|
Log-Analyse und Auswertung: GVU-Trojaner eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2012, 15:58 | #1 |
| GVU-Trojaner eingefangen Hallo liebe Helfer, ich habe mir heute auf meinem Lenovo ThinkPad Edge E530 den GVU-Trojaner eingefangen, in dem man aufgefordert wird 100€ zu zahlen, um den Laptop wieder zu entsperren (was ich natürlich nicht gemacht habe). Auf meinem alten Laptop habe ich mich daraufhin etwas im Internet darüber informiert und habe bereits folgende Schritte unternommen: 1.) Internet ausgeschaltet, Laptop über Power-Knopf ausgeschaltet und (offline) neu gestartet. Ergebnis: Seither ist keine Sperre mehr zu sehen und Laptop ohne (sichtbare) Probleme zu verwenden 2.) mehrfaches Scannen mit einem AntiVir-Programm ergab keine Fehlermeldungen 3.) die zu erledigenden Schritte vor dem Erstellen eines Beitrags in diesem Forum unternommen. Hier sind die Ergebnisse: OTL logfile created on: 28.12.2012 15:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free 7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32 Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe PRC - [2012.12.24 19:28:48 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.09.07 08:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2012.09.07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.08.09 03:28:12 | 000,145,256 | ---- | M] (AuthenTec Inc.) -- C:\Programme\Lenovo Fingerprint Reader\x86\BioMonitor.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2012.05.16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2012.05.15 16:26:56 | 001,528,120 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\SimpleTap\SimpleTap.exe PRC - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe PRC - [2012.04.10 17:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe PRC - [2012.02.24 10:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe PRC - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.02.21 18:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.01.25 08:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.12.24 19:28:30 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.17 17:34:28 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll MOD - [2012.11.17 17:33:47 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll MOD - [2012.11.17 17:32:21 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll MOD - [2012.11.17 17:32:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll MOD - [2012.11.17 17:32:14 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll MOD - [2012.11.17 17:32:11 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll MOD - [2012.11.17 17:32:11 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll MOD - [2012.11.17 17:31:35 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll MOD - [2012.11.15 23:02:20 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll MOD - [2012.11.15 23:02:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll MOD - [2012.11.15 23:01:59 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll MOD - [2012.11.15 23:01:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll MOD - [2012.11.15 22:56:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll MOD - [2012.11.15 22:56:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll MOD - [2012.11.15 22:56:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll MOD - [2012.11.15 22:56:41 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll MOD - [2012.11.15 22:56:40 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll MOD - [2012.11.15 22:56:39 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll MOD - [2012.11.15 22:56:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2012.02.29 07:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.12.28 21:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2012.12.24 19:28:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.27 21:49:52 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2012.08.09 03:27:56 | 000,328,552 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\Lenovo Fingerprint Reader\TrueSuiteService.exe -- (FPLService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2012.06.15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.05.16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.05.16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R) SRV - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.02.09 08:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.02 13:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.11.09 19:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 10:09:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2012.07.06 20:16:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.05.16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.04.02 05:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012.02.29 07:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.14 11:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.02.01 21:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.01.31 06:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.28 21:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.12.26 10:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.24 16:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.12.23 13:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.12.20 16:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.20 16:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.08 21:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 21:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.07 17:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.12.06 12:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.30 10:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.11.30 10:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.27 03:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.08.23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS) DRV:64bit: - [2011.05.29 11:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2011.03.30 01:57:24 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) DRV:64bit: - [2011.03.30 01:57:24 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.09.29 11:23:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\ex64.sys -- (NAVEX15) DRV - [2012.09.29 11:23:56 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\eng64.sys -- (NAVENG) DRV - [2012.09.15 12:09:45 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.09.08 09:33:34 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.31 23:32:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.31 23:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.01.30 19:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {7098F934-FBBA-4044-98BA-71783D8873C2} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE500 IE - HKCU\..\SearchScopes\{7098F934-FBBA-4044-98BA-71783D8873C2}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514&q={searchTerms}&r=689 IE - HKCU\..\SearchScopes\{DC08E7DC-247A-4D2A-97CD-181540FA95E5}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{FB6910B8-C4B7-439A-A54A-AC700FCB5B10}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F8E3799B-5576-4476-9794-9923BD139CE4&apn_sauid=AC2BF075-C41B-4200-813F-D7CE52E7E1AC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=KW_ss&mntrId=de8ad114000000000000000000000000&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.09.07 09:45:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.12.28 13:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.06 10:58:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.27 18:17:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.06 19:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Extensions [2012.12.22 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions [2012.12.22 22:36:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\ich@maltegoetz.de [2012.11.24 10:56:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\toolbar@ask.com [2012.11.24 10:56:30 | 000,002,308 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\askcom.xml [2012.09.06 19:36:55 | 000,001,523 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\zonealarm.xml [2012.12.24 19:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.24 19:28:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.01 17:45:30 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.25 03:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.13 19:50:22 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.12.24 19:28:29 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll CHR - plugin: TrueSuite (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Ask Toolbar = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\ CHR - Extension: Website Logon = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\ CHR - Extension: SiteAdvisor = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - Startup: C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66A4E558-1577-4C88-8C72-94F0E341C0D2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A8E848F-F561-4816-B1A8-B218ADF09978}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF20AEC-2AC9-42DB-9016-F9982AB1877E}: NameServer = 213.191.74.12 62.109.123.254 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.15 04:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 04:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 15:16:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe [2012.12.28 12:55:46 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll [2012.12.24 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.23 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Local\Macromedia [2012.12.22 22:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.12.15 17:41:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.01 17:47:28 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs [2012.12.01 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2012.12.01 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012.12.01 17:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs [2012.12.01 17:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012.12.01 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2012.12.01 17:45:52 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\NCH Software [2012.12.01 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Babylon [2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.09.09 08:19:20 | 006,233,848 | ---- | C] (Absolute Software Corp.) -- C:\Users\Forrest\AppData\Roaming\LoJackSetup.exe [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe [2012.12.28 15:16:27 | 000,000,000 | ---- | M] () -- C:\Users\Forrest\defogger_reenable [2012.12.28 15:11:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 14:49:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 14:49:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 14:49:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 14:49:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 14:49:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 13:35:30 | 629,696,000 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img [2012.12.28 13:35:15 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.12.28 13:35:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 13:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 13:34:27 | 2901,872,640 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 12:57:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.28 12:55:50 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 12:55:46 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll [2012.12.23 11:37:37 | 000,037,986 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml [2012.12.22 13:59:43 | 000,434,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.18 09:23:17 | 004,094,249 | ---- | M] () -- C:\Users\Forrest\Desktop\chem. Garten.jpeg [2012.12.15 17:41:30 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.12.01 17:46:53 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.28 15:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Forrest\defogger_reenable [2012.12.28 12:55:50 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 12:55:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.15 17:41:30 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.12.01 17:47:32 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk [2012.12.01 17:47:26 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad.lnk [2012.12.01 17:47:12 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk [2012.12.01 17:47:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk [2012.12.01 17:46:53 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk [2012.12.01 17:46:53 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk [2012.11.21 17:43:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.09.07 10:42:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.06 18:55:20 | 000,037,986 | ---- | C] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml [2012.09.06 18:54:54 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.09.06 15:08:20 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll [2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll [2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll [2012.07.06 10:29:23 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.07.06 10:29:23 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.07.06 10:29:21 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.06 10:29:19 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.01 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Babylon [2012.09.06 19:38:45 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\CheckPoint [2012.12.28 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Dropbox [2012.09.15 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\klett [2012.09.06 19:01:18 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Leadertech [2012.12.15 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Lenovo [2012.09.06 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\LSC [2012.11.27 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\mathegrafix [2012.09.06 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\PwrMgr ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten 2.jpeg:3or4kl4x13tuuug3Byamue2s4b < End of report > OTL Extras logfile created on: 28.12.2012 15:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free 7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32 Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A6DAA28-A70F-42F5-9971-27F6F1A23841}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0B750B9D-0494-4ECE-899B-DF365155E38D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{21E2F099-0E3C-4A70-AE4E-F7F00CFDE06E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B458400-3D61-4C09-AFB0-65996CFC4332}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2E5632CF-17E8-4979-9F73-7E61FC91BF73}" = rport=139 | protocol=6 | dir=out | app=system | "{308D4A52-B2D4-4E6D-A310-B424DD4CEA72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{41154DD5-3869-4E67-8934-0275BF39FD0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4A3785C8-0C72-435F-B6E3-70102CC3A35B}" = rport=138 | protocol=17 | dir=out | app=system | "{4FCDCA92-13E4-4055-8ED2-7467DDDFFED1}" = lport=138 | protocol=17 | dir=in | app=system | "{5199756C-EB26-42A8-A398-AE171EAC3FB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E6B3D44-AEF7-47C5-A79E-2D65BB393B40}" = rport=10243 | protocol=6 | dir=out | app=system | "{69B7CA96-3997-40BD-BAB6-BDF0CED366BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6C1BA950-8FCA-46BE-8E53-085F244CE538}" = lport=139 | protocol=6 | dir=in | app=system | "{75CEE9BF-1F1A-48D4-8C78-038FC0AE3994}" = lport=137 | protocol=17 | dir=in | app=system | "{7897F525-A875-4DCF-AAC7-E4F881D22522}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94D44A15-E91C-438C-837A-70619E761B68}" = lport=445 | protocol=6 | dir=in | app=system | "{95AB703A-A0D3-4477-8315-EF691873F20C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A5A89717-1370-4AEB-88A8-65D3B789BAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B0804DE3-EA16-4731-A056-3E7E6DC0FEC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B6186C08-D97E-4378-BE90-245CABC48E00}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C979429A-2926-441A-8B45-911FFC709C9F}" = rport=445 | protocol=6 | dir=out | app=system | "{D61BB4CC-0F80-46B9-ACF8-9F6B717DAE4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{DDCAE531-DEBD-4B03-8C66-0591F6FC010B}" = lport=10243 | protocol=6 | dir=in | app=system | "{E37E391F-6E50-4C70-816C-245C5597C43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F2DB4F6B-A6D7-40F2-AC0F-C52CB09E9DB3}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6342BCE-D362-41C1-B61D-FD0F31A9720D}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{173F00A9-9D45-4764-955D-86DACF35453E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2AC77A11-3F1C-49EC-91AB-50F4B7E9DB3A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{32EB15DE-CCAD-4406-8733-496E1DC6C5FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{453D66A5-3E76-4E45-AF15-1AE7EF252F25}" = protocol=6 | dir=in | app=d:\alicesetup.exe | "{4885C6CE-0349-4103-BEE1-1D7D3669724B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{561CEC8D-946E-4B66-AB73-CD8B532A99EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{57F3E05F-2850-420D-84DB-4834728C239E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{683B9C66-6DEA-465D-8239-2FA0A13C29B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{68922BD4-A025-44B9-87A5-C39562E48185}" = protocol=6 | dir=out | app=system | "{6A30B5D2-DBF1-4236-B52D-80719CDDE522}" = protocol=17 | dir=in | app=d:\alicesetup.exe | "{6E7AED19-BFD6-460D-B955-A6003CB5EAD7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{707E71F6-CBC5-48B4-9FDC-98520E799946}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{7168C68D-249D-4C44-AA04-EAB93A3302FD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{79DF38B0-ABA8-4922-9D91-98DA811530E5}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{91BA5BD4-0CFC-43F0-BE99-99E7329F9D18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9B00668A-A914-46C5-ADE3-0CEF44C04302}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{9FF1F201-BFCB-4DEC-BBC4-DBC8767BEC9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A0C2F6CE-1490-40E1-876C-899ABD2ED0D3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{A529A452-924F-4524-93AE-45B12DBF7A77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB2613CE-FF64-433F-9598-E6B5D4AA7DF3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{AC24A7E2-9E6C-4A48-9170-E1CA9DDB18BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AF6FDE44-C3CD-4CE8-968B-1CD3C69822C0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C3096404-9932-407C-AE89-7ADB74251431}" = protocol=58 | dir=in | app=system | "{C31DB8BD-4AA2-4948-8CC0-6E4C0C0F58A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C7C1D5E4-A0B4-4161-B550-05D39418D1CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCEC526E-F42A-4E3A-9DCD-749F92F9C3A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D2716BEB-FAB9-40C5-A9E7-A112FA16FB48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{D86844F6-D811-4879-B384-DBA2A44199AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DAFF418D-3798-4543-AB07-0CD5E5E14675}" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe | "{E1DADAF2-0A2B-4399-8B37-1C3D04A58553}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{E5F54905-463E-4911-903A-08D02B42356F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E647F674-677B-48D6-B6CE-02B50521D531}" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe | "{E92CFB06-6094-493F-8B81-A7A00BE25242}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED751172-7B97-404D-8984-6D675910B3E4}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{EDE96B4E-3B66-4465-858A-7E6043AC9364}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F90F0252-9FF8-45D4-B7E4-2BB9516B294F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F9A9BDE4-410A-415A-96C8-FC9D81F4D064}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{FF3ACCEF-E57C-4E89-B89B-75DFD69BF4E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{326E22DA-E5A4-453E-BB68-68A3C499DD53}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F1BD778E-A4DA-42FF-A9FE-93746ED9129E}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{79AB31DF-83A6-4D49-A70E-C4CA114B0605}" = Lenovo Solution Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software "{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap "{C5BB9380-D729-410A-A440-061EBCADCCB9}" = Fingerprint Reader "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = Lenovo Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{235E938E-ACDF-4646-ADAF-38F8D403EDAF}_is1" = Elemente Chemie Arbeitsblätter 1 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99DBFE8E-8143-4311-816B-AC3FE200B933}" = Rund um ... Chemie heute SI (Teil 1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D45EAB00-6FAE-417B-8A4E-9578E2215F63}_is1" = Elemente Chemie Arbeitsblätter 2 deinstallieren "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BabylonToolbar" = Babylon toolbar "Fastboot" = RapidBoot HDD Accelerator "Google Chrome" = Google Chrome "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Klett Service-CD Lambacher Schweizer" = Klett Service-CD Lambacher Schweizer "McAfee Security Scan" = McAfee Security Scan Plus "MixPad" = MixPad "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PhotoStage" = PhotoStage Slideshow Producer "Prism" = Prism Video File Converter "SugarSync" = SugarSync Manager "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 2.0.3 "WavePad" = WavePad Sound Editor "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Dropbox" = Dropbox "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.12.2012 18:16:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 10.12.2012 13:03:17 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 11.12.2012 12:28:49 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 12.12.2012 09:38:20 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 12.12.2012 11:02:52 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.95, Zeitstempel: 0x50b5708f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x72d94f0d ID des fehlerhaften Prozesses: 0x26b0 Startzeit der fehlerhaften Anwendung: 0x01cdd874530dff3e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ffdbc091-446c-11e2-942c-b888e3337514 Error - 13.12.2012 12:27:29 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 13.12.2012 17:12:22 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 14.12.2012 12:13:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 15.12.2012 12:26:08 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10 Description = Error - 15.12.2012 12:29:57 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.97, Zeitstempel: 0x50be88d8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73224f0d ID des fehlerhaften Prozesses: 0x1eec Startzeit der fehlerhaften Anwendung: 0x01cddae143a277a6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a942d990-46d4-11e2-8cbc-685d43930278 [ Lenovo-Message Center Plus/Admin Events ] Error - 06.12.2012 17:24:59 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 13.12.2012 18:05:43 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 13.12.2012 18:05:45 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 13.12.2012 18:05:47 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 12:33:08 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 12:33:10 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 12:33:13 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt [ System Events ] Error - 18.12.2012 03:43:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage: %%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 18.12.2012 05:56:57 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 18.12.2012 05:56:58 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 18.12.2012 05:56:59 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 18.12.2012 06:06:43 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage: %%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 18.12.2012 18:10:05 | Computer Name = Forrest-THINK | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 19.12.2012 12:41:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2135.0 Update Source: %%859 Update Stage: %%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 19.12.2012 18:10:49 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433 Description = Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > da bei den anderen posts die Sperre nicht wegging bzw. immer darauf hingewiesen wurde, dass das nicht für jeden PC 1:1 zu übernehmen ist, hoffe ich, dass mir jemand von euch weiterhelfen kann und mir sagt, wie ich weiter vorzugehen hab... Schon mal vielen Dank im Vorraus |
28.12.2012, 16:04 | #2 |
/// Malware-holic | GVU-Trojaner eingefangen hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.12.28 12:57:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.28 12:55:50 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 12:55:46 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
28.12.2012, 20:04 | #3 |
| GVU-Trojaner eingefangen Hallo Markus,
__________________vielen Dank für die schnelle Antwort. Deine Anweisungen habe ich durchgeführt. Das hat alles soweit ohne Probleme funktioniert. Ebenso der Upload der Dateien im Uploadchannel (denke ich zumindest). Ansonsten kurz Bescheid geben. Wie geht es weiter...? Gruß, Marcus War gerade auf meinem Laptop bei Microsoft Security Essentials. Folgender Treffer wurde heute Mittag gelandet: Trojan:Win32/Reveton!Ink Weiß nicht, ob diese Info weiterhilft?! Geändert von mithrandir31 (28.12.2012 um 20:15 Uhr) |
03.01.2013, 17:09 | #4 |
/// Malware-holic | GVU-Trojaner eingefangen Sorry für die Wartezeit hatte urlaub download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.01.2013, 13:14 | #5 |
| GVU-Trojaner eingefangen Kein Thema, hoffe, du hattest nen schönen Urlaub, und vielen Dank, dass du jetzt wieder da bist ;-) Hab die weiteren Anweisungen ausgeführt und das Ergebnis im Uploadchannel als txt-datei bereit gestellt. Wolltest du den gesamten Report oder nur die Details, hab jetzt mal den Report reingestellt. Wie gehts nun weiter? |
05.01.2013, 18:05 | #6 |
/// Malware-holic | GVU-Trojaner eingefangen Hi logs bitte immer hier im Thema posten, bitte poste das Log noch mal, danke
__________________ --> GVU-Trojaner eingefangen |
05.01.2013, 22:09 | #7 |
| GVU-Trojaner eingefangen 12:56:00.0635 2208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 12:56:00.0932 2208 ============================================================ 12:56:00.0932 2208 Current date / time: 2013/01/04 12:56:00.0932 12:56:00.0932 2208 SystemInfo: 12:56:00.0932 2208 12:56:00.0932 2208 OS Version: 6.1.7601 ServicePack: 1.0 12:56:00.0932 2208 Product type: Workstation 12:56:00.0932 2208 ComputerName: FORREST-THINK 12:56:00.0932 2208 UserName: Forrest 12:56:00.0932 2208 Windows directory: C:\Windows 12:56:00.0932 2208 System windows directory: C:\Windows 12:56:00.0932 2208 Running under WOW64 12:56:00.0932 2208 Processor architecture: Intel x64 12:56:00.0932 2208 Number of processors: 8 12:56:00.0932 2208 Page size: 0x1000 12:56:00.0932 2208 Boot type: Normal boot 12:56:00.0932 2208 ============================================================ 12:56:01.0742 2208 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:56:01.0743 2208 Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:56:01.0756 2208 Drive \Device\Harddisk2\DR4 - Size: 0x3A2800000 (14.54 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:56:01.0767 2208 Drive \Device\Harddisk3\DR5 - Size: 0xED9DE000 (3.71 Gb), SectorSize: 0x400, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:56:01.0772 2208 ============================================================ 12:56:01.0772 2208 \Device\Harddisk0\DR0: 12:56:01.0773 2208 MBR partitions: 12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000 12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x54F2F000 12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5521D800, BlocksNum 0x2328000 12:56:01.0773 2208 \Device\Harddisk1\DR1: 12:56:01.0773 2208 Invalid mbr signature 12:56:01.0774 2208 \Device\Harddisk2\DR4: 12:56:01.0774 2208 MBR partitions: 12:56:01.0774 2208 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D12080 12:56:01.0774 2208 \Device\Harddisk3\DR5: 12:56:01.0776 2208 MBR partitions: 12:56:01.0776 2208 ============================================================ 12:56:01.0828 2208 C: <-> \Device\Harddisk0\DR0\Partition2 12:56:01.0915 2208 Q: <-> \Device\Harddisk0\DR0\Partition3 12:56:01.0915 2208 ============================================================ 12:56:01.0915 2208 Initialize success 12:56:01.0915 2208 ============================================================ 12:56:42.0450 2476 ============================================================ 12:56:42.0450 2476 Scan started 12:56:42.0450 2476 Mode: Manual; SigCheck; TDLFS; 12:56:42.0450 2476 ============================================================ 12:56:42.0656 2476 ================ Scan system memory ======================== 12:56:42.0656 2476 System memory - ok 12:56:42.0657 2476 ================ Scan services ============================= 12:56:42.0899 2476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:56:42.0988 2476 1394ohci - ok 12:56:43.0045 2476 [ 144D54704A881047AE1084C6F1163060 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 12:56:43.0115 2476 5U877 - ok 12:56:43.0159 2476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:56:43.0203 2476 ACPI - ok 12:56:43.0226 2476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:56:43.0295 2476 AcpiPmi - ok 12:56:43.0461 2476 [ 6A53AAEC52611285F32F1B71321F2604 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 12:56:43.0569 2476 AcPrfMgrSvc - ok 12:56:43.0606 2476 [ 04762CCCFBB3103E3567B582ECF561A6 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 12:56:43.0744 2476 AcSvc - ok 12:56:43.0841 2476 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:56:43.0932 2476 AdobeARMservice - ok 12:56:44.0019 2476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 12:56:44.0066 2476 adp94xx - ok 12:56:44.0113 2476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 12:56:44.0147 2476 adpahci - ok 12:56:44.0187 2476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 12:56:44.0223 2476 adpu320 - ok 12:56:44.0259 2476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:56:44.0462 2476 AeLookupSvc - ok 12:56:44.0524 2476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 12:56:44.0618 2476 AFD - ok 12:56:44.0711 2476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:56:44.0743 2476 agp440 - ok 12:56:44.0774 2476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 12:56:44.0899 2476 ALG - ok 12:56:44.0930 2476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 12:56:44.0961 2476 aliide - ok 12:56:44.0961 2476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 12:56:44.0977 2476 amdide - ok 12:56:45.0008 2476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 12:56:45.0057 2476 AmdK8 - ok 12:56:45.0063 2476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 12:56:45.0124 2476 AmdPPM - ok 12:56:45.0138 2476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:56:45.0155 2476 amdsata - ok 12:56:45.0162 2476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 12:56:45.0183 2476 amdsbs - ok 12:56:45.0194 2476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:56:45.0209 2476 amdxata - ok 12:56:45.0258 2476 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 12:56:45.0312 2476 AMPPAL - ok 12:56:45.0319 2476 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 12:56:45.0341 2476 AMPPALP - ok 12:56:45.0491 2476 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 12:56:46.0274 2476 AMPPALR3 - ok 12:56:46.0306 2476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 12:56:46.0340 2476 AppID - ok 12:56:46.0378 2476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:56:46.0460 2476 AppIDSvc - ok 12:56:46.0473 2476 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 12:56:46.0563 2476 Appinfo - ok 12:56:46.0608 2476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 12:56:46.0626 2476 arc - ok 12:56:46.0630 2476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 12:56:46.0648 2476 arcsas - ok 12:56:46.0676 2476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:56:46.0725 2476 AsyncMac - ok 12:56:46.0747 2476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 12:56:46.0762 2476 atapi - ok 12:56:46.0830 2476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:56:46.0939 2476 AudioEndpointBuilder - ok 12:56:46.0948 2476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:56:46.0991 2476 AudioSrv - ok 12:56:47.0045 2476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:56:47.0088 2476 AxInstSV - ok 12:56:47.0167 2476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 12:56:47.0235 2476 b06bdrv - ok 12:56:47.0289 2476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:56:47.0352 2476 b57nd60a - ok 12:56:47.0408 2476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 12:56:47.0472 2476 BDESVC - ok 12:56:47.0523 2476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 12:56:47.0591 2476 Beep - ok 12:56:47.0655 2476 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 12:56:47.0764 2476 BFE - ok 12:56:47.0904 2476 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys 12:56:47.0958 2476 BHDrvx64 - ok 12:56:47.0994 2476 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 12:56:48.0051 2476 BITS - ok 12:56:48.0069 2476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:56:48.0097 2476 blbdrive - ok 12:56:48.0191 2476 [ A52EA1D8C2900055323C93DDB252A3DA ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 12:56:48.0585 2476 Bluetooth Device Monitor - ok 12:56:48.0616 2476 [ 091210450CA7CED08F360D9D7FEC5D11 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 12:56:49.0006 2476 Bluetooth Media Service - ok 12:56:49.0068 2476 [ 392450754E17FF778CBC5B9D20583AD1 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 12:56:49.0482 2476 Bluetooth OBEX Service - ok 12:56:49.0522 2476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:56:49.0578 2476 bowser - ok 12:56:49.0612 2476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 12:56:49.0656 2476 BrFiltLo - ok 12:56:49.0660 2476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 12:56:49.0690 2476 BrFiltUp - ok 12:56:49.0722 2476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 12:56:49.0782 2476 Browser - ok 12:56:49.0821 2476 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 12:56:49.0880 2476 BrSerIb - ok 12:56:49.0912 2476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:56:49.0986 2476 Brserid - ok 12:56:49.0991 2476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:56:50.0040 2476 BrSerWdm - ok 12:56:50.0066 2476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:56:50.0095 2476 BrUsbMdm - ok 12:56:50.0098 2476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:56:50.0118 2476 BrUsbSer - ok 12:56:50.0155 2476 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 12:56:50.0188 2476 BrUsbSIb - ok 12:56:50.0217 2476 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 12:56:50.0304 2476 BthEnum - ok 12:56:50.0338 2476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 12:56:50.0395 2476 BTHMODEM - ok 12:56:50.0408 2476 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 12:56:50.0457 2476 BthPan - ok 12:56:50.0495 2476 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 12:56:50.0539 2476 BTHPORT - ok 12:56:50.0576 2476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 12:56:50.0657 2476 bthserv - ok 12:56:50.0693 2476 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 12:56:50.0728 2476 BTHSSecurityMgr - ok 12:56:50.0751 2476 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 12:56:50.0790 2476 BTHUSB - ok 12:56:50.0824 2476 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 12:56:50.0893 2476 btmaux - ok 12:56:50.0926 2476 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 12:56:51.0008 2476 btmhsf - ok 12:56:51.0091 2476 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys 12:56:51.0128 2476 ccSet_NIS - ok 12:56:51.0161 2476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:56:51.0240 2476 cdfs - ok 12:56:51.0281 2476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:56:51.0324 2476 cdrom - ok 12:56:51.0371 2476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 12:56:51.0464 2476 CertPropSvc - ok 12:56:51.0511 2476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 12:56:51.0558 2476 circlass - ok 12:56:51.0574 2476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 12:56:51.0620 2476 CLFS - ok 12:56:51.0714 2476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:56:51.0808 2476 clr_optimization_v2.0.50727_32 - ok 12:56:51.0854 2476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:56:51.0886 2476 clr_optimization_v2.0.50727_64 - ok 12:56:51.0948 2476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:56:52.0010 2476 clr_optimization_v4.0.30319_32 - ok 12:56:52.0073 2476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:56:52.0104 2476 clr_optimization_v4.0.30319_64 - ok 12:56:52.0135 2476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:56:52.0182 2476 CmBatt - ok 12:56:52.0213 2476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:56:52.0244 2476 cmdide - ok 12:56:52.0296 2476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 12:56:52.0336 2476 CNG - ok 12:56:52.0410 2476 [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 12:56:52.0486 2476 CnxtHdAudService - ok 12:56:52.0531 2476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 12:56:52.0562 2476 Compbatt - ok 12:56:52.0588 2476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 12:56:52.0634 2476 CompositeBus - ok 12:56:52.0665 2476 COMSysApp - ok 12:56:52.0799 2476 [ E1C17DC650A7FA69DE63C4D4A8E888EA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 12:56:52.0900 2476 cphs - ok 12:56:52.0940 2476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 12:56:52.0956 2476 crcdisk - ok 12:56:52.0995 2476 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:56:53.0086 2476 CryptSvc - ok 12:56:53.0216 2476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:56:53.0301 2476 DcomLaunch - ok 12:56:53.0369 2476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 12:56:53.0453 2476 defragsvc - ok 12:56:53.0502 2476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:56:53.0564 2476 DfsC - ok 12:56:53.0656 2476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 12:56:53.0780 2476 Dhcp - ok 12:56:53.0803 2476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 12:56:53.0872 2476 discache - ok 12:56:53.0956 2476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 12:56:53.0996 2476 Disk - ok 12:56:54.0495 2476 [ 4453DA8650DA827BC33B8D41A8F97894 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe 12:56:54.0741 2476 DisplayLinkService - ok 12:56:54.0782 2476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:56:54.0877 2476 Dnscache - ok 12:56:54.0924 2476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:56:55.0004 2476 dot3svc - ok 12:56:55.0022 2476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 12:56:55.0079 2476 DPS - ok 12:56:55.0137 2476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:56:55.0195 2476 drmkaud - ok 12:56:55.0230 2476 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:56:55.0274 2476 DXGKrnl - ok 12:56:55.0317 2476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 12:56:55.0379 2476 EapHost - ok 12:56:55.0473 2476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 12:56:55.0551 2476 ebdrv - ok 12:56:55.0660 2476 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 12:56:55.0707 2476 eeCtrl - ok 12:56:55.0738 2476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 12:56:55.0800 2476 EFS - ok 12:56:55.0878 2476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:56:56.0060 2476 ehRecvr - ok 12:56:56.0090 2476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 12:56:56.0230 2476 ehSched - ok 12:56:56.0290 2476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 12:56:56.0318 2476 elxstor - ok 12:56:56.0416 2476 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:56:56.0458 2476 EraserUtilRebootDrv - ok 12:56:56.0461 2476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:56:56.0484 2476 ErrDev - ok 12:56:56.0527 2476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 12:56:56.0595 2476 EventSystem - ok 12:56:56.0683 2476 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 12:56:56.0711 2476 EvtEng - ok 12:56:56.0739 2476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 12:56:56.0777 2476 exfat - ok 12:56:56.0862 2476 [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot C:\Windows\system32\DRIVERS\Fastboot.sys 12:56:56.0889 2476 Fastboot - ok 12:56:57.0014 2476 [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe 12:56:57.0048 2476 FastbootService - ok 12:56:57.0069 2476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:56:57.0117 2476 fastfat - ok 12:56:57.0191 2476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 12:56:57.0388 2476 Fax - ok 12:56:57.0420 2476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 12:56:57.0451 2476 fdc - ok 12:56:57.0482 2476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 12:56:57.0513 2476 fdPHost - ok 12:56:57.0529 2476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 12:56:57.0560 2476 FDResPub - ok 12:56:57.0591 2476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:56:57.0607 2476 FileInfo - ok 12:56:57.0622 2476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:56:57.0685 2476 Filetrace - ok 12:56:57.0716 2476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 12:56:57.0732 2476 flpydisk - ok 12:56:57.0778 2476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:56:57.0825 2476 FltMgr - ok 12:56:57.0856 2476 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 12:56:57.0934 2476 FontCache - ok 12:56:57.0981 2476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:56:57.0997 2476 FontCache3.0.0.0 - ok 12:56:58.0059 2476 [ 327C3EF11AD3A7262951FAC5D705F546 ] FPLService C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe 12:56:58.0122 2476 FPLService - ok 12:56:58.0137 2476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:56:58.0153 2476 FsDepends - ok 12:56:58.0200 2476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:56:58.0215 2476 Fs_Rec - ok 12:56:58.0231 2476 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:56:58.0262 2476 fvevol - ok 12:56:58.0287 2476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 12:56:58.0305 2476 gagp30kx - ok 12:56:58.0339 2476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 12:56:58.0390 2476 gpsvc - ok 12:56:58.0519 2476 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:56:58.0676 2476 gupdate - ok 12:56:58.0731 2476 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:56:58.0785 2476 gupdatem - ok 12:56:58.0838 2476 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 12:56:59.0281 2476 gusvc - ok 12:56:59.0327 2476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:56:59.0395 2476 hcw85cir - ok 12:56:59.0428 2476 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:56:59.0486 2476 HdAudAddService - ok 12:56:59.0526 2476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 12:56:59.0566 2476 HDAudBus - ok 12:56:59.0569 2476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 12:56:59.0599 2476 HidBatt - ok 12:56:59.0603 2476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 12:56:59.0632 2476 HidBth - ok 12:56:59.0654 2476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 12:56:59.0673 2476 HidIr - ok 12:56:59.0709 2476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 12:56:59.0781 2476 hidserv - ok 12:56:59.0853 2476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:56:59.0883 2476 HidUsb - ok 12:56:59.0932 2476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:56:59.0987 2476 hkmsvc - ok 12:57:00.0006 2476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:57:00.0068 2476 HomeGroupListener - ok 12:57:00.0109 2476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:57:00.0145 2476 HomeGroupProvider - ok 12:57:00.0168 2476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:57:00.0185 2476 HpSAMD - ok 12:57:00.0284 2476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:57:00.0354 2476 HTTP - ok 12:57:00.0364 2476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:57:00.0374 2476 hwpolicy - ok 12:57:00.0434 2476 [ 46FD38CBD57D2EC86C42DCCE05C82F67 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 12:57:00.0454 2476 HyperW7Svc - ok 12:57:00.0484 2476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 12:57:00.0504 2476 i8042prt - ok 12:57:00.0564 2476 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 12:57:00.0644 2476 iaStor - ok 12:57:00.0714 2476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:57:01.0045 2476 iaStorV - ok 12:57:01.0170 2476 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 12:57:01.0201 2476 IBMPMDRV - ok 12:57:01.0452 2476 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 12:57:01.0579 2476 IBMPMSVC - ok 12:57:01.0696 2476 [ 60CC7AE9AEDB4D1E7923BD053B176D97 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys 12:57:01.0778 2476 ibtfltcoex - ok 12:57:02.0246 2476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:57:02.0398 2476 idsvc - ok 12:57:02.0965 2476 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSvia64.sys 12:57:03.0139 2476 IDSVia64 - ok 12:57:04.0206 2476 [ E910E770A54E55973FFBE663C3254000 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 12:57:05.0094 2476 igfx - ok 12:57:05.0144 2476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 12:57:05.0167 2476 iirsp - ok 12:57:05.0265 2476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 12:57:05.0375 2476 IKEEXT - ok 12:57:05.0558 2476 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 12:57:05.0574 2476 intaud_WaveExtensible - ok 12:57:05.0676 2476 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 12:57:05.0772 2476 IntcDAud - ok 12:57:06.0054 2476 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 12:57:06.0983 2476 Intel(R) Capability Licensing Service Interface - ok 12:57:07.0186 2476 [ FB166D86AFCBD9A9BFD342DC2564F5DF ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 12:57:07.0311 2476 Intel(R) ME Service - ok 12:57:07.0577 2476 [ 16DF912A1C88B7AE46E907661F31AA77 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe 12:57:07.0598 2476 Intel(R) Small Business Advantage - ok 12:57:07.0632 2476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 12:57:07.0647 2476 intelide - ok 12:57:07.0688 2476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:57:07.0723 2476 intelppm - ok 12:57:07.0846 2476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:57:07.0937 2476 IPBusEnum - ok 12:57:07.0957 2476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:57:07.0990 2476 IpFilterDriver - ok 12:57:08.0174 2476 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:57:08.0266 2476 iphlpsvc - ok 12:57:08.0345 2476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:57:08.0425 2476 IPMIDRV - ok 12:57:08.0428 2476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:57:08.0473 2476 IPNAT - ok 12:57:08.0510 2476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:57:08.0550 2476 IRENUM - ok 12:57:08.0568 2476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:57:08.0583 2476 isapnp - ok 12:57:08.0613 2476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:57:08.0649 2476 iScsiPrt - ok 12:57:08.0732 2476 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 12:57:08.0748 2476 iusb3hcs - ok 12:57:08.0765 2476 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 12:57:08.0803 2476 iusb3hub - ok 12:57:08.0859 2476 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 12:57:08.0889 2476 iusb3xhc - ok 12:57:09.0016 2476 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys 12:57:09.0073 2476 iwdbus - ok 12:57:09.0173 2476 [ B443D3D1B6F21C2B424E49491B65C488 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 12:57:09.0216 2476 jhi_service - ok 12:57:09.0268 2476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:57:09.0287 2476 kbdclass - ok 12:57:09.0321 2476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:57:09.0358 2476 kbdhid - ok 12:57:09.0378 2476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 12:57:09.0394 2476 KeyIso - ok 12:57:09.0441 2476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:57:09.0456 2476 KSecDD - ok 12:57:09.0534 2476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:57:09.0550 2476 KSecPkg - ok 12:57:09.0628 2476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:57:09.0690 2476 ksthunk - ok 12:57:09.0800 2476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 12:57:09.0893 2476 KtmRm - ok 12:57:09.0971 2476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:57:10.0049 2476 LanmanServer - ok 12:57:10.0127 2476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:57:10.0205 2476 LanmanWorkstation - ok 12:57:10.0268 2476 [ D157679261C0F6739784166CB984A933 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 12:57:10.0377 2476 LENOVO.CAMMUTE - ok 12:57:10.0475 2476 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 12:57:10.0524 2476 LENOVO.MICMUTE - ok 12:57:10.0555 2476 [ 9D37F8F00324E9C6C7C5369E50D92EB6 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 12:57:10.0692 2476 LENOVO.TPKNRSVC - ok 12:57:10.0715 2476 [ 3038396D26AE40D7C2E7E775870EB458 ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe 12:57:10.0749 2476 LENOVO.TVTVCAM - ok 12:57:10.0815 2476 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 12:57:10.0847 2476 Lenovo.VIRTSCRLSVC - ok 12:57:10.0924 2476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:57:11.0012 2476 lltdio - ok 12:57:11.0064 2476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:57:11.0107 2476 lltdsvc - ok 12:57:11.0178 2476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:57:11.0234 2476 lmhosts - ok 12:57:11.0380 2476 [ 9BE23DF9B1FC56F58DD0F28CC187E713 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:57:11.0474 2476 LMS - ok 12:57:11.0536 2476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 12:57:11.0552 2476 LSI_FC - ok 12:57:11.0552 2476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 12:57:11.0567 2476 LSI_SAS - ok 12:57:11.0567 2476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 12:57:11.0583 2476 LSI_SAS2 - ok 12:57:11.0599 2476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 12:57:11.0614 2476 LSI_SCSI - ok 12:57:11.0630 2476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 12:57:11.0677 2476 luafv - ok 12:57:11.0864 2476 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe 12:57:11.0895 2476 McAfee SiteAdvisor Service - ok 12:57:12.0020 2476 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe 12:57:12.0067 2476 McComponentHostService - ok 12:57:12.0113 2476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:57:12.0160 2476 Mcx2Svc - ok 12:57:12.0191 2476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 12:57:12.0207 2476 megasas - ok 12:57:12.0238 2476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 12:57:12.0269 2476 MegaSR - ok 12:57:12.0332 2476 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 12:57:12.0347 2476 MEIx64 - ok 12:57:12.0472 2476 Microsoft SharePoint Workspace Audit Service - ok 12:57:12.0503 2476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 12:57:12.0566 2476 MMCSS - ok 12:57:12.0628 2476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 12:57:12.0675 2476 Modem - ok 12:57:12.0722 2476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:57:12.0769 2476 monitor - ok 12:57:12.0815 2476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:57:12.0831 2476 mouclass - ok 12:57:12.0893 2476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:57:12.0940 2476 mouhid - ok 12:57:12.0987 2476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:57:13.0003 2476 mountmgr - ok 12:57:13.0127 2476 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:57:13.0174 2476 MozillaMaintenance - ok 12:57:13.0315 2476 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 12:57:13.0346 2476 MpFilter - ok 12:57:13.0425 2476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 12:57:13.0442 2476 mpio - ok 12:57:13.0499 2476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:57:13.0531 2476 mpsdrv - ok 12:57:13.0640 2476 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:57:13.0690 2476 MpsSvc - ok 12:57:13.0718 2476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:57:13.0758 2476 MRxDAV - ok 12:57:13.0786 2476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:57:13.0853 2476 mrxsmb - ok 12:57:13.0913 2476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:57:13.0970 2476 mrxsmb10 - ok 12:57:13.0985 2476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:57:14.0002 2476 mrxsmb20 - ok 12:57:14.0033 2476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 12:57:14.0048 2476 msahci - ok 12:57:14.0084 2476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:57:14.0102 2476 msdsm - ok 12:57:14.0121 2476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 12:57:14.0159 2476 MSDTC - ok 12:57:14.0200 2476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:57:14.0232 2476 Msfs - ok 12:57:14.0316 2476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:57:14.0380 2476 mshidkmdf - ok 12:57:14.0380 2476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:57:14.0396 2476 msisadrv - ok 12:57:14.0474 2476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:57:14.0536 2476 MSiSCSI - ok 12:57:14.0536 2476 msiserver - ok 12:57:14.0599 2476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:57:14.0661 2476 MSKSSRV - ok 12:57:14.0801 2476 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 12:57:14.0817 2476 MsMpSvc - ok 12:57:14.0895 2476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:57:14.0926 2476 MSPCLOCK - ok 12:57:14.0957 2476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:57:14.0989 2476 MSPQM - ok 12:57:15.0051 2476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:57:15.0067 2476 MsRPC - ok 12:57:15.0145 2476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 12:57:15.0160 2476 mssmbios - ok 12:57:15.0301 2476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:57:15.0347 2476 MSTEE - ok 12:57:15.0347 2476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 12:57:15.0378 2476 MTConfig - ok 12:57:15.0404 2476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 12:57:15.0424 2476 Mup - ok 12:57:15.0525 2476 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 12:57:15.0622 2476 MyWiFiDHCPDNS - ok 12:57:15.0671 2476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 12:57:15.0737 2476 napagent - ok 12:57:15.0863 2476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:57:15.0888 2476 NativeWifiP - ok 12:57:16.0007 2476 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\ENG64.SYS 12:57:16.0024 2476 NAVENG - ok 12:57:16.0208 2476 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\EX64.SYS 12:57:16.0289 2476 NAVEX15 - ok 12:57:16.0365 2476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:57:16.0412 2476 NDIS - ok 12:57:16.0471 2476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:57:16.0522 2476 NdisCap - ok 12:57:16.0556 2476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:57:16.0589 2476 NdisTapi - ok 12:57:16.0633 2476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:57:16.0679 2476 Ndisuio - ok 12:57:16.0726 2476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:57:16.0793 2476 NdisWan - ok 12:57:16.0817 2476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:57:16.0857 2476 NDProxy - ok 12:57:16.0886 2476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:57:16.0938 2476 NetBIOS - ok 12:57:16.0993 2476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:57:17.0043 2476 NetBT - ok 12:57:17.0078 2476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 12:57:17.0096 2476 Netlogon - ok 12:57:17.0220 2476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 12:57:17.0294 2476 Netman - ok 12:57:17.0381 2476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 12:57:17.0460 2476 netprofm - ok 12:57:17.0507 2476 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:57:17.0523 2476 NetTcpPortSharing - ok 12:57:18.0365 2476 [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys 12:57:18.0714 2476 NETwNs64 - ok 12:57:18.0769 2476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 12:57:18.0785 2476 nfrd960 - ok 12:57:18.0945 2476 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe 12:57:18.0990 2476 NIS - ok 12:57:19.0069 2476 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 12:57:19.0087 2476 NisDrv - ok 12:57:19.0183 2476 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 12:57:19.0233 2476 NisSrv - ok 12:57:19.0271 2476 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:57:19.0315 2476 NlaSvc - ok 12:57:19.0352 2476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:57:19.0386 2476 Npfs - ok 12:57:19.0418 2476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 12:57:19.0465 2476 nsi - ok 12:57:19.0481 2476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:57:19.0527 2476 nsiproxy - ok 12:57:19.0746 2476 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:57:19.0793 2476 Ntfs - ok 12:57:19.0886 2476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 12:57:19.0949 2476 Null - ok 12:57:20.0953 2476 [ 9B635F8CC717E51F4780DF61B1BD74C0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:57:21.0296 2476 nvlddmkm - ok 12:57:21.0330 2476 [ 6077B62EADE7B4B692AFB92ACEA3A154 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 12:57:21.0345 2476 nvpciflt - ok 12:57:21.0420 2476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:57:21.0451 2476 nvraid - ok 12:57:21.0638 2476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:57:21.0669 2476 nvstor - ok 12:57:21.0763 2476 [ DE6940FB71C4CAE080A7F5D824A68EBE ] nvsvc C:\Windows\system32\nvvsvc.exe 12:57:21.0856 2476 nvsvc - ok 12:57:21.0966 2476 [ 0AEC60D3DB51C327E501FDEFE42EC4C1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:57:22.0075 2476 nvUpdatusService - ok 12:57:22.0215 2476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:57:22.0231 2476 nv_agp - ok 12:57:22.0278 2476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:57:22.0293 2476 ohci1394 - ok 12:57:22.0340 2476 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:57:22.0458 2476 ose - ok 12:57:22.0875 2476 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:57:23.0156 2476 osppsvc - ok 12:57:23.0371 2476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:57:23.0578 2476 p2pimsvc - ok 12:57:23.0671 2476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 12:57:23.0718 2476 p2psvc - ok 12:57:23.0796 2476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 12:57:23.0843 2476 Parport - ok 12:57:23.0905 2476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:57:23.0952 2476 partmgr - ok 12:57:24.0092 2476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:57:24.0155 2476 PcaSvc - ok 12:57:24.0280 2476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 12:57:24.0311 2476 pci - ok 12:57:24.0342 2476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 12:57:24.0358 2476 pciide - ok 12:57:24.0404 2476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 12:57:24.0439 2476 pcmcia - ok 12:57:24.0473 2476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 12:57:24.0506 2476 pcw - ok 12:57:24.0572 2476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:57:24.0623 2476 PEAUTH - ok 12:57:24.0795 2476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:57:24.0831 2476 PerfHost - ok 12:57:24.0872 2476 [ 2CECB15AC87B7869A40305221FD28F82 ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 12:57:24.0891 2476 PHCORE - ok 12:57:24.0965 2476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 12:57:25.0037 2476 pla - ok 12:57:25.0116 2476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:57:25.0177 2476 PlugPlay - ok 12:57:25.0233 2476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:57:25.0294 2476 PNRPAutoReg - ok 12:57:25.0326 2476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:57:25.0353 2476 PNRPsvc - ok 12:57:25.0472 2476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:57:25.0567 2476 PolicyAgent - ok 12:57:25.0602 2476 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 12:57:25.0642 2476 Power - ok 12:57:25.0766 2476 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 12:57:25.0982 2476 Power Manager DBC Service - ok 12:57:26.0011 2476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:57:26.0054 2476 PptpMiniport - ok 12:57:26.0064 2476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 12:57:26.0106 2476 Processor - ok 12:57:26.0132 2476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 12:57:26.0204 2476 ProfSvc - ok 12:57:26.0233 2476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:57:26.0279 2476 ProtectedStorage - ok 12:57:26.0302 2476 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 12:57:26.0326 2476 psadd - ok 12:57:26.0367 2476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:57:26.0444 2476 Psched - ok 12:57:26.0475 2476 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 12:57:26.0506 2476 PSI_SVC_2 - ok 12:57:26.0678 2476 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 12:57:26.0787 2476 PwmEWSvc - ok 12:57:26.0927 2476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 12:57:26.0990 2476 ql2300 - ok 12:57:27.0005 2476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 12:57:27.0021 2476 ql40xx - ok 12:57:27.0036 2476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 12:57:27.0068 2476 QWAVE - ok 12:57:27.0083 2476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:57:27.0114 2476 QWAVEdrv - ok 12:57:27.0130 2476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:57:27.0177 2476 RasAcd - ok 12:57:27.0208 2476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:57:27.0239 2476 RasAgileVpn - ok 12:57:27.0270 2476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 12:57:27.0317 2476 RasAuto - ok 12:57:27.0333 2476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:57:27.0395 2476 Rasl2tp - ok 12:57:27.0451 2476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 12:57:27.0507 2476 RasMan - ok 12:57:27.0555 2476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:57:27.0636 2476 RasPppoe - ok 12:57:27.0678 2476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:57:27.0723 2476 RasSstp - ok 12:57:27.0744 2476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:57:27.0794 2476 rdbss - ok 12:57:27.0809 2476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 12:57:27.0828 2476 rdpbus - ok 12:57:27.0852 2476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:57:27.0883 2476 RDPCDD - ok 12:57:27.0894 2476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:57:27.0936 2476 RDPENCDD - ok 12:57:27.0963 2476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:57:27.0993 2476 RDPREFMP - ok 12:57:28.0041 2476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:57:28.0112 2476 RDPWD - ok 12:57:28.0146 2476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:57:28.0178 2476 rdyboost - ok 12:57:28.0223 2476 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 12:57:28.0260 2476 RegSrvc - ok 12:57:28.0296 2476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:57:28.0386 2476 RemoteAccess - ok 12:57:28.0417 2476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:57:28.0496 2476 RemoteRegistry - ok 12:57:28.0517 2476 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 12:57:28.0555 2476 RFCOMM - ok 12:57:28.0572 2476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:57:28.0622 2476 RpcEptMapper - ok 12:57:28.0643 2476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 12:57:28.0678 2476 RpcLocator - ok 12:57:28.0767 2476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 12:57:28.0811 2476 RpcSs - ok 12:57:28.0866 2476 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys 12:57:28.0897 2476 RSP2STOR - ok 12:57:28.0946 2476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:57:28.0996 2476 rspndr - ok 12:57:29.0051 2476 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 12:57:29.0075 2476 RTL8167 - ok 12:57:29.0088 2476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 12:57:29.0106 2476 SamSs - ok 12:57:29.0133 2476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:57:29.0152 2476 sbp2port - ok 12:57:29.0171 2476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:57:29.0214 2476 SCardSvr - ok 12:57:29.0241 2476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:57:29.0307 2476 scfilter - ok 12:57:29.0345 2476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 12:57:29.0435 2476 Schedule - ok 12:57:29.0482 2476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 12:57:29.0513 2476 SCPolicySvc - ok 12:57:29.0529 2476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:57:29.0607 2476 SDRSVC - ok 12:57:29.0638 2476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:57:29.0685 2476 secdrv - ok 12:57:29.0700 2476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 12:57:29.0732 2476 seclogon - ok 12:57:29.0747 2476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 12:57:29.0810 2476 SENS - ok 12:57:29.0841 2476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:57:29.0934 2476 SensrSvc - ok 12:57:29.0950 2476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 12:57:30.0012 2476 Serenum - ok 12:57:30.0090 2476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 12:57:30.0137 2476 Serial - ok 12:57:30.0153 2476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 12:57:30.0200 2476 sermouse - ok 12:57:30.0246 2476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 12:57:30.0324 2476 SessionEnv - ok 12:57:30.0356 2476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:57:30.0371 2476 sffdisk - ok 12:57:30.0371 2476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:57:30.0402 2476 sffp_mmc - ok 12:57:30.0402 2476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:57:30.0474 2476 sffp_sd - ok 12:57:30.0498 2476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 12:57:30.0532 2476 sfloppy - ok 12:57:30.0611 2476 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:57:30.0681 2476 SharedAccess - ok 12:57:30.0731 2476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:57:30.0792 2476 ShellHWDetection - ok 12:57:30.0842 2476 [ 3FA2CBF653544AB4EC2249B6719A3C8E ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 12:57:30.0903 2476 Shockprf - ok 12:57:30.0943 2476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 12:57:30.0969 2476 SiSRaid2 - ok 12:57:30.0974 2476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 12:57:31.0001 2476 SiSRaid4 - ok 12:57:31.0033 2476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:57:31.0086 2476 Smb - ok 12:57:31.0122 2476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:57:31.0173 2476 SNMPTRAP - ok 12:57:31.0198 2476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 12:57:31.0231 2476 spldr - ok 12:57:31.0316 2476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 12:57:31.0388 2476 Spooler - ok 12:57:31.0553 2476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 12:57:31.0741 2476 sppsvc - ok 12:57:31.0789 2476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:57:31.0848 2476 sppuinotify - ok 12:57:31.0946 2476 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS 12:57:31.0987 2476 SRTSP - ok 12:57:32.0005 2476 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS 12:57:32.0022 2476 SRTSPX - ok 12:57:32.0044 2476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 12:57:32.0100 2476 srv - ok 12:57:32.0107 2476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:57:32.0143 2476 srv2 - ok 12:57:32.0156 2476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:57:32.0179 2476 srvnet - ok 12:57:32.0219 2476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:57:32.0275 2476 SSDPSRV - ok 12:57:32.0287 2476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:57:32.0325 2476 SstpSvc - ok 12:57:32.0332 2476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 12:57:32.0349 2476 stexstor - ok 12:57:32.0378 2476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 12:57:32.0420 2476 stisvc - ok 12:57:32.0535 2476 [ 289F4813EC8E844A18B5AAF64CDA428D ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 12:57:32.0586 2476 SUService - ok 12:57:32.0648 2476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 12:57:32.0673 2476 swenum - ok 12:57:32.0735 2476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 12:57:32.0797 2476 swprv - ok 12:57:32.0846 2476 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS 12:57:32.0912 2476 SymDS - ok 12:57:32.0964 2476 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS 12:57:33.0009 2476 SymEFA - ok 12:57:33.0040 2476 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 12:57:33.0093 2476 SymEvent - ok 12:57:33.0134 2476 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS 12:57:33.0158 2476 SymIRON - ok 12:57:33.0198 2476 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS 12:57:33.0229 2476 SymNetS - ok 12:57:33.0288 2476 [ 2765A6B5DFF317D15C2E03E5C25122ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 12:57:33.0325 2476 SynTP - ok 12:57:33.0391 2476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 12:57:33.0469 2476 SysMain - ok 12:57:33.0477 2476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:57:33.0508 2476 TabletInputService - ok 12:57:33.0539 2476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:57:33.0570 2476 TapiSrv - ok 12:57:33.0586 2476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 12:57:33.0633 2476 TBS - ok 12:57:33.0680 2476 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:57:33.0742 2476 Tcpip - ok 12:57:33.0773 2476 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:57:33.0820 2476 TCPIP6 - ok 12:57:33.0836 2476 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:57:33.0851 2476 tcpipreg - ok 12:57:33.0882 2476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:57:33.0929 2476 TDPIPE - ok 12:57:33.0945 2476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:57:33.0992 2476 TDTCP - ok 12:57:34.0007 2476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:57:34.0054 2476 tdx - ok 12:57:34.0070 2476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 12:57:34.0085 2476 TermDD - ok 12:57:34.0116 2476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 12:57:34.0163 2476 TermService - ok 12:57:34.0194 2476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 12:57:34.0210 2476 Themes - ok 12:57:34.0226 2476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 12:57:34.0272 2476 THREADORDER - ok 12:57:34.0288 2476 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 12:57:34.0304 2476 TPDIGIMN - ok 12:57:34.0319 2476 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 12:57:34.0366 2476 TPHDEXLGSVC - ok 12:57:34.0413 2476 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 12:57:34.0480 2476 TPHKLOAD - ok 12:57:34.0504 2476 [ 046A7B412E4E6C4A7B426441E143F0F2 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 12:57:34.0540 2476 TPHKSVC - ok 12:57:34.0579 2476 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 12:57:34.0621 2476 TPM - ok 12:57:34.0640 2476 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 12:57:34.0663 2476 TPPWRIF - ok 12:57:34.0699 2476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 12:57:34.0762 2476 TrkWks - ok 12:57:34.0802 2476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:57:34.0844 2476 TrustedInstaller - ok 12:57:34.0856 2476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:57:34.0897 2476 tssecsrv - ok 12:57:34.0935 2476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:57:34.0981 2476 TsUsbFlt - ok 12:57:34.0999 2476 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 12:57:35.0022 2476 TsUsbGD - ok 12:57:35.0052 2476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:57:35.0098 2476 tunnel - ok 12:57:35.0132 2476 [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys 12:57:35.0161 2476 TVTI2C - ok 12:57:35.0196 2476 [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys 12:57:35.0227 2476 tvtvcamd - ok 12:57:35.0239 2476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 12:57:35.0288 2476 uagp35 - ok 12:57:35.0308 2476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:57:35.0380 2476 udfs - ok 12:57:35.0408 2476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:57:35.0462 2476 UI0Detect - ok 12:57:35.0525 2476 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 12:57:35.0790 2476 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning 12:57:35.0790 2476 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1) 12:57:35.0806 2476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:57:35.0821 2476 uliagpkx - ok 12:57:35.0852 2476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:57:35.0868 2476 umbus - ok 12:57:35.0868 2476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 12:57:35.0899 2476 UmPass - ok 12:57:35.0977 2476 [ 30FF46EABCA1BB18E4F357492A8F7FC9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 12:57:36.0102 2476 UNS - ok 12:57:36.0118 2476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 12:57:36.0180 2476 upnphost - ok 12:57:36.0211 2476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:57:36.0258 2476 usbccgp - ok 12:57:36.0305 2476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:57:36.0352 2476 usbcir - ok 12:57:36.0367 2476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:57:36.0398 2476 usbehci - ok 12:57:36.0445 2476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:57:36.0523 2476 usbhub - ok 12:57:36.0523 2476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:57:36.0601 2476 usbohci - ok 12:57:36.0648 2476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:57:36.0695 2476 usbprint - ok 12:57:36.0742 2476 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 12:57:36.0788 2476 usbscan - ok 12:57:36.0820 2476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:57:36.0835 2476 USBSTOR - ok 12:57:36.0866 2476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:57:36.0913 2476 usbuhci - ok 12:57:36.0929 2476 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 12:57:36.0976 2476 usbvideo - ok 12:57:37.0022 2476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 12:57:37.0116 2476 UxSms - ok 12:57:37.0132 2476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 12:57:37.0147 2476 VaultSvc - ok 12:57:37.0178 2476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:57:37.0194 2476 vdrvroot - ok 12:57:37.0210 2476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 12:57:37.0256 2476 vds - ok 12:57:37.0288 2476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:57:37.0303 2476 vga - ok 12:57:37.0303 2476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 12:57:37.0350 2476 VgaSave - ok 12:57:37.0366 2476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:57:37.0381 2476 vhdmp - ok 12:57:37.0381 2476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 12:57:37.0397 2476 viaide - ok 12:57:37.0444 2476 [ A9BDE7317E68D497DEFAD1C84FBCFD24 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe 12:57:37.0498 2476 VIPAppService - ok 12:57:37.0514 2476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:57:37.0531 2476 volmgr - ok 12:57:37.0550 2476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:57:37.0573 2476 volmgrx - ok 12:57:37.0579 2476 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:57:37.0601 2476 volsnap - ok 12:57:37.0625 2476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 12:57:37.0644 2476 vsmraid - ok 12:57:37.0821 2476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 12:57:37.0964 2476 VSS - ok 12:57:37.0984 2476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 12:57:38.0038 2476 vwifibus - ok 12:57:38.0066 2476 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 12:57:38.0098 2476 vwififlt - ok 12:57:38.0118 2476 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 12:57:38.0148 2476 vwifimp - ok 12:57:38.0216 2476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 12:57:38.0275 2476 W32Time - ok 12:57:38.0337 2476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 12:57:38.0378 2476 WacomPen - ok 12:57:38.0406 2476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:57:38.0442 2476 WANARP - ok 12:57:38.0445 2476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:57:38.0477 2476 Wanarpv6 - ok 12:57:38.0524 2476 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:57:38.0758 2476 WatAdminSvc - ok 12:57:38.0805 2476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 12:57:38.0899 2476 wbengine - ok 12:57:38.0914 2476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:57:38.0945 2476 WbioSrvc - ok 12:57:38.0961 2476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:57:38.0992 2476 wcncsvc - ok 12:57:39.0023 2476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:57:39.0117 2476 WcsPlugInService - ok 12:57:39.0133 2476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 12:57:39.0148 2476 Wd - ok 12:57:39.0179 2476 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:57:39.0211 2476 Wdf01000 - ok 12:57:39.0226 2476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:57:39.0351 2476 WdiServiceHost - ok 12:57:39.0351 2476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:57:39.0382 2476 WdiSystemHost - ok 12:57:39.0413 2476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 12:57:39.0487 2476 WebClient - ok 12:57:39.0508 2476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:57:39.0559 2476 Wecsvc - ok 12:57:39.0577 2476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:57:39.0615 2476 wercplsupport - ok 12:57:39.0644 2476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 12:57:39.0683 2476 WerSvc - ok 12:57:39.0723 2476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:57:39.0782 2476 WfpLwf - ok 12:57:39.0803 2476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:57:39.0818 2476 WIMMount - ok 12:57:39.0850 2476 WinDefend - ok 12:57:39.0853 2476 WinHttpAutoProxySvc - ok 12:57:39.0907 2476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:57:39.0959 2476 Winmgmt - ok 12:57:40.0089 2476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 12:57:40.0176 2476 WinRM - ok 12:57:40.0236 2476 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 12:57:40.0268 2476 WinUsb - ok 12:57:40.0297 2476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 12:57:40.0358 2476 Wlansvc - ok 12:57:40.0409 2476 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 12:57:40.0445 2476 wlcrasvc - ok 12:57:40.0666 2476 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:57:40.0790 2476 wlidsvc - ok 12:57:40.0822 2476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 12:57:40.0868 2476 WmiAcpi - ok 12:57:40.0931 2476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:57:40.0993 2476 wmiApSrv - ok 12:57:41.0040 2476 WMPNetworkSvc - ok 12:57:41.0087 2476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:57:41.0196 2476 WPCSvc - ok 12:57:41.0212 2476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:57:41.0243 2476 WPDBusEnum - ok 12:57:41.0258 2476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:57:41.0290 2476 ws2ifsl - ok 12:57:41.0321 2476 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 12:57:41.0352 2476 wscsvc - ok 12:57:41.0352 2476 WSearch - ok 12:57:41.0430 2476 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 12:57:41.0543 2476 wuauserv - ok 12:57:41.0566 2476 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:57:41.0625 2476 WudfPf - ok 12:57:41.0656 2476 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:57:41.0699 2476 WUDFRd - ok 12:57:41.0727 2476 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:57:41.0789 2476 wudfsvc - ok 12:57:41.0822 2476 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll 12:57:41.0877 2476 WwanSvc - ok 12:57:42.0079 2476 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 12:57:42.0163 2476 ZeroConfigService - ok 12:57:42.0188 2476 ================ Scan global =============================== 12:57:42.0205 2476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 12:57:42.0242 2476 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 12:57:42.0253 2476 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 12:57:42.0269 2476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 12:57:42.0295 2476 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 12:57:42.0302 2476 [Global] - ok 12:57:42.0302 2476 ================ Scan MBR ================================== 12:57:42.0315 2476 [ 98444C06AC71883C0421884742A38752 ] \Device\Harddisk0\DR0 12:57:43.0602 2476 \Device\Harddisk0\DR0 - ok 12:57:43.0608 2476 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 12:57:43.0682 2476 \Device\Harddisk1\DR1 - ok 12:57:43.0688 2476 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4 12:57:43.0778 2476 \Device\Harddisk2\DR4 - ok 12:57:43.0839 2476 [ 8D3131581627E5B7851CCDEF4CDDF062 ] \Device\Harddisk3\DR5 12:57:50.0451 2476 \Device\Harddisk3\DR5 - ok 12:57:50.0451 2476 ================ Scan VBR ================================== 12:57:50.0483 2476 [ 94C0BE14F4C2A88F32A1B552597A702D ] \Device\Harddisk0\DR0\Partition1 12:57:50.0483 2476 \Device\Harddisk0\DR0\Partition1 - ok 12:57:50.0498 2476 [ 2DA222FD4C190EE42D0EC6955ED44B76 ] \Device\Harddisk0\DR0\Partition2 12:57:50.0498 2476 \Device\Harddisk0\DR0\Partition2 - ok 12:57:50.0529 2476 [ 1CF38BB1A24125CA0FCF33817BACB0F7 ] \Device\Harddisk0\DR0\Partition3 12:57:50.0545 2476 \Device\Harddisk0\DR0\Partition3 - ok 12:57:50.0545 2476 [ 0EFE582A448E4683A6BC86F21BC3DE74 ] \Device\Harddisk2\DR4\Partition1 12:57:50.0545 2476 \Device\Harddisk2\DR4\Partition1 - ok 12:57:50.0545 2476 ============================================================ 12:57:50.0545 2476 Scan finished 12:57:50.0545 2476 ============================================================ 12:57:50.0561 3028 Detected object count: 1 12:57:50.0561 3028 Actual detected object count: 1 12:58:10.0739 3028 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user 12:58:10.0739 3028 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip |
07.01.2013, 16:38 | #8 | |
/// Malware-holic | GVU-Trojaner eingefangen Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.01.2013, 22:38 | #9 |
| GVU-Trojaner eingefangen Hier das Logfile: ComboFix 13-01-06.01 - Forrest 07.01.2013 20:56:10.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3690.1465 [GMT 1:00] ausgeführt von:: C:\Users\Forrest\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\Roaming C:\Users\Forrest\4.0 C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\042f66a0\00beb143_af32cd01\Groupon.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\05f19f73\00809d4f_af32cd01\Skype.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\096cf9e9\00cf9436_af32cd01\DefaultTheme.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\129d664f\00beb143_af32cd01\Kayak.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\1fe80e8f\00263b4d_af32cd01\MessageCenterPlus.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\25c2ee83\003ada2b_af32cd01\WirelessApi.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\2c02c8a5\0056283a_af32cd01\EvernoteLauncher.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\37480ae9\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\410f27e1\00e169d7_ea00cd01\SugarSync.SimpleTapAddons.FileManager.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\4cc8602a\00809d4f_af32cd01\Wikipedia.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\6cd84186\00ccd84a_af32cd01\LenovoTV.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\803323a9\00671b6a_cde0cc01\NewsTile.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8712ad3f\0029f738_af32cd01\Chrome.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8a53ca3b\00e07729_af32cd01\DisplayBrightnessApi.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8eab25f7\0056283a_af32cd01\InternetExplorer.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\97b7f1ae\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\9e034a81\00b34628_af32cd01\CoreAudioApi.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a6f05eb8\00bc6f59_da08cd01\Flickr.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a7bb6c4e\00536c4e_af32cd01\MSOffice.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a7dc7db5\00b08a3c_af32cd01\SimpleTapAppStoreAddon.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\ad15a5ea\00ebe244_af32cd01\LenovoMusic.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\b4736027\0083593b_af32cd01\AccuWeatherTile.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\b7f47784\00480133_af32cd01\ScreenRotate.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\bc35f49e\007fe0f8_d908cd01\KeyboardLightApi.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\e1e2923e\00753234_af32cd01\Biztree.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\e610f86c\0083593b_af32cd01\PriceGrabber.dll C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\f6caaded\00727648_af32cd01\LenovoSolutionCenter.dll Q:\Autorun.inf ((((((((((((((((((((((( Dateien erstellt von 2012-12-07 bis 2013-01-07 )))))))))))))))))))))))))))))) 2013-01-07 20:32:01 . 2013-01-07 20:32:01 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D459D3-3BAD-4372-9BC3-D1C905CE11EA}\offreg.dll 2013-01-07 20:28:27 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D459D3-3BAD-4372-9BC3-D1C905CE11EA}\mpengine.dll 2013-01-07 20:27:11 . 2013-01-07 20:27:11 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2013-01-07 20:27:11 . 2013-01-07 20:27:11 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-01-06 18:24:15 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-03 15:35:18 . 2013-01-03 15:35:49 -------- d-----w- C:\Program Files (x86)\Chemie_Aber_Sicher 2012-12-31 12:09:45 . 2012-12-31 12:10:27 -------- d-----w- C:\Users\Forrest\.tfo4 2012-12-29 22:20:56 . 2012-12-29 22:20:57 -------- d-----w- C:\Windows\SysWow64\Wat 2012-12-29 22:20:56 . 2012-12-29 22:20:56 -------- d-----w- C:\Windows\system32\Wat 2012-12-28 18:15:39 . 2012-12-28 18:35:32 -------- d-----w- C:\_OTL 2012-12-23 11:59:48 . 2012-12-23 11:59:48 -------- d-----w- C:\Users\Forrest\AppData\Local\Macromedia 2012-12-22 21:40:20 . 2012-12-22 21:40:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-22 21:40:20 . 2012-12-22 21:40:20 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-22 21:40:17 . 2012-12-22 21:40:17 -------- d-----w- C:\Windows\system32\Macromed 2012-12-21 17:21:43 . 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\system32\atmlib.dll 2012-12-21 17:21:43 . 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\system32\atmfd.dll 2012-12-21 17:21:43 . 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 17:21:42 . 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-12 14:30:49 . 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-12-13 16:37:07 . 2012-11-21 16:03:51 67413224 ----a-w- C:\Windows\system32\MRT.exe 2012-11-28 18:42:29 . 2012-11-28 18:43:18 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67EECF66-4B91-4426-99E2-D78F04B5F30E}\gapaengine.dll 2012-11-21 16:24:42 . 2012-11-21 16:24:42 53248 ----a-r- C:\Users\Forrest\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe 2012-11-21 16:24:38 . 2012-11-21 16:24:38 53248 ----a-r- C:\Users\Forrest\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe 2012-11-14 21:58:38 . 2012-11-14 21:59:07 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-17 00:31:24 . 2012-11-10 12:15:38 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76CBF6AC-C07B-4808-9A6A-5174479299A4}\mpengine.dll 2012-10-16 08:38:37 . 2012-11-28 18:35:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 . 2012-11-28 18:35:56 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 . 2012-11-28 18:35:56 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 23:46:28 1521352] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-10-16 23:46:28 1521352 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 23:46:28 1521352] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 09:51:50 39408] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 19:03:48 719672] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 22:49:08 133400] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 19:59:50 291608] "RotateImage"="C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 13:24:26 55808] "PWMTRV"="C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 05:32:00 5941344] "Fastboot"="C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 06:29:21 1091376] "Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 15:24:30 4351712] "IntelSBA"="C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 11:03:46 55520] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520] "ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2012-10-16 23:46:34 1573576] C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576] R2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 12:28:32 145472] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 10:32:40 195584] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 17:55:22 1304912] R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys [2011-03-30 00:57:24 87552] R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2011-03-30 00:57:24 14592] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys [2011-11-30 09:19:46 94720] R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-30 09:19:48 747008] R3 ibtfltcoex;ibtfltcoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 10:38:56 60928] R3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys [2011-12-20 15:38:36 34200] R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 17:33:04 237008] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 03:07:42 273168] R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 05:32:00 1662560] R3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 05:32:00 1665120] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-29 22:20:54 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184] S0 Fastboot;Fastboot;C:\Windows\System32\DRIVERS\Fastboot.sys [2012-01-17 06:55:19 70416] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 19:58:50 16152] S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-12-24 15:19:00 28992] S0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 20:48:24 25416] S1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 18:40:02 33344] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 10:39:44 659968] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 17:55:18 1014096] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 17:55:24 1104208] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 14:12:28 135952] S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 18:11:05 8447848] S2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 06:29:24 169776] S2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2012-08-09 02:27:56 328552] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 20:29:52 628448] S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 22:49:08 128280] S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 11:01:00 49376] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 22:49:04 163608] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 16:42:36 58192] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 07:53:26 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 16:42:50 61264] S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 16:43:00 175440] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 07:54:00 133992] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 10:26:32 103472] S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 02:24:19 138272] S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 21:03:48 128456] S2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 07:53:42 145256] S2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 10:20:42 144960] S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 22:49:18 363800] S2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 03:41:54 84080] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 03:07:52 2669840] S3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys [2012-03-28 12:16:48 216704] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 10:32:40 195584] S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-08-31 22:09:13 1385120] S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 04:43:38 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-15 11:09:45 138912] S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSvia64.sys [2012-08-31 22:32:30 513184] S3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 11:23:10 331264] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 19:58:50 355096] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 19:58:50 786200] S3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys [2011-12-20 15:38:36 25496] S3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 20:21:48 368896] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 02:27:52 259688] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 12:57:24 565352] S3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 18:18:36 451192] S3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 01:37:12 1129120] S3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 01:42:14 190072] S3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 02:13:32 405624] S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 10:48:04 40248] S3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 16:59:52 27432] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - WS2IFSL Inhalt des "geplante Tasks" Ordners 2013-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 09:51:29 . 2012-07-06 09:51:28] 2013-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 09:51:29 . 2012-07-06 09:51:28] 2013-01-07 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41:18 . 2011-11-25 11:41:18] 2012-11-17 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41:18 . 2011-11-25 11:41:18] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-02-09 07:10:16 398616] "Persistence"="C:\Windows\system32\igfxpers.exe" [2012-02-09 07:10:22 440600] "BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 13:23:52 177936] "BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 17:54:38 11406608] "TpShocks"="TpShocks.exe" [2012-09-20 18:44:42 228744] "LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 16:42:54 283984] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 20:16:10 1289704] "AcWin7Hlpr"="C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 07:10:52 63376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=C:\Windows\System32\nvinitx.dll ------- Zusätzlicher Suchlauf ------- uStart Page = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9BF20AEC-2AC9-42DB-9016-F9982AB1877E}: NameServer = 213.191.74.12 62.109.123.254 FF - ProfilePath - C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=KW_ss&mntrId=de8ad114000000000000000000000000&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-11-23 23:28; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF - ExtSQL: 2012-11-23 23:34; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor FF - ExtSQL: 2012-11-24 10:56; toolbar@ask.com; C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\toolbar@ask.com FF - ExtSQL: 2012-12-22 22:36; ich@maltegoetz.de; C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\ich@maltegoetz.de FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514 FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514 FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=de8ad114000000000000b888e3337514&q= FF - user.js: extensions.zonealarm.id - de8ad114000000000000b888e3337514 FF - user.js: extensions.zonealarm.instlDay - 15589 FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4 FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:37:10 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN114597794683869-1001 FF - user.js: extensions.zonealarm.dfltLng - de FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=de8ad114000000000000000000000000&q= FF - user.js: extensions.BabylonToolbar.id - de8ad114000000000000000000000000 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15675 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:45:38 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false - - - - Entfernte verwaiste Registrierungseinträge - - - - Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe Wie gehts weiter? |
08.01.2013, 19:14 | #10 |
/// Malware-holic | GVU-Trojaner eingefangen combofix log ist nicht vollständig, hänge das mal als txt an. danach: malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.01.2013, 00:16 | #11 |
| GVU-Trojaner eingefangen Hi, das ist das einzige logfile das ich von combofix habe. Meinst Du mit "häng das mal als txt an", dass ich es auf den Uploadchannel laden soll? Falls ja, ist hiermit gemacht. Hier nun noch das logfile von Malwarebytes: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.08.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Forrest :: FORREST-THINK [Administrator] Schutz: Aktiviert 08.01.2013 23:07:44 mbam-log-2013-01-08 (23-07-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372466 Laufzeit: 51 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ist combofix nicht vollständig gelaufen? Ist der Laptop sauber? Oder wie gehts weiter? Aber erstmal nochmal vielen Dank für Deine Hilfe... |
09.01.2013, 00:18 | #12 |
/// Malware-holic | GVU-Trojaner eingefangen Hi passt. wir sind schon fast durch lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.01.2013, 16:23 | #13 |
| GVU-Trojaner eingefangen die meisten Programme sind mir leider unbekannt bzw. ich weiß, dass sie auf meinem Laptop sind, weiß aber nicht, was deren Zweck ist bzw. falls doch, ob die Programme sinnvoll/notwendig sind. Bei den Anti-Viren-Programmen etc weiß ich nicht, welche gut sind. Hast du da bestimmte Favoriten/Tipps? Absolute Reminder Absolute Software 06.07.2012 988KB 2.0.0.19 unbekannt Adobe AIR Adobe Systems Incorporated 10.11.2012 3.5.0.600 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 06.07.2012 1,85MB 10.0.32.18 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 22.12.2012 6,00MB 11.5.502.135 unbekannt Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 07.09.2012 121MB 10.1.4 benötigt Anzeige am Bildschirm 21.11.2012 7.01.00 unbekannt Ask Toolbar Ask.com 24.11.2012 5,01MB 1.15.9.0 unnötig Ask Toolbar Updater Ask.com 24.11.2012 1.2.3.29495 unnötig Babylon toolbar BabylonToolbar 01.12.2012 unnötig CCleaner Piriform 19.12.2012 3.26 unbekannt Chemie_Aber_Sicher Version 1.0 Marco Korn 03.01.2013 403MB 1.0 notwendig Conexant HD Audio Conexant 27.11.2012 8.54.32.50 unbekannt Corel Burn.Now Lenovo Edition Corel Corporation 06.07.2012 82,3MB 4.5.0 unbekannt Corel DVD MovieFactory Lenovo Edition Corel Corporation 06.07.2012 318MB 7.0.0 unbekannt Corel WinDVD Corel Inc. 06.07.2012 302MB 10.0.6.334 unbekannt Create Recovery Media Lenovo Group Limited 06.07.2012 8,08MB 1.20.0.00 unbekannt DisplayLink Core Software DisplayLink Corp. 06.07.2012 20,3MB 6.1.35392.0 unbekannt Dropbox Dropbox, Inc. 31.12.2012 1.6.11 notwendig Elemente Chemie Arbeitsblätter 1 Ernst Klett Verlag GmbH 06.09.2012 240MB notwendig Elemente Chemie Arbeitsblätter 2 deinstallieren Ernst Klett Verlag GmbH 06.09.2012 295MB notwendig Energie-Manager 21.11.2012 6.32 unbekannt Evernote v. 4.2.3 Evernote Corp. 06.07.2012 139MB 4.2.3.15 unbekannt Fingerprint Reader AuthenTec, Inc. 21.11.2012 120MB 5.4.100.233 unnötig Google Chrome Google Inc. 06.07.2012 23.0.1271.97 notwendig Google Toolbar for Internet Explorer Google Inc. 10.11.2012 7.4.3230.2052 unnötig Integrated Camera Driver Installer Package Ver.1.2.1.18 RICOH 21.11.2012 1.2.1.18 unbekannt Intel(R) Control Center Intel Corporation 06.07.2012 1.2.1.1007 unbekannt Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 06.07.2012 54,8MB 1.0.0.35342 unbekannt Intel(R) Management Engine Components Intel Corporation 06.07.2012 8.0.4.1441 unbekannt Intel(R) OpenCL CPU Runtime Intel Corporation 06.07.2012 unbekannt Intel(R) Processor Graphics Intel Corporation 06.07.2012 8.15.10.2639 unbekannt Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel Corporation 06.07.2012 5,30MB 15.1.0.0096 unbekannt Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 06.07.2012 95,2MB 2.1.0.0140 unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 06.07.2012 1.0.1.209 unbekannt Intel(R) WiDi Intel Corporation 06.07.2012 141MB 3.0.12.0 unbekannt Intel® PROSet/Wireless WiFi-Software Intel Corporation 06.07.2012 181MB 15.01.0000.0830 unbekannt Intel® Trusted Connect Service Client Intel Corporation 06.07.2012 10,6MB 1.23.605.1 unbekannt Java 7 Update 9 Oracle 07.09.2012 128MB 7.0.90 unbekannt Klett Service-CD Lambacher Schweizer 06.09.2012 notwendig Lenovo Auto Scroll Utility 06.07.2012 1.11 unbekannt Lenovo Graphics Software Lenovo 06.07.2012 4,00KB 6.1.35401.0 unbekannt Lenovo Patch Utility Lenovo Group Limited 21.11.2012 1,33MB 1.3.0.9 unbekannt Lenovo Patch Utility 64 bit Lenovo Group Limited 21.11.2012 1,64MB 1.3.0.9 unbekannt Lenovo Power Management Driver 21.11.2012 1.65.05.21 unbekannt Lenovo Registration Lenovo Inc. 06.07.2012 4,13MB 1.0.4 unbekannt Lenovo SimpleTap Lenovo Group Limited 06.09.2012 30,7MB 3.2.0004.00 unbekannt Lenovo Solution Center Lenovo Group Limited 15.12.2012 25,5MB 2.0.013.00 unbekannt Lenovo Solutions for Small Business Intel(R) Corporation 06.07.2012 33,2MB unbekannt Lenovo Solutions for Small Business Customizations Lenovo Group Limited 06.07.2012 5,14MB 1.0.0006.00 unbekannt Lenovo System Update Lenovo 25.11.2012 12,7MB 5.00.0019 unbekannt Lenovo User Guide Lenovo Group Limited 06.07.2012 606KB 1.0.0009.00 unbekannt Lenovo Warranty Information Lenovo 06.07.2012 861KB 1.0.0005.00 unnötig Lenovo Welcome Lenovo Group Limited 06.07.2012 9,21MB 3.1.0012.00 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 08.01.2013 18,4MB 1.70.0.1100 unbekannt McAfee Security Scan Plus McAfee, Inc. 21.09.2012 10,2MB 3.0.207.4 unnötig McAfee SiteAdvisor McAfee, Inc. 29.09.2012 3.5.229 unnötig Message Center Plus Lenovo Group Limited 06.07.2012 3,81MB 3.0.0012.00 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.12.2011 38,8MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 06.07.2012 6,40MB 14.0.4763.1000 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 06.09.2012 14.0.6029.1000 notwendig Microsoft Security Essentials Microsoft Corporation 10.11.2012 4.1.522.0 notwendig Microsoft Silverlight Microsoft Corporation 06.09.2012 40,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.07.2012 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.09.2012 298KB 8.0.61001 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.07.2012 708KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 06.07.2012 252KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.07.2012 784KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.09.2012 786KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.07.2012 596KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.07.2012 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.09.2012 598KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 06.07.2012 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.07.2012 11,1MB 10.0.40219 unbekannt MixPad NCH Software 01.12.2012 unbekannt Mozilla Firefox 15.0 (x86 en-US) Mozilla 06.09.2012 39,0MB 15.0 unnötig Mozilla Firefox 17.0.1 (x86 en-US) Mozilla 24.12.2012 56,3MB 17.0.1 unnötig Mozilla Maintenance Service Mozilla 24.12.2012 329KB 17.0.1 unnötig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.09.2012 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.09.2012 1,33MB 4.20.9876.0 unbekannt Norton Internet Security Symantec Corporation 06.09.2012 19.9.0.9 unbekannt NVIDIA Grafiktreiber 290.56 NVIDIA Corporation 06.07.2012 290.56 notwendig NVIDIA PhysX-Systemsoftware 9.11.1111 NVIDIA Corporation 06.07.2012 9.11.1111 unbekannt NVIDIA Update 1.6.24 NVIDIA Corporation 06.07.2012 1.6.24 unbekannt PhotoStage Slideshow Producer NCH Software 01.12.2012 unbekannt Prism Video File Converter NCH Software 01.12.2012 unbekannt RapidBoot Lenovo 06.07.2012 23,3MB 1.20 unbekannt RapidBoot HDD Accelerator Lenovo 06.07.2012 1.00.0802 unbekannt Realtek Ethernet Controller Driver Realtek 06.07.2012 7.48.823.2011 unbekannt Realtek PCIE Card Reader Realtek Semiconductor Corp. 06.07.2012 6.1.7601.29005 unbekannt Rund um ... Chemie heute SI (Teil 1) Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH 06.09.2012 211MB 1.00.0000 notwendig SugarSync Manager SugarSync, Inc. 06.07.2012 1.9.51.86909 unbekannt ThinkPad UltraNav Driver 06.07.2012 46,4MB 16.0.5.2 unbekannt ThinkVantage Access Connections Lenovo 21.11.2012 81,9MB 5.97 unbekannt ThinkVantage Communications Utility Lenovo 21.11.2012 20,3MB 3.0.34.0 unbekannt ThinkVantage System für aktiven Festplattenschutz Lenovo 24.11.2012 16,4MB 1.77.0.9 unbekannt VideoPad Video Editor NCH Software 01.12.2012 notwendig VIP Access VeriSign 06.07.2012 35,8MB 2.0.5.11 unbekannt VLC media player 2.0.3 VideoLAN 07.09.2012 2.0.3 notwendig WavePad Sound Editor NCH Software 01.12.2012 unbekannt Windows Live Essentials Microsoft Corporation 06.07.2012 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 06.07.2012 5,57MB 15.4.5722.2 unbekannt Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) Intel 06.07.2012 11/29/2011 11.0.0.1032 unbekannt Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) Lenovo 06.07.2012 02/29/2012 1.65.05.20 unbekannt Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2) Synaptics 06.07.2012 04/02/2012 16.0.5.2 unbekannt |
09.01.2013, 16:26 | #14 |
/// Malware-holic | GVU-Trojaner eingefangen deinstaliere: Absolute Reminder Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ask : alle Babylon Corel : alle Fingerprint Google Toolbar Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren Deinstaliere: McAfee : alle Norton PhotoStage Prism SugarSync WavePad Windows Live : alle für dich unnötigen Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.01.2013, 17:44 | #15 |
| GVU-Trojaner eingefangen # AdwCleaner v2.105 - Datei am 09/01/2013 um 17:43:24 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Forrest - FORREST-THINK # Bootmodus : Normal # Ausgeführt unter : C:\Users\Forrest\Desktop\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\searchplugins\Askcom.xml Datei Gefunden : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\searchplugins\zonealarm.xml Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\Forrest\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKU\S-1-5-21-2873345013-2306711166-1285330114-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000 -\\ Mozilla Firefox v15.0 (en-US) Datei : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\prefs.js Gefunden : user_pref("browser.search.defaultengine", "Ask.com"); Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_s[...] Gefunden : user_pref("extensions.BabylonToolbar.admin", false); Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false); Gefunden : user_pref("extensions.BabylonToolbar.id", "de8ad114000000000000000000000000"); Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15675"); Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=4812_[...] Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:45:38"); -\\ Google Chrome v23.0.1271.97 Datei : C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000", Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000" ] Gefunden [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico", Gefunden [l.47] : keyword = "babylon.com", Gefunden [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000", Gefunden [l.1513] : homepage = "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000", Gefunden [l.1799] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000" ] ************************* AdwCleaner[R1].txt - [5549 octets] - [09/01/2013 17:43:24] ########## EOF - C:\AdwCleaner[R1].txt - [5609 octets] ########## |
Themen zu GVU-Trojaner eingefangen |
autorun, babylontoolbar, bho, browser, error, festplatte, firefox, flash player, format, home, install.exe, internet, lenovo, logfile, mozilla, nvidia update, nvpciflt.sys, object, plug-in, pwmtr64v.dll, realtek, registry, rundll, scan, search the web, security, senden, siteadvisor, software, svchost.exe, symantec, usb, windows |