31.0417 5468 XAudioService - ok
19:32:31.0433 5468 ================ Scan global ===============================
19:32:31.0589 5468 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:32:31.0651 5468 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:32:31.0729 5468 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:32:31.0760 5468 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:32:31.0776 5468 [Global] - ok
19:32:31.0776 5468 ================ Scan MBR ==================================
19:32:31.0807 5468 [ BA70BB04CFF6ACEF99E84D053A374A50 ] \Device\Harddisk0\DR0
19:32:33.0071 5468 \Device\Harddisk0\DR0 - ok
19:32:33.0071 5468 ================ Scan VBR ==================================
19:32:33.0102 5468 [ F8BA7CFADE9F2C391621397874F1972C ] \Device\Harddisk0\DR0\Partition1
19:32:33.0164 5468 \Device\Harddisk0\DR0\Partition1 - ok
19:32:33.0164 5468 ============================================================
19:32:33.0164 5468 Scan finished
19:32:33.0164 5468 ============================================================
19:32:33.0180 4548 Detected object count: 9
19:32:33.0180 4548 Actual detected object count: 9
19:44:08.0945 4548 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0945 4548 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0945 4548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0945 4548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0961 4548 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0961 4548 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:44:08.0976 4548 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
19:44:08.0976 4548 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.12.2012, 20:25
| #6 | |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus |
|
15.12.2012, 21:19
| #7 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus So hier mal der log von combofix: Code:
ATTFilter ComboFix 12-12-14.01 - adadr 15.12.2012 20:46:28.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.43.1031.18.2038.979 [GMT 1:00]
ausgeführt von:: c:\users\adadr\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
c:\programdata\TheBflix\settings.ini
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-15 bis 2012-12-15 ))))))))))))))))))))))))))))))
.
.
2012-12-15 00:43 . 2012-12-15 00:43 -------- d-----w- c:\users\Adrian\AppData\Local\Mozilla
2012-12-15 00:43 . 2012-12-15 00:43 -------- d-----w- c:\users\Adrian\AppData\Local\Mozilla Firefox
2012-12-14 23:21 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 23:20 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 23:20 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-14 23:20 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-14 23:20 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E46C7EB-4052-41BE-B112-4B2FFDDD1D2B}\mpengine.dll
2012-12-14 23:19 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-06 22:18 . 2012-12-14 22:56 -------- d-----w- c:\users\Adrian\AppData\Roaming\Lenovo
2012-11-23 21:18 . 2012-11-23 21:19 -------- d-----w- c:\users\Adrian\AppData\Roaming\vlc
2012-11-22 21:18 . 2012-11-22 21:18 -------- d-----w- c:\users\adadr\AppData\Roaming\hellomoto
2012-11-15 21:39 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 23:04 . 2012-04-01 12:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 23:04 . 2011-05-16 09:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\adadr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\adadr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\adadr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2006-12-24 56368]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2006-11-10 64128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 243248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2006-12-19 263728]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2006-12-19 214576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-13 536576]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-11-28 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TpShocks"="TpShocks.exe" [2006-12-25 181808]
"LenovoRegistration"="c:\swtools\LenovoWelcome\LenovoRegistration.exe" [2006-12-29 32768]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-13 2614848]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2006-12-21 468528]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-14 120368]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-14 419376]
.
c:\users\adadr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-4-8 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://orf.at/
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\adadr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKCU-Run-VSD3DRefDebug - c:\users\adadr\AppData\Local\Microsoft\Windows\2742\VSD3DRefDebug.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(968)
c:\users\adadr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-15 21:12:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-15 20:11
.
Vor Suchlauf: 13 Verzeichnis(se), 30.338.666.496 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.801.883.136 Bytes frei
.
- - End Of File - - C3BDCDE45BAFAE00FB046CBE1425EC2F
|
|
15.12.2012, 22:33
| #8 |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Fein. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 00:05
| #9 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hallo, hier das malwarebytes-logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.15.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 adadr :: ADRIAN-LENOVO [Administrator] Schutz: Aktiviert 15.12.2012 22:52:05 mbam-log-2012-12-15 (22-52-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 338652 Laufzeit: 1 Stunde(n), 4 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\adadr\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\adadr\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\adadr\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
16.12.2012, 17:44
| #10 |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hi, na, das is ja schon mal was. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 17:47
| #11 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hi, tut mir leid, dass ich mich jetzt erst melde, war kaum zu Hause.. Hier die Liste von CCleaner: Code:
ATTFilter 7-Zip 4.65 17.04.2011 3,13MB notwendig Access Help 08.04.2011 1,65MB 2.00 unbekannt AdBeGone 1.21 19.06.2012 1,03MB unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.12.2012 11.5.502.135 notwendig Anzeige am Bildschirm 08.04.2011 5.00 unbekannt Avira Free Antivirus Avira 15.11.2012 108MB 12.1.9.1236 notwendig CCleaner Piriform 25.11.2012 5,05MB 3.25 brauch ich den? CDBurnerXP CDBurnerXP 17.04.2011 11,9MB 4.3.8.2523 notwendig Client Security Solution Lenovo Group Limited 09.04.2011 96,2MB 8.0.0113.00 unbekannt Dienstprogramm "ThinkPad UltraNav" 08.04.2011 1,62MB 1.01 unbekannt Diskeeper Home Diskeeper Corporation 09.04.2011 12,0MB 9.0.545 unbekannt Doxillion Document Converter NCH Software 05.05.2012 2,89MB unbekannt Dropbox Dropbox, Inc. 01.06.2012 26,1MB 1.4.7 notwendig Ergänzung zu Productivity Center für ThinkPad 08.04.2011 1,88MB 2.00 ubekannt Foxit Reader Foxit Corporation 17.04.2011 11,5MB 4.3.1.323 notwendig Help Center 08.04.2011 2,04MB 2.00b unbekannt Intel(R) Graphics Media Accelerator Driver 08.04.2011 notwendig Intel(R) PRO Network Connections Drivers 08.04.2011 notwendig Java(TM) 6 Update 24 Oracle 10.05.2011 94,8MB 6.0.240 notwendig Java(TM) 7 Update 5 Oracle 26.06.2012 99,3MB 7.0.50 unnötig JavaFX 2.1.1 Oracle Corporation 26.06.2012 20,8MB 2.1.1 notwendig (?) Lenovo System Interface Driver 08.04.2011 4,00KB 1.00 unbekannt Maintenance Manager 08.04.2011 6,14MB 3.0.2.0 unbekannt Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 15.12.2012 12,7MB 1.65.1.1000 notwendig Message Center 08.04.2011 2,03MB 2.00b unnötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 11.04.2011 36,9MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.04.2011 36,9MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 17.04.2011 120MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 17.04.2011 24,5MB 4.0.30319 notwendig Microsoft Office Home and Student 2010 Microsoft Corporation 02.11.2011 518MB 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 4.1.10329.0 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 11.05.2011 250KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.05.2011 592KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.04.2011 590KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.05.2012 10.0.40219 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.04.2011 35,0KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 10.04.2011 1,33MB 4.20.9876.0 unbekannt Paint.NET v3.5.10 dotPDN LLC 08.09.2012 10,6MB 3.60.0 notwendig PC-Doctor 5 für Windows PC-Doctor, Inc. 08.04.2011 118MB 5.00.4330.05 notwendig Picasa 2 Google, Inc. 09.04.2011 26,7MB 2.0 notwendig Präsentationsdirektor 08.04.2011 1,92MB 3.00c unbekannt Registry patch for Windows Vista USB S3 PM Enablement 08.04.2011 4,00KB 1.00 benötigt Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 08.04.2011 1.00 unbekannt -> mein Pc hat kein finger print scanner Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista 08.04.2011 4,00KB 1.01 unbekannt Rescue and Recovery Lenovo Group Limited 09.04.2011 80,1MB 4.00.0113.00 unbekannt SoundMAX Analog Devices 09.04.2011 32,0KB 6.10.1.5120 notwendig System Migration Assistant Lenovo Group Limited. 09.04.2011 29,7MB 5.20.0026 unbekannt ThinkPad Energie-Manager 08.04.2011 1,92MB 2.01 unbekannt ThinkPad FullScreen Magnifier 08.04.2011 1.16 unbekannt ThinkPad Mobility Center Customization Lenovo 09.04.2011 318KB 1.00.0000 unbekannt ThinkPad Modem 11.04.2011 0,98MB 7.62.00 unbekannt ThinkPad Power Management Driver 11.04.2011 1.43 unbekannt ThinkPad UltraNav Driver 06.09.2012 10,0MB 15.0.18.0 unbekannt Thinkpad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) Atheros Communications 09.04.2011 154MB 7.1.0.90 notwendig ThinkPad-Dienstprogramm 'EasyEject' 08.04.2011 1,89MB 2.30 unbekannt ThinkVantage Access Connections 09.04.2011 2,67MB 4.30 unnötig ThinkVantage Productivity Center 08.04.2011 1,93MB 2.00 unbekannt ThinkVantage System für aktiven Festplattenschutz Lenovo 09.04.2011 4,04MB 1.51 unbekannt ThinkVantage System Update Lenovo 09.04.2011 10,1MB 3.00.0022 unbekannt VLC media player 1.1.9 VideoLAN 17.04.2011 80,0MB 1.1.9 benötigt Windows Live Essentials Microsoft Corporation 26.09.2011 15.4.3538.0513 benötigt WinRAR 4.20 (32-Bit) win.rar GmbH 06.07.2012 4,20MB 4.20.0 WinRar oder 7-Zip? |
|
18.12.2012, 17:51
| #12 |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus deinstaliere: Doxillion Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren Deinstaliere: Maintenance Message Center Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:06
| #13 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hallo, hier bitte die logdatei: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 18/12/2012 um 19:02:46 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : adadr - ADRIAN-LENOVO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\adadr\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\adadr\AppData\Local\Conduit
Ordner Gefunden : C:\Users\adadr\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\adadr\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\adadr\AppData\LocalLow\TheBflix
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\SweetIM
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1697 octets] - [18/12/2012 19:02:46]
########## EOF - C:\AdwCleaner[R1].txt - [1757 octets] ##########
|
|
18.12.2012, 19:26
| #14 |
| /// Malware-holic | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Hi,
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 19:43
| #15 |
| | Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus Logdatei:adwcleaner Code:
ATTFilter # AdwCleaner v2.101 - Datei am 18/12/2012 um 19:36:21 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : adadr - ADRIAN-LENOVO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\adadr\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\adadr\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\adadr\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\adadr\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\adadr\AppData\LocalLow\TheBflix
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\SweetIM
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1826 octets] - [18/12/2012 19:02:46]
AdwCleaner[S1].txt - [1759 octets] - [18/12/2012 19:36:21]
########## EOF - C:\AdwCleaner[S1].txt - [1819 octets] ##########
|
|
| Themen zu Österreich Variante von "Dieser Pc ist für die verletzung der Gesetze..." Virus |
| angemeldet, beim starten, bildschirm, euro, fenster, festplatte, infizierte, konto, kurze, lenovo, maus, meldung, notebook, plötzlich, screen, seiten, starten, variante, virus, weiße, Österreich |
Linear-Darstellung
