| |
| |||||||
Log-Analyse und Auswertung: Avira findet W32/Patched.UC in C:\windows\system32\services.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.01.2013, 05:32
| #1 |
 |  Avira findet W32/Patched.UC in C:\windows\system32\services.exe Hallo, wie im Titel gesagt hab ich mir anscheinend W32/Patched.UC eingefangen. Ein Scan mit MBAM fand dann dies: C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. Hier die Logs: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 3. Januar 2013 04:24
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ********
Computername : ********-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 15:35:15
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 15:35:15
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 15:36:20
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 14:52:45
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 14:52:44
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 14:52:45
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 14:52:45
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:16:25
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 12:16:26
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 12:16:26
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 12:16:26
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 12:16:26
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 12:16:26
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 12:16:27
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 01:19:54
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 13:22:21
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 12:28:55
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 21:48:41
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 21:48:45
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 11:53:49
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:47:48
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 18:47:48
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:47:51
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 20:52:43
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 19:33:43
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 21:10:36
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 14:28:56
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 22:02:10
VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 16:43:15
VBASE029.VDF : 7.11.55.1 300032 Bytes 28.12.2012 20:17:23
VBASE030.VDF : 7.11.55.2 2048 Bytes 28.12.2012 20:17:23
VBASE031.VDF : 7.11.55.48 96256 Bytes 30.12.2012 21:42:51
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 20.12.2012 21:59:03
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 22:53:41
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 12:21:07
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 21:59:02
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 17:07:07
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 20.12.2012 21:59:02
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 22:53:41
AEEXP.DLL : 8.3.0.4 184692 Bytes 20.12.2012 21:59:03
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 22:53:40
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 17:07:03
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 15:35:14
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 14:52:45
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 15:35:09
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 15:35:12
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 15:36:20
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 15:35:09
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 15:35:09
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 3. Januar 2013 04:24
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '220' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'OnekeyStudio.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Management.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'OnekeySupport.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PManage.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'UI0Detect.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '49' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\windows\system32\services.exe>
[FUND] Enthält Code des Windows-Virus W32/Patched.UC
[WARNUNG] Die Datei wurde auf Nachfrage nicht repariert!
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Ende des Suchlaufs: Donnerstag, 3. Januar 2013 04:26
Benötigte Zeit: 01:07 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
4995 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
4994 Dateien ohne Befall
34 Archive wurden durchsucht
1 Warnungen
0 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ******** :: ********-PC [Administrator] 03.01.2013 04:08:39 MBAM-log-2013-01-03 (04-10-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225687 Laufzeit: 1 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 03.01.2013 04:28:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\********\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,81% Memory free 7,83 Gb Paging File | 6,19 Gb Available in Paging File | 79,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 249,51 Gb Free Space | 59,15% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,59 Gb Free Space | 91,70% Space Free | Partition Type: NTFS Drive F: | 179,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ********-PC | User Name: ******** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.31 05:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\********\Downloads\OTL.exe PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.11 16:36:20 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 16:35:13 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 16:35:13 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.16 11:48:05 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2012.02.16 11:45:01 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.03.06 12:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.02.15 13:26:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2012.02.16 11:48:05 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2012.02.16 11:45:00 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2010.11.21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.11 11:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2010.11.11 11:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ========== Services (SafeList) ========== SRV - [2012.12.12 15:19:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 16:36:20 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 16:35:13 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.06 12:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.15 13:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 16:36:26 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:36:26 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.06.14 07:24:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 12:00:41 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.02.16 12:00:39 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.02.16 11:46:42 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.02.16 11:46:42 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.06 12:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.02.18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.02.15 07:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011.02.15 07:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.02.15 07:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.02.15 07:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.02.15 07:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.22 13:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.28 11:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.05.31 04:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_en IE - HKCU\..\SearchScopes\{FAE90692-D318-47E9-9139-A481EED21BBF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=05C56CD4-5455-4CA0-A207-725961EE0CD9&apn_sauid=1630E9EC-C0A9-4A3D-BB86-DAF6479B5FEF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB99F211-E421-44CC-9952-364F4F16BDE7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D02FBB29-E1FE-4BB9-A4E1-D0D6670B1DAA}: DhcpNameServer = 172.168.123.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 04:00:28 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Google [2012.12.31 06:02:47 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2012.12.31 05:51:53 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Malwarebytes [2012.12.31 05:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.31 05:51:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.31 05:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.31 05:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.31 05:51:19 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Programs [2012.12.31 03:12:04 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Giana Sisters - Twisted Dreams [2012.12.31 03:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Forest Games [2012.12.23 15:16:16 | 000,000,000 | ---D | C] -- C:\Users\********\Desktop\Neuer Ordner [2012.12.15 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Outlook Files [2012.12.15 18:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012.12.15 18:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.12.15 18:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.12.15 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2012.12.15 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.12.15 18:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.12.15 18:04:02 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.12.15 15:31:00 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Bewerbung [2012.12.12 15:20:20 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Epigenetik ========== Files - Modified Within 30 Days ========== [2013.01.03 04:19:08 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.03 03:59:10 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.03 03:41:05 | 001,499,844 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.03 03:41:05 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.03 03:41:05 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.03 03:41:05 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.03 03:41:05 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.03 03:40:01 | 000,000,168 | ---- | M] () -- C:\Users\********\defogger_reenable [2013.01.03 03:36:42 | 000,050,477 | ---- | M] () -- C:\Users\********\Desktop\Defogger.exe [2013.01.03 03:36:09 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 03:36:09 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 03:28:55 | 000,127,381 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.01.03 03:28:33 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 03:28:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.03 03:28:08 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys [2012.12.31 05:51:37 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.31 05:01:22 | 000,000,658 | ---- | M] () -- C:\Users\********\Desktop\GSGameExe - Verknüpfung.lnk [2012.12.31 03:03:05 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Giana Sisters - Twisted Dreams.lnk [2012.12.29 22:42:10 | 000,000,985 | ---- | M] () -- C:\Users\********\Desktop\Shandalar - Verknüpfung.lnk [2012.12.27 01:03:45 | 000,001,055 | ---- | M] () -- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.27 01:03:37 | 000,001,029 | ---- | M] () -- C:\Users\********\Desktop\Dropbox.lnk [2012.12.21 17:37:45 | 000,475,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.11 16:36:26 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2012.12.11 16:36:26 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.01.03 03:40:01 | 000,000,168 | ---- | C] () -- C:\Users\********\defogger_reenable [2013.01.03 03:39:24 | 000,050,477 | ---- | C] () -- C:\Users\********\Desktop\Defogger.exe [2012.12.31 05:51:37 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.31 05:01:22 | 000,000,658 | ---- | C] () -- C:\Users\********\Desktop\GSGameExe - Verknüpfung.lnk [2012.12.31 03:03:05 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Giana Sisters - Twisted Dreams.lnk [2012.12.29 22:42:10 | 000,000,985 | ---- | C] () -- C:\Users\********\Desktop\Shandalar - Verknüpfung.lnk [2012.08.31 13:51:19 | 000,007,663 | ---- | C] () -- C:\Users\********\AppData\Roaming\.freeciv-client-rc-2.3 [2012.08.15 18:17:40 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.02.16 20:36:54 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll [2012.02.16 20:36:54 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll [2012.02.16 20:36:54 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll [2012.02.16 20:36:54 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll [2012.02.16 20:36:54 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll [2012.02.16 20:36:54 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll [2012.02.16 20:36:54 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE [2012.02.16 20:36:54 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS [2012.02.16 20:36:53 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe [2012.02.16 20:36:53 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe [2012.02.16 20:36:53 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE [2012.02.16 20:36:53 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys [2012.02.16 11:45:05 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012.02.16 11:45:05 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012.02.16 11:45:05 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012.02.16 11:45:05 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012.02.16 11:44:59 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012.02.16 11:33:02 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe [2012.02.16 11:33:02 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe [2012.02.16 11:33:02 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini [2012.02.16 11:33:02 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini [2012.02.16 11:33:02 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini [2012.02.16 11:33:02 | 000,002,573 | ---- | C] () -- C:\windows\Remove.ini [2011.04.14 04:01:25 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.04.14 04:01:22 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.04.14 04:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.04.14 03:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\@ [2013.01.03 03:58:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\L [2012.12.31 05:52:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U [2013.01.03 03:28:18 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\L\00000004.@ [2012.12.31 05:09:17 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000004.@ [2012.12.31 05:09:18 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000008.@ [2012.12.31 05:09:17 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\000000cb.@ [2012.12.31 05:09:17 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000000.@ [2012.12.31 05:52:27 | 000,096,256 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000032.@ [2012.12.31 05:36:13 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000064.@ [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [2013.01.03 03:28:16 | 000,004,608 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini [2013.01.03 03:28:16 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.31 13:28:22 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\.freeciv [2012.06.14 07:27:54 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2013.01.03 03:29:02 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Dropbox [2012.12.10 14:07:19 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\IrfanView [2012.10.28 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\LibreOffice [2012.07.14 00:01:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2012.10.23 17:31:39 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Opera [2012.07.18 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\RStudio [2012.12.16 14:17:48 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\SoftGrid Client [2012.08.15 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TP [2012.12.31 02:41:45 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Ich bitte um Hilfe beim bereinigen. |
|
03.01.2013, 09:21
| #2 |
| /// Malwareteam    | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing-Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund, warum sich Malware so schnell verbreitet. Es ist also möglich, dass du Dir eine infizierte Datei herunterlädst. Du kannst niemals wissen, woher diese stammt. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media- und Entertainment-Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service, zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.
__________________ |
|
03.01.2013, 12:01
| #3 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Halllo Marius,
__________________und schon mal danke für die schnelle Hilfe. µtorrent hab ich deinstalliert und ich hab noch eine Frage: Wie kann ich den Rechner sicher hochfahren solange der Virus noch drauf ist? Bringt der abgesicherte Modus was? Router ausmachen? Wenn ich z.B. mit PartedMagic starte kann ich ja keine Windows Programme ausführen oder deinstallieren. |
|
03.01.2013, 12:18
| #4 |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Diesem Schädling ist auf diese Weise nicht beizukommen! Da müssen wir anders vorgehen... Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.01.2013, 12:50
| #5 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exeCode:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-03 12:27:50
-----------------------------
12:27:50.064 OS Version: Windows x64 6.1.7601 Service Pack 1
12:27:50.064 Number of processors: 4 586 0x2A07
12:27:50.064 ComputerName: ********-PC UserName: ********
12:27:51.154 Initialize success
12:31:00.182 AVAST engine defs: 13010300
12:31:27.684 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:31:27.694 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
12:31:27.744 Disk 0 MBR read successfully
12:31:27.744 Disk 0 MBR scan
12:31:27.754 Disk 0 Windows 7 default MBR code
12:31:27.764 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
12:31:27.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
12:31:27.794 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
12:31:27.824 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
12:31:27.864 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
12:31:27.904 Disk 0 scanning C:\windows\system32\drivers
12:31:36.106 Service scanning
12:32:03.286 Modules scanning
12:32:03.302 Disk 0 trace - called modules:
12:32:03.318 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:32:03.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065fd060]
12:32:03.333 3 CLASSPNP.SYS[fffff88001b9b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aff050]
12:32:05.439 AVAST engine scan C:\windows
12:32:08.294 AVAST engine scan C:\windows\system32
12:33:12.535 File: C:\windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
12:33:37.011 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:33:39.195 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:34:42.454 AVAST engine scan C:\windows\system32\drivers
12:34:53.514 AVAST engine scan C:\Users\********
12:39:17.654 AVAST engine scan C:\ProgramData
12:40:05.702 Scan finished successfully
12:40:26.216 Disk 0 MBR has been saved successfully to "C:\Users\********\Desktop\MBR.dat"
12:40:26.216 The log file has been saved successfully to "C:\Users\********\Desktop\aswMBR.txt"
Code:
ATTFilter
12:41:38.0177 5036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:41:38.0177 5036 ============================================================
12:41:38.0177 5036 Current date / time: 2013/01/03 12:41:38.0177
12:41:38.0177 5036 SystemInfo:
12:41:38.0177 5036
12:41:38.0177 5036 OS Version: 6.1.7601 ServicePack: 1.0
12:41:38.0177 5036 Product type: Workstation
12:41:38.0177 5036 ComputerName: ********-PC
12:41:38.0177 5036 UserName: ********
12:41:38.0177 5036 Windows directory: C:\windows
12:41:38.0177 5036 System windows directory: C:\windows
12:41:38.0177 5036 Running under WOW64
12:41:38.0177 5036 Processor architecture: Intel x64
12:41:38.0177 5036 Number of processors: 4
12:41:38.0177 5036 Page size: 0x1000
12:41:38.0177 5036 Boot type: Normal boot
12:41:38.0177 5036 ============================================================
12:41:38.0630 5036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:38.0630 5036 Drive \Device\Harddisk1\DR1 - Size: 0x7BC0000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:41:38.0645 5036 ============================================================
12:41:38.0645 5036 \Device\Harddisk0\DR0:
12:41:38.0645 5036 MBR partitions:
12:41:38.0645 5036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
12:41:38.0645 5036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
12:41:38.0661 5036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
12:41:38.0661 5036 \Device\Harddisk1\DR1:
12:41:38.0677 5036 MBR partitions:
12:41:38.0677 5036 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3DDE0
12:41:38.0677 5036 ============================================================
12:41:38.0723 5036 C: <-> \Device\Harddisk0\DR0\Partition2
12:41:38.0755 5036 D: <-> \Device\Harddisk0\DR0\Partition3
12:41:38.0755 5036 ============================================================
12:41:38.0755 5036 Initialize success
12:41:38.0755 5036 ============================================================
12:41:56.0679 1556 ============================================================
12:41:56.0679 1556 Scan started
12:41:56.0679 1556 Mode: Manual;
12:41:56.0679 1556 ============================================================
12:41:57.0100 1556 ================ Scan system memory ========================
12:41:57.0100 1556 System memory - ok
12:41:57.0100 1556 ================ Scan services =============================
12:41:57.0319 1556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
12:41:57.0319 1556 1394ohci - ok
12:41:57.0350 1556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
12:41:57.0366 1556 ACPI - ok
12:41:57.0381 1556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
12:41:57.0381 1556 AcpiPmi - ok
12:41:57.0412 1556 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
12:41:57.0412 1556 ACPIVPC - ok
12:41:57.0553 1556 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:57.0553 1556 AdobeARMservice - ok
12:41:57.0709 1556 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:41:57.0709 1556 AdobeFlashPlayerUpdateSvc - ok
12:41:57.0771 1556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
12:41:57.0787 1556 adp94xx - ok
12:41:57.0818 1556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
12:41:57.0834 1556 adpahci - ok
12:41:57.0849 1556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
12:41:57.0849 1556 adpu320 - ok
12:41:57.0896 1556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:41:57.0896 1556 AeLookupSvc - ok
12:41:57.0943 1556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
12:41:57.0958 1556 AFD - ok
12:41:57.0990 1556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
12:41:57.0990 1556 agp440 - ok
12:41:58.0005 1556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
12:41:58.0005 1556 ALG - ok
12:41:58.0036 1556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
12:41:58.0036 1556 aliide - ok
12:41:58.0036 1556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
12:41:58.0036 1556 amdide - ok
12:41:58.0068 1556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
12:41:58.0068 1556 AmdK8 - ok
12:41:58.0083 1556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
12:41:58.0083 1556 AmdPPM - ok
12:41:58.0099 1556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
12:41:58.0099 1556 amdsata - ok
12:41:58.0130 1556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
12:41:58.0130 1556 amdsbs - ok
12:41:58.0146 1556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:41:58.0146 1556 amdxata - ok
12:41:58.0239 1556 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:41:58.0239 1556 AntiVirSchedulerService - ok
12:41:58.0302 1556 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:41:58.0302 1556 AntiVirService - ok
12:41:58.0317 1556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
12:41:58.0333 1556 AppID - ok
12:41:58.0364 1556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:41:58.0364 1556 AppIDSvc - ok
12:41:58.0380 1556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
12:41:58.0380 1556 Appinfo - ok
12:41:58.0426 1556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
12:41:58.0426 1556 arc - ok
12:41:58.0442 1556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
12:41:58.0442 1556 arcsas - ok
12:41:58.0458 1556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:41:58.0458 1556 AsyncMac - ok
12:41:58.0504 1556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
12:41:58.0504 1556 atapi - ok
12:41:58.0536 1556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:41:58.0551 1556 AudioEndpointBuilder - ok
12:41:58.0582 1556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
12:41:58.0582 1556 AudioSrv - ok
12:41:58.0629 1556 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
12:41:58.0645 1556 avgntflt - ok
12:41:58.0676 1556 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
12:41:58.0692 1556 avipbb - ok
12:41:58.0707 1556 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
12:41:58.0723 1556 avkmgr - ok
12:41:58.0754 1556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
12:41:58.0754 1556 AxInstSV - ok
12:41:58.0801 1556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
12:41:58.0801 1556 b06bdrv - ok
12:41:58.0848 1556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
12:41:58.0848 1556 b57nd60a - ok
12:41:59.0019 1556 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
12:41:59.0144 1556 BCM43XX - ok
12:41:59.0175 1556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
12:41:59.0175 1556 BDESVC - ok
12:41:59.0191 1556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
12:41:59.0191 1556 Beep - ok
12:41:59.0222 1556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
12:41:59.0222 1556 blbdrive - ok
12:41:59.0253 1556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:41:59.0269 1556 bowser - ok
12:41:59.0300 1556 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
12:41:59.0300 1556 BPntDrv - ok
12:41:59.0316 1556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
12:41:59.0316 1556 BrFiltLo - ok
12:41:59.0347 1556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
12:41:59.0347 1556 BrFiltUp - ok
12:41:59.0378 1556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
12:41:59.0394 1556 Browser - ok
12:41:59.0409 1556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:41:59.0425 1556 Brserid - ok
12:41:59.0440 1556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:41:59.0440 1556 BrSerWdm - ok
12:41:59.0456 1556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:41:59.0456 1556 BrUsbMdm - ok
12:41:59.0456 1556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:41:59.0456 1556 BrUsbSer - ok
12:41:59.0518 1556 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
12:41:59.0518 1556 BthEnum - ok
12:41:59.0534 1556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
12:41:59.0534 1556 BTHMODEM - ok
12:41:59.0550 1556 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
12:41:59.0550 1556 BthPan - ok
12:41:59.0581 1556 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
12:41:59.0596 1556 BTHPORT - ok
12:41:59.0628 1556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
12:41:59.0628 1556 bthserv - ok
12:41:59.0643 1556 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
12:41:59.0643 1556 BTHUSB - ok
12:41:59.0690 1556 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
12:41:59.0690 1556 BTWAMPFL - ok
12:41:59.0721 1556 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
12:41:59.0721 1556 btwaudio - ok
12:41:59.0737 1556 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
12:41:59.0737 1556 btwavdt - ok
12:41:59.0830 1556 [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
12:41:59.0862 1556 btwdins - ok
12:41:59.0893 1556 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
12:41:59.0893 1556 btwl2cap - ok
12:41:59.0908 1556 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
12:41:59.0908 1556 btwrchid - ok
12:41:59.0955 1556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:41:59.0971 1556 cdfs - ok
12:41:59.0986 1556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
12:42:00.0002 1556 cdrom - ok
12:42:00.0033 1556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
12:42:00.0033 1556 CertPropSvc - ok
12:42:00.0049 1556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
12:42:00.0049 1556 circlass - ok
12:42:00.0080 1556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
12:42:00.0080 1556 CLFS - ok
12:42:00.0142 1556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:00.0158 1556 clr_optimization_v2.0.50727_32 - ok
12:42:00.0189 1556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:42:00.0189 1556 clr_optimization_v2.0.50727_64 - ok
12:42:00.0283 1556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:00.0298 1556 clr_optimization_v4.0.30319_32 - ok
12:42:00.0330 1556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:42:00.0330 1556 clr_optimization_v4.0.30319_64 - ok
12:42:00.0361 1556 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
12:42:00.0376 1556 clwvd - ok
12:42:00.0408 1556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
12:42:00.0408 1556 CmBatt - ok
12:42:00.0423 1556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
12:42:00.0423 1556 cmdide - ok
12:42:00.0486 1556 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
12:42:00.0486 1556 CNG - ok
12:42:00.0517 1556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
12:42:00.0517 1556 Compbatt - ok
12:42:00.0548 1556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
12:42:00.0548 1556 CompositeBus - ok
12:42:00.0579 1556 COMSysApp - ok
12:42:00.0579 1556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
12:42:00.0579 1556 crcdisk - ok
12:42:00.0642 1556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
12:42:00.0642 1556 CryptSvc - ok
12:42:00.0766 1556 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:42:00.0798 1556 cvhsvc - ok
12:42:00.0860 1556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
12:42:00.0876 1556 DcomLaunch - ok
12:42:00.0907 1556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
12:42:00.0922 1556 defragsvc - ok
12:42:00.0954 1556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:42:00.0954 1556 DfsC - ok
12:42:00.0985 1556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
12:42:01.0000 1556 Dhcp - ok
12:42:01.0016 1556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
12:42:01.0016 1556 discache - ok
12:42:01.0063 1556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
12:42:01.0063 1556 Disk - ok
12:42:01.0078 1556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:42:01.0094 1556 Dnscache - ok
12:42:01.0110 1556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
12:42:01.0125 1556 dot3svc - ok
12:42:01.0141 1556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
12:42:01.0141 1556 DPS - ok
12:42:01.0156 1556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:42:01.0156 1556 drmkaud - ok
12:42:01.0203 1556 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
12:42:01.0203 1556 dtsoftbus01 - ok
12:42:01.0234 1556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:42:01.0266 1556 DXGKrnl - ok
12:42:01.0297 1556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
12:42:01.0297 1556 EapHost - ok
12:42:01.0406 1556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
12:42:01.0484 1556 ebdrv - ok
12:42:01.0515 1556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
12:42:01.0515 1556 EFS - ok
12:42:01.0593 1556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
12:42:01.0609 1556 ehRecvr - ok
12:42:01.0624 1556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
12:42:01.0640 1556 ehSched - ok
12:42:01.0671 1556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
12:42:01.0687 1556 elxstor - ok
12:42:01.0687 1556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
12:42:01.0687 1556 ErrDev - ok
12:42:01.0718 1556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
12:42:01.0718 1556 EventSystem - ok
12:42:01.0749 1556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
12:42:01.0749 1556 exfat - ok
12:42:01.0765 1556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
12:42:01.0765 1556 fastfat - ok
12:42:01.0796 1556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
12:42:01.0812 1556 Fax - ok
12:42:01.0858 1556 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
12:42:01.0858 1556 fbfmon - ok
12:42:01.0905 1556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
12:42:01.0905 1556 fdc - ok
12:42:01.0936 1556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
12:42:01.0936 1556 fdPHost - ok
12:42:01.0968 1556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
12:42:01.0968 1556 FDResPub - ok
12:42:01.0983 1556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:42:01.0983 1556 FileInfo - ok
12:42:01.0999 1556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:42:01.0999 1556 Filetrace - ok
12:42:02.0030 1556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
12:42:02.0030 1556 flpydisk - ok
12:42:02.0061 1556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:42:02.0061 1556 FltMgr - ok
12:42:02.0092 1556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
12:42:02.0124 1556 FontCache - ok
12:42:02.0186 1556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:42:02.0186 1556 FontCache3.0.0.0 - ok
12:42:02.0202 1556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:42:02.0202 1556 FsDepends - ok
12:42:02.0233 1556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:42:02.0233 1556 Fs_Rec - ok
12:42:02.0295 1556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:42:02.0295 1556 fvevol - ok
12:42:02.0326 1556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
12:42:02.0326 1556 gagp30kx - ok
12:42:02.0373 1556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
12:42:02.0373 1556 gpsvc - ok
12:42:02.0404 1556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:42:02.0404 1556 hcw85cir - ok
12:42:02.0436 1556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:42:02.0436 1556 HdAudAddService - ok
12:42:02.0467 1556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
12:42:02.0467 1556 HDAudBus - ok
12:42:02.0482 1556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
12:42:02.0482 1556 HidBatt - ok
12:42:02.0498 1556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
12:42:02.0498 1556 HidBth - ok
12:42:02.0514 1556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
12:42:02.0514 1556 HidIr - ok
12:42:02.0529 1556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
12:42:02.0529 1556 hidserv - ok
12:42:02.0560 1556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
12:42:02.0560 1556 HidUsb - ok
12:42:02.0607 1556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
12:42:02.0607 1556 hkmsvc - ok
12:42:02.0638 1556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:42:02.0638 1556 HomeGroupListener - ok
12:42:02.0670 1556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:42:02.0670 1556 HomeGroupProvider - ok
12:42:02.0685 1556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
12:42:02.0685 1556 HpSAMD - ok
12:42:02.0716 1556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
12:42:02.0732 1556 HTTP - ok
12:42:02.0748 1556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:42:02.0748 1556 hwpolicy - ok
12:42:02.0763 1556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
12:42:02.0763 1556 i8042prt - ok
12:42:02.0810 1556 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:42:02.0810 1556 iaStor - ok
12:42:02.0872 1556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:42:02.0888 1556 iaStorV - ok
12:42:02.0966 1556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:42:02.0997 1556 idsvc - ok
12:42:03.0262 1556 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
12:42:03.0481 1556 igfx - ok
12:42:03.0528 1556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
12:42:03.0528 1556 iirsp - ok
12:42:03.0574 1556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
12:42:03.0606 1556 IKEEXT - ok
12:42:03.0730 1556 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
12:42:03.0808 1556 IntcAzAudAddService - ok
12:42:03.0855 1556 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
12:42:03.0855 1556 IntcDAud - ok
12:42:03.0886 1556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
12:42:03.0902 1556 intelide - ok
12:42:03.0918 1556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:42:03.0918 1556 intelppm - ok
12:42:03.0964 1556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:42:03.0980 1556 IPBusEnum - ok
12:42:03.0996 1556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:42:03.0996 1556 IpFilterDriver - ok
12:42:04.0011 1556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
12:42:04.0027 1556 IPMIDRV - ok
12:42:04.0042 1556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:42:04.0042 1556 IPNAT - ok
12:42:04.0074 1556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
12:42:04.0074 1556 IRENUM - ok
12:42:04.0089 1556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
12:42:04.0089 1556 isapnp - ok
12:42:04.0120 1556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
12:42:04.0120 1556 iScsiPrt - ok
12:42:04.0152 1556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
12:42:04.0152 1556 kbdclass - ok
12:42:04.0183 1556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
12:42:04.0183 1556 kbdhid - ok
12:42:04.0198 1556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
12:42:04.0214 1556 KeyIso - ok
12:42:04.0245 1556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:42:04.0245 1556 KSecDD - ok
12:42:04.0276 1556 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:42:04.0276 1556 KSecPkg - ok
12:42:04.0292 1556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
12:42:04.0292 1556 ksthunk - ok
12:42:04.0323 1556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
12:42:04.0339 1556 KtmRm - ok
12:42:04.0386 1556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
12:42:04.0386 1556 LanmanServer - ok
12:42:04.0432 1556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:42:04.0432 1556 LanmanWorkstation - ok
12:42:04.0479 1556 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
12:42:04.0479 1556 LHDmgr - ok
12:42:04.0510 1556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:42:04.0510 1556 lltdio - ok
12:42:04.0526 1556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
12:42:04.0542 1556 lltdsvc - ok
12:42:04.0573 1556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
12:42:04.0573 1556 lmhosts - ok
12:42:04.0635 1556 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:42:04.0635 1556 LMS - ok
12:42:04.0698 1556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
12:42:04.0698 1556 LSI_FC - ok
12:42:04.0713 1556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
12:42:04.0713 1556 LSI_SAS - ok
12:42:04.0744 1556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
12:42:04.0744 1556 LSI_SAS2 - ok
12:42:04.0760 1556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
12:42:04.0760 1556 LSI_SCSI - ok
12:42:04.0776 1556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
12:42:04.0776 1556 luafv - ok
12:42:04.0822 1556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
12:42:04.0822 1556 Mcx2Svc - ok
12:42:04.0838 1556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
12:42:04.0838 1556 megasas - ok
12:42:04.0869 1556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
12:42:04.0869 1556 MegaSR - ok
12:42:04.0916 1556 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
12:42:04.0916 1556 MEIx64 - ok
12:42:04.0994 1556 Microsoft SharePoint Workspace Audit Service - ok
12:42:05.0025 1556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
12:42:05.0025 1556 MMCSS - ok
12:42:05.0041 1556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
12:42:05.0041 1556 Modem - ok
12:42:05.0072 1556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:42:05.0072 1556 monitor - ok
12:42:05.0103 1556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
12:42:05.0103 1556 mouclass - ok
12:42:05.0134 1556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:42:05.0134 1556 mouhid - ok
12:42:05.0150 1556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:42:05.0150 1556 mountmgr - ok
12:42:05.0181 1556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
12:42:05.0181 1556 mpio - ok
12:42:05.0197 1556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:42:05.0197 1556 mpsdrv - ok
12:42:05.0212 1556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:42:05.0228 1556 MRxDAV - ok
12:42:05.0228 1556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:42:05.0244 1556 mrxsmb - ok
12:42:05.0275 1556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:42:05.0275 1556 mrxsmb10 - ok
12:42:05.0290 1556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:42:05.0290 1556 mrxsmb20 - ok
12:42:05.0306 1556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
12:42:05.0306 1556 msahci - ok
12:42:05.0322 1556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
12:42:05.0322 1556 msdsm - ok
12:42:05.0353 1556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
12:42:05.0368 1556 MSDTC - ok
12:42:05.0384 1556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
12:42:05.0384 1556 Msfs - ok
12:42:05.0415 1556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:42:05.0415 1556 mshidkmdf - ok
12:42:05.0431 1556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
12:42:05.0431 1556 msisadrv - ok
12:42:05.0446 1556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:42:05.0462 1556 MSiSCSI - ok
12:42:05.0462 1556 msiserver - ok
12:42:05.0478 1556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:42:05.0478 1556 MSKSSRV - ok
12:42:05.0493 1556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:42:05.0493 1556 MSPCLOCK - ok
12:42:05.0493 1556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:42:05.0493 1556 MSPQM - ok
12:42:05.0509 1556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:42:05.0524 1556 MsRPC - ok
12:42:05.0540 1556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
12:42:05.0540 1556 mssmbios - ok
12:42:05.0540 1556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:42:05.0540 1556 MSTEE - ok
12:42:05.0556 1556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
12:42:05.0556 1556 MTConfig - ok
12:42:05.0556 1556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
12:42:05.0556 1556 Mup - ok
12:42:05.0602 1556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
12:42:05.0602 1556 napagent - ok
12:42:05.0649 1556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:42:05.0649 1556 NativeWifiP - ok
12:42:05.0712 1556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
12:42:05.0758 1556 NDIS - ok
12:42:05.0758 1556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:42:05.0774 1556 NdisCap - ok
12:42:05.0790 1556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:42:05.0790 1556 NdisTapi - ok
12:42:05.0805 1556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:42:05.0805 1556 Ndisuio - ok
12:42:05.0836 1556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:42:05.0836 1556 NdisWan - ok
12:42:05.0852 1556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:42:05.0852 1556 NDProxy - ok
12:42:05.0868 1556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:42:05.0868 1556 NetBIOS - ok
12:42:05.0883 1556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:42:05.0883 1556 NetBT - ok
12:42:05.0899 1556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
12:42:05.0899 1556 Netlogon - ok
12:42:05.0946 1556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
12:42:05.0946 1556 Netman - ok
12:42:05.0977 1556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
12:42:05.0977 1556 netprofm - ok
12:42:06.0008 1556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:06.0008 1556 NetTcpPortSharing - ok
12:42:06.0055 1556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
12:42:06.0070 1556 nfrd960 - ok
12:42:06.0117 1556 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
12:42:06.0117 1556 NlaSvc - ok
12:42:06.0133 1556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
12:42:06.0133 1556 Npfs - ok
12:42:06.0148 1556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
12:42:06.0148 1556 nsi - ok
12:42:06.0164 1556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:42:06.0164 1556 nsiproxy - ok
12:42:06.0258 1556 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:42:06.0320 1556 Ntfs - ok
12:42:06.0351 1556 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys
12:42:06.0351 1556 NuidFltr - ok
12:42:06.0367 1556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
12:42:06.0367 1556 Null - ok
12:42:06.0663 1556 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
12:42:06.0913 1556 nvlddmkm - ok
12:42:06.0944 1556 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
12:42:06.0944 1556 nvpciflt - ok
12:42:06.0975 1556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
12:42:06.0975 1556 nvraid - ok
12:42:06.0975 1556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
12:42:06.0991 1556 nvstor - ok
12:42:07.0053 1556 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\windows\system32\nvvsvc.exe
12:42:07.0084 1556 NVSvc - ok
12:42:07.0162 1556 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:42:07.0225 1556 nvUpdatusService - ok
12:42:07.0225 1556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
12:42:07.0240 1556 nv_agp - ok
12:42:07.0256 1556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
12:42:07.0256 1556 ohci1394 - ok
12:42:07.0318 1556 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:07.0318 1556 ose - ok
12:42:07.0474 1556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:42:07.0599 1556 osppsvc - ok
12:42:07.0615 1556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:42:07.0630 1556 p2pimsvc - ok
12:42:07.0662 1556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
12:42:07.0662 1556 p2psvc - ok
12:42:07.0677 1556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
12:42:07.0677 1556 Parport - ok
12:42:07.0708 1556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
12:42:07.0708 1556 partmgr - ok
12:42:07.0724 1556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
12:42:07.0724 1556 PcaSvc - ok
12:42:07.0755 1556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
12:42:07.0755 1556 pci - ok
12:42:07.0771 1556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
12:42:07.0771 1556 pciide - ok
12:42:07.0786 1556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
12:42:07.0786 1556 pcmcia - ok
12:42:07.0802 1556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
12:42:07.0802 1556 pcw - ok
12:42:07.0833 1556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:42:07.0849 1556 PEAUTH - ok
12:42:07.0942 1556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
12:42:07.0942 1556 PerfHost - ok
12:42:08.0005 1556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
12:42:08.0036 1556 pla - ok
12:42:08.0083 1556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:42:08.0083 1556 PlugPlay - ok
12:42:08.0098 1556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:42:08.0098 1556 PNRPAutoReg - ok
12:42:08.0114 1556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:42:08.0130 1556 PNRPsvc - ok
12:42:08.0145 1556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:42:08.0161 1556 PolicyAgent - ok
12:42:08.0161 1556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
12:42:08.0161 1556 Power - ok
12:42:08.0192 1556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:42:08.0192 1556 PptpMiniport - ok
12:42:08.0208 1556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
12:42:08.0223 1556 Processor - ok
12:42:08.0270 1556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
12:42:08.0270 1556 ProfSvc - ok
12:42:08.0286 1556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
12:42:08.0286 1556 ProtectedStorage - ok
12:42:08.0332 1556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:42:08.0332 1556 Psched - ok
12:42:08.0395 1556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
12:42:08.0442 1556 ql2300 - ok
12:42:08.0457 1556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
12:42:08.0457 1556 ql40xx - ok
12:42:08.0504 1556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
12:42:08.0504 1556 QWAVE - ok
12:42:08.0535 1556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:42:08.0535 1556 QWAVEdrv - ok
12:42:08.0551 1556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:42:08.0551 1556 RasAcd - ok
12:42:08.0582 1556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:42:08.0582 1556 RasAgileVpn - ok
12:42:08.0613 1556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
12:42:08.0613 1556 RasAuto - ok
12:42:08.0629 1556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:42:08.0644 1556 Rasl2tp - ok
12:42:08.0676 1556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
12:42:08.0691 1556 RasMan - ok
12:42:08.0707 1556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:42:08.0707 1556 RasPppoe - ok
12:42:08.0722 1556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:42:08.0738 1556 RasSstp - ok
12:42:08.0769 1556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:42:08.0785 1556 rdbss - ok
12:42:08.0800 1556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
12:42:08.0800 1556 rdpbus - ok
12:42:08.0816 1556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:42:08.0832 1556 RDPCDD - ok
12:42:08.0832 1556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:42:08.0847 1556 RDPENCDD - ok
12:42:08.0863 1556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:42:08.0863 1556 RDPREFMP - ok
12:42:08.0910 1556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:42:08.0910 1556 RDPWD - ok
12:42:08.0941 1556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:42:08.0941 1556 rdyboost - ok
12:42:08.0988 1556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
12:42:09.0003 1556 RemoteAccess - ok
12:42:09.0019 1556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:42:09.0034 1556 RemoteRegistry - ok
12:42:09.0066 1556 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
12:42:09.0066 1556 RFCOMM - ok
12:42:09.0081 1556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:42:09.0081 1556 RpcEptMapper - ok
12:42:09.0112 1556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
12:42:09.0112 1556 RpcLocator - ok
12:42:09.0144 1556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
12:42:09.0159 1556 RpcSs - ok
12:42:09.0190 1556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:42:09.0190 1556 rspndr - ok
12:42:09.0237 1556 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
12:42:09.0253 1556 RSUSBVSTOR - ok
12:42:09.0284 1556 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
12:42:09.0284 1556 RTL8167 - ok
12:42:09.0346 1556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
12:42:09.0346 1556 SamSs - ok
12:42:09.0362 1556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:42:09.0362 1556 sbp2port - ok
12:42:09.0409 1556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
12:42:09.0409 1556 SCardSvr - ok
12:42:09.0424 1556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:42:09.0424 1556 scfilter - ok
12:42:09.0471 1556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
12:42:09.0502 1556 Schedule - ok
12:42:09.0534 1556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
12:42:09.0534 1556 SCPolicySvc - ok
12:42:09.0565 1556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:42:09.0565 1556 SDRSVC - ok
12:42:09.0596 1556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:42:09.0596 1556 secdrv - ok
12:42:09.0612 1556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
12:42:09.0612 1556 seclogon - ok
12:42:09.0643 1556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
12:42:09.0643 1556 SENS - ok
12:42:09.0658 1556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
12:42:09.0658 1556 SensrSvc - ok
12:42:09.0674 1556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
12:42:09.0674 1556 Serenum - ok
12:42:09.0690 1556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
12:42:09.0690 1556 Serial - ok
12:42:09.0721 1556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
12:42:09.0721 1556 sermouse - ok
12:42:09.0736 1556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
12:42:09.0736 1556 SessionEnv - ok
12:42:09.0752 1556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
12:42:09.0752 1556 sffdisk - ok
12:42:09.0768 1556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
12:42:09.0768 1556 sffp_mmc - ok
12:42:09.0783 1556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
12:42:09.0783 1556 sffp_sd - ok
12:42:09.0783 1556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
12:42:09.0799 1556 sfloppy - ok
12:42:09.0861 1556 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
12:42:09.0892 1556 Sftfs - ok
12:42:10.0002 1556 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:42:10.0002 1556 sftlist - ok
12:42:10.0033 1556 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
12:42:10.0033 1556 Sftplay - ok
12:42:10.0048 1556 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
12:42:10.0048 1556 Sftredir - ok
12:42:10.0080 1556 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
12:42:10.0080 1556 Sftvol - ok
12:42:10.0111 1556 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:42:10.0111 1556 sftvsa - ok
12:42:10.0158 1556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:42:10.0158 1556 ShellHWDetection - ok
12:42:10.0189 1556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
12:42:10.0189 1556 SiSRaid2 - ok
12:42:10.0220 1556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
12:42:10.0220 1556 SiSRaid4 - ok
12:42:10.0236 1556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
12:42:10.0236 1556 Smb - ok
12:42:10.0267 1556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:42:10.0267 1556 SNMPTRAP - ok
12:42:10.0298 1556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
12:42:10.0298 1556 spldr - ok
12:42:10.0329 1556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
12:42:10.0345 1556 Spooler - ok
12:42:10.0454 1556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
12:42:10.0516 1556 sppsvc - ok
12:42:10.0532 1556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:42:10.0532 1556 sppuinotify - ok
12:42:10.0563 1556 [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv C:\windows\system32\Drivers\usbvideo.sys
12:42:10.0563 1556 SPUVCbv - ok
12:42:10.0579 1556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
12:42:10.0579 1556 srv - ok
12:42:10.0610 1556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:42:10.0610 1556 srv2 - ok
12:42:10.0626 1556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:42:10.0626 1556 srvnet - ok
12:42:10.0672 1556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:42:10.0688 1556 SSDPSRV - ok
12:42:10.0704 1556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
12:42:10.0704 1556 SstpSvc - ok
12:42:10.0735 1556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
12:42:10.0735 1556 stexstor - ok
12:42:10.0782 1556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
12:42:10.0782 1556 stisvc - ok
12:42:10.0797 1556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
12:42:10.0797 1556 swenum - ok
12:42:10.0828 1556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
12:42:10.0844 1556 swprv - ok
12:42:10.0922 1556 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:42:10.0953 1556 SynTP - ok
12:42:11.0000 1556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
12:42:11.0047 1556 SysMain - ok
12:42:11.0062 1556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
12:42:11.0062 1556 TabletInputService - ok
12:42:11.0078 1556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
12:42:11.0078 1556 TapiSrv - ok
12:42:11.0109 1556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
12:42:11.0109 1556 TBS - ok
12:42:11.0203 1556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:42:11.0250 1556 Tcpip - ok
12:42:11.0312 1556 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:42:11.0328 1556 TCPIP6 - ok
12:42:11.0374 1556 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:42:11.0374 1556 tcpipreg - ok
12:42:11.0390 1556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:42:11.0390 1556 TDPIPE - ok
12:42:11.0421 1556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:42:11.0421 1556 TDTCP - ok
12:42:11.0437 1556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:42:11.0437 1556 tdx - ok
12:42:11.0452 1556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
12:42:11.0468 1556 TermDD - ok
12:42:11.0515 1556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
12:42:11.0530 1556 TermService - ok
12:42:11.0546 1556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
12:42:11.0546 1556 Themes - ok
12:42:11.0562 1556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
12:42:11.0562 1556 THREADORDER - ok
12:42:11.0577 1556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
12:42:11.0577 1556 TrkWks - ok
12:42:11.0640 1556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:42:11.0640 1556 TrustedInstaller - ok
12:42:11.0655 1556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:42:11.0655 1556 tssecsrv - ok
12:42:11.0686 1556 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:42:11.0686 1556 TsUsbFlt - ok
12:42:11.0702 1556 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
12:42:11.0702 1556 TsUsbGD - ok
12:42:11.0733 1556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:42:11.0749 1556 tunnel - ok
12:42:11.0764 1556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
12:42:11.0764 1556 uagp35 - ok
12:42:11.0796 1556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:42:11.0796 1556 udfs - ok
12:42:11.0827 1556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:42:11.0827 1556 UI0Detect - ok
12:42:11.0858 1556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:42:11.0858 1556 uliagpkx - ok
12:42:11.0874 1556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:42:11.0889 1556 umbus - ok
12:42:11.0905 1556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
12:42:11.0905 1556 UmPass - ok
12:42:12.0045 1556 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:42:12.0092 1556 UNS - ok
12:42:12.0139 1556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
12:42:12.0154 1556 upnphost - ok
12:42:12.0186 1556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:42:12.0186 1556 usbccgp - ok
12:42:12.0201 1556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
12:42:12.0201 1556 usbcir - ok
12:42:12.0217 1556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
12:42:12.0217 1556 usbehci - ok
12:42:12.0232 1556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:42:12.0248 1556 usbhub - ok
12:42:12.0248 1556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
12:42:12.0264 1556 usbohci - ok
12:42:12.0264 1556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
12:42:12.0264 1556 usbprint - ok
12:42:12.0279 1556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:42:12.0279 1556 USBSTOR - ok
12:42:12.0295 1556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:42:12.0295 1556 usbuhci - ok
12:42:12.0342 1556 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
12:42:12.0342 1556 usbvideo - ok
12:42:12.0357 1556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
12:42:12.0357 1556 UxSms - ok
12:42:12.0373 1556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
12:42:12.0373 1556 VaultSvc - ok
12:42:12.0404 1556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:42:12.0404 1556 vdrvroot - ok
12:42:12.0435 1556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
12:42:12.0435 1556 vds - ok
12:42:12.0451 1556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:42:12.0451 1556 vga - ok
12:42:12.0466 1556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
12:42:12.0466 1556 VgaSave - ok
12:42:12.0482 1556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
12:42:12.0482 1556 vhdmp - ok
12:42:12.0498 1556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
12:42:12.0498 1556 viaide - ok
12:42:12.0513 1556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:42:12.0513 1556 volmgr - ok
12:42:12.0529 1556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:42:12.0544 1556 volmgrx - ok
12:42:12.0560 1556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
12:42:12.0560 1556 volsnap - ok
12:42:12.0576 1556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
12:42:12.0576 1556 vsmraid - ok
12:42:12.0638 1556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
12:42:12.0685 1556 VSS - ok
12:42:12.0700 1556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:42:12.0700 1556 vwifibus - ok
12:42:12.0716 1556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:42:12.0716 1556 vwififlt - ok
12:42:12.0747 1556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
12:42:12.0747 1556 W32Time - ok
12:42:12.0778 1556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
12:42:12.0778 1556 WacomPen - ok
12:42:12.0810 1556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:42:12.0810 1556 WANARP - ok
12:42:12.0810 1556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:42:12.0810 1556 Wanarpv6 - ok
12:42:12.0856 1556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
12:42:12.0888 1556 wbengine - ok
12:42:12.0903 1556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:42:12.0919 1556 WbioSrvc - ok
12:42:12.0934 1556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
12:42:12.0950 1556 wcncsvc - ok
12:42:12.0950 1556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:42:12.0966 1556 WcsPlugInService - ok
12:42:12.0981 1556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
12:42:12.0997 1556 Wd - ok
12:42:13.0044 1556 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:42:13.0059 1556 Wdf01000 - ok
12:42:13.0075 1556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
12:42:13.0075 1556 WdiServiceHost - ok
12:42:13.0075 1556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
12:42:13.0090 1556 WdiSystemHost - ok
12:42:13.0106 1556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
12:42:13.0122 1556 WebClient - ok
12:42:13.0122 1556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
12:42:13.0137 1556 Wecsvc - ok
12:42:13.0153 1556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
12:42:13.0153 1556 wercplsupport - ok
12:42:13.0184 1556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
12:42:13.0184 1556 WerSvc - ok
12:42:13.0200 1556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:42:13.0200 1556 WfpLwf - ok
12:42:13.0215 1556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:42:13.0215 1556 WIMMount - ok
12:42:13.0215 1556 WinHttpAutoProxySvc - ok
12:42:13.0293 1556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:42:13.0309 1556 Winmgmt - ok
12:42:13.0371 1556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
12:42:13.0434 1556 WinRM - ok
12:42:13.0496 1556 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
12:42:13.0496 1556 WinUsb - ok
12:42:13.0558 1556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
12:42:13.0590 1556 Wlansvc - ok
12:42:13.0605 1556 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:42:13.0621 1556 wlcrasvc - ok
12:42:13.0714 1556 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:42:13.0761 1556 wlidsvc - ok
12:42:13.0792 1556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:42:13.0792 1556 WmiAcpi - ok
12:42:13.0824 1556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:42:13.0824 1556 wmiApSrv - ok
12:42:13.0855 1556 WMPNetworkSvc - ok
12:42:13.0870 1556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
12:42:13.0870 1556 WPCSvc - ok
12:42:13.0886 1556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:42:13.0902 1556 WPDBusEnum - ok
12:42:13.0917 1556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:42:13.0917 1556 ws2ifsl - ok
12:42:13.0917 1556 WSearch - ok
12:42:13.0964 1556 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
12:42:13.0964 1556 wsvd - ok
12:42:14.0011 1556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:42:14.0011 1556 WudfPf - ok
12:42:14.0026 1556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:42:14.0026 1556 WUDFRd - ok
12:42:14.0073 1556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:42:14.0089 1556 wudfsvc - ok
12:42:14.0104 1556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
12:42:14.0120 1556 WwanSvc - ok
12:42:14.0136 1556 ================ Scan global ===============================
12:42:14.0167 1556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
12:42:14.0214 1556 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
12:42:14.0229 1556 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
12:42:14.0276 1556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
12:42:14.0307 1556 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\windows\system32\services.exe
12:42:14.0323 1556 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
12:42:14.0323 1556 C:\windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
12:42:14.0323 1556 ================ Scan MBR ==================================
12:42:14.0338 1556 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:42:14.0604 1556 \Device\Harddisk0\DR0 - ok
12:42:14.0635 1556 [ 5F549E0A200B7179806806E6C0CF098C ] \Device\Harddisk1\DR1
12:42:59.0719 1556 \Device\Harddisk1\DR1 - ok
12:42:59.0719 1556 ================ Scan VBR ==================================
12:42:59.0719 1556 [ F2A6499CEA7981E93F271D5888BDCA7F ] \Device\Harddisk0\DR0\Partition1
12:42:59.0719 1556 \Device\Harddisk0\DR0\Partition1 - ok
12:42:59.0797 1556 [ E4DF46EE193A9E26F5E55EDE263DA184 ] \Device\Harddisk0\DR0\Partition2
12:42:59.0797 1556 \Device\Harddisk0\DR0\Partition2 - ok
12:42:59.0828 1556 [ 7B6FCD8CEF1B894F794E4D58556DBE41 ] \Device\Harddisk0\DR0\Partition3
12:42:59.0828 1556 \Device\Harddisk0\DR0\Partition3 - ok
12:42:59.0844 1556 [ 4DA70ACCFE2141E25E5893B0AAE5D40F ] \Device\Harddisk1\DR1\Partition1
12:42:59.0859 1556 \Device\Harddisk1\DR1\Partition1 - ok
12:42:59.0859 1556 ============================================================
12:42:59.0859 1556 Scan finished
12:42:59.0859 1556 ============================================================
12:42:59.0875 3236 Detected object count: 1
12:42:59.0875 3236 Actual detected object count: 1
12:43:24.0289 3236 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
12:43:24.0289 3236 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
|
|
03.01.2013, 12:55
| #6 | |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Avira findet W32/Patched.UC in C:\windows\system32\services.exe |
|
03.01.2013, 13:28
| #7 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.02 - ******** 03.01.2013 13:09:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2700 [GMT 1:00]
ausgeführt von:: c:\users\********\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\gt.exe
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\L\00000004.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\L\76603ac3
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000004.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000008.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\000000cb.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000000.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000032.@
c:\windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000064.@
c:\windows\s.bat
c:\windows\version.txt
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 12:17 . 2013-01-03 12:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA3DE45F-A0ED-49FB-AAAE-66EA30EBB416}\offreg.dll
2013-01-03 03:00 . 2013-01-03 03:00 -------- d-----w- c:\users\********\AppData\Local\Google
2012-12-31 05:02 . 2012-12-31 05:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-31 04:51 . 2012-12-31 04:51 -------- d-----w- c:\users\********\AppData\Roaming\Malwarebytes
2012-12-31 04:51 . 2012-12-31 04:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-31 04:51 . 2012-12-31 04:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-31 04:51 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 04:51 . 2012-12-31 04:51 -------- d-----w- c:\users\********\AppData\Local\Programs
2012-12-31 02:03 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-31 02:03 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-12-31 02:03 . 2010-06-02 03:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2012-12-31 02:03 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-31 02:03 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-12-31 02:03 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-12-31 02:03 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-12-31 02:03 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-12-31 02:03 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-12-31 02:03 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-12-28 20:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA3DE45F-A0ED-49FB-AAAE-66EA30EBB416}\mpengine.dll
2012-12-21 14:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 14:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 14:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 14:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 00:06 . 2012-12-16 00:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-12-15 17:07 . 2012-12-15 17:07 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-12-15 17:07 . 2012-12-15 17:07 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-12-15 17:05 . 2012-12-15 17:05 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-12-15 17:05 . 2012-12-15 17:05 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-12-15 17:04 . 2012-12-15 17:04 -------- d-----r- C:\MSOCache
2012-12-12 23:53 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 23:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 23:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 02:02 . 2012-06-14 04:19 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:19 . 2012-07-22 19:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:19 . 2012-07-22 19:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 15:36 . 2012-11-03 17:06 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 15:36 . 2012-11-03 17:06 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-16 08:38 . 2012-11-27 21:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 02:57 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 02:57 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 02:57 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 02:57 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-02-16 10:56 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-16 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\********\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-02-16 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-02-16 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-02-16 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-14 283200]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-02-16 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-16 10:45 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-16 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-02-16 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-16 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-16 5908928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\ComUpdatus.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03 13:21:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-03 12:21
.
Vor Suchlauf: 11 Verzeichnis(se), 261.354.606.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 261.168.775.168 Bytes frei
.
- - End Of File - - DAB2E70C61FC23EF566E8DAC496B744D
|
|
03.01.2013, 13:34
| #8 |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.01.2013, 13:50
| #9 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Nach Neustart scheint alles normal. Davor hatte ich noch "Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde." beim Versuch Notepad zu öffnen. |
|
03.01.2013, 13:55
| #10 |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
Schritt 3: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.01.2013, 17:25
| #11 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exeCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.03.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ******** :: ********-PC [Administrator] 03.01.2013 14:00:52 mbam-log-2013-01-03 (14-00-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 434937 Laufzeit: 1 Stunde(n), 10 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000000.@.vir Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000032.@.vir probably a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f96a42d9-609d-00a0-5711-66b0dcc71b31}\U\80000064.@.vir a variant of Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
Code:
ATTFilter # AdwCleaner v2.104 - Datei am 03/01/2013 um 17:16:23 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ******** - ********-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\********\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [1621 octets] - [03/01/2013 17:16:23]
########## EOF - C:\AdwCleaner[S1].txt - [1681 octets] ##########
|
|
03.01.2013, 17:31
| #12 |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Bitte poste mir auch die Extras.txt, die OTL erstellt hat.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.01.2013, 17:36
| #13 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Ich hatte die logs von OTL beim ersten versuch leider gelöscht und bei weiteren durchläufen wurde nur noch OTL.txt erstellt. Ich weiß auch nicht wie man OTL "zurücksetzen kann" oder ob die logs noch wo anders als im Verzeichnis wo OTL.exe liegt gespeichert werden. Soll ich OTL noch mal starten? |
|
03.01.2013, 17:42
| #14 |
| /// Malwareteam | Avira findet W32/Patched.UC in C:\windows\system32\services.exe Drücke die Windws- und die R-Taste gleichzeitig. Kopiere den Text aus der folgenden Codebox in das sich öffnende Fenster: Code:
ATTFilter C:\QooBox\Add-Remove Programs.txt
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.01.2013, 17:47
| #15 |
| | Avira findet W32/Patched.UC in C:\windows\system32\services.exeCode:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Avira Free Antivirus Benutzerhandbuch ConTEXT v0.98.6 D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Energy Management For the Motherland version 3.05 Giana Sisters - Twisted Dreams v1.02 Hearts of Iron III Heroes of Might and Magic V - Collectors Edition Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology IrfanView (remove only) Java 7 Update 9 Java Auto Updater Junk Mail filter update Lenovo EasyCamera Lenovo Games Console Lenovo OneKey Recovery Lenovo YouCam Lenovo_Wireless_Driver LibreOffice 3.6 Malwarebytes Anti-Malware Version 1.70.0.1100 Mesh Runtime Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Starter 2010 - Deutsch Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 Onekey Theater Power2Go Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver RStudio Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Semper Fi 1.0 TripleA Version 1_6_1_2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition UserGuide VeriFace Victoria II A House Divided 2.1 Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources |
|
| Themen zu Avira findet W32/Patched.UC in C:\windows\system32\services.exe |
| 00000008.@, adobe, appinit_dlls, application, autorun, avgntflt.sys, bho, black, browser, desktop, document, flash player, lenovo, nt.dll, nvpciflt.sys, object, plug-in, programm, prozesse, quara, realtek, registrierungsschlüssel, registry, rootkit.0access, sched.exe, searchscopes, services.exe, shockwave, software, start menu, svchost.exe, system, syswow64, taskhost.exe, trojan.dropper.bcminer, version=1.0, virus.win64.zaccess.a, visual studio, w32/patched.uc, warnung, windows |
Linear-Darstellung
