| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabilWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2013, 14:31
| #1 |
 |  Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Hallo erstmal, Trojanerforum, mein Computer ist in seit einiger Zeit ziemlich langsam. Ich hatte bisher keine Zeit, das Problem gründlich anzugehen. Das betrifft vor allem Firefox und hier insbesondere den Flash Player. Beide sind ziemlich langsam und reagieren manchmal kurzfristig nicht. Der Flash-player stürzt regelmäßig mitten beim abspielen vom Filmen im Browser ab und es kommt auch vor, dass nach Click auf Pause- oder Stop-Icon erstmal einige Sekunden (z.T mehr als 20) geladen wird, bevor der Film tatsächlich pausiert oder stoppt. Es folgen die Logs. Code:
ATTFilter OTL logfile created on: 13.01.2013 23:40:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ms\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 888,60 Mb Total Physical Memory | 326,72 Mb Available Physical Memory | 36,77% Memory free 1,87 Gb Paging File | 0,89 Gb Available in Paging File | 47,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 79,91 Gb Free Space | 42,58% Space Free | Partition Type: NTFS Drive D: | 30,27 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS Computer Name: MS-PC | User Name: ms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 23:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.12 14:10:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.21 16:10:48 | 005,092,152 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.07.31 17:45:56 | 004,114,336 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe PRC - [2009.07.19 16:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe PRC - [2009.06.25 10:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.01.11 17:37:33 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 23:19:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.02.07 13:12:44 | 000,042,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.24 01:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.24 01:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.09.27 21:33:00 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm) DRV - [2009.08.14 13:57:46 | 000,020,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2009.08.14 13:57:44 | 000,118,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2009.08.14 04:48:38 | 000,489,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.07.30 11:42:06 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.16 13:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.09 23:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2009.06.20 05:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 17:37:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 09:52:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 17:37:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 09:52:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.28 12:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\Extensions [2012.11.23 21:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\Firefox\Profiles\p87ceku4.default\extensions [2012.11.23 21:49:36 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.08 22:23:06 | 000,002,321 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\dictcc.xml [2012.09.27 00:45:01 | 000,012,703 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\imdb.xml [2012.07.01 18:02:01 | 000,001,919 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\leo-deu-fra.xml [2012.07.13 08:11:31 | 000,002,006 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\urban-dictionary.xml [2012.08.04 16:12:00 | 000,001,330 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\wikipedia-en.xml [2012.07.13 08:35:50 | 000,002,057 | ---- | M] () -- C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\p87ceku4.default\searchplugins\youtube-videosuche.xml [2013.01.11 17:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.11 17:37:34 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.14 02:17:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.14 02:17:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.14 02:17:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.14 02:17:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.14 02:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.14 02:17:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O16 - DPF: {B2E4704E-A1CA-4473-8CB1-08027E35E7FD} hxxp://www.ssicentral.com/hlm/downloads/trial/InstallHLM7Trial.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.47.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29969233-2A4F-48C7-AF45-EE07E50E683D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF53C089-DD22-4058-A3C8-5BCCDB1A973F}: DhcpNameServer = 192.168.47.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 23:27:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2013.01.11 17:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.09 09:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.01.01 17:08:03 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Masterarbeit [2012.12.30 16:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.30 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.12.28 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Diagnostics [2012.12.18 15:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.18 15:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.18 15:28:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe [2012.12.18 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012.12.18 15:28:15 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.01.13 23:35:21 | 000,365,568 | ---- | M] () -- C:\Users\ms\Desktop\gmer-2.0.18444.exe [2013.01.13 23:27:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2013.01.13 23:27:15 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable [2013.01.13 23:26:22 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe [2013.01.13 23:18:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.13 20:33:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 20:33:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 20:26:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.13 20:26:03 | 698,818,560 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 19:22:14 | 000,442,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.01.09 13:38:52 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.01.09 13:38:52 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.01.09 13:38:52 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.01.09 13:38:52 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.01.13 23:34:55 | 000,365,568 | ---- | C] () -- C:\Users\ms\Desktop\gmer-2.0.18444.exe [2013.01.13 23:27:15 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable [2013.01.13 23:26:11 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe [2012.12.28 22:57:48 | 000,675,926 | ---- | C] () -- C:\windows\System32\oem14.inf [2012.12.18 15:28:58 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.14 19:38:13 | 000,000,218 | ---- | C] () -- C:\Users\ms\.recently-used.xbel [2012.06.23 14:15:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth2.dll [2012.06.23 14:15:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth1.dll [2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\ssprs.dll [2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth2.dll [2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth1.dll [2012.06.23 14:15:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\nsprs.dll [2012.06.23 14:13:50 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll [2012.06.23 14:13:50 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.13 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\AIMP3 [2012.06.29 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\DAEMON Tools Lite [2012.12.14 19:38:13 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\gretl [2012.12.14 19:15:23 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\gtk-2.0 [2012.06.20 13:00:24 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\JabRef 2.8 [2012.06.20 12:38:42 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Leadertech [2012.06.20 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Lenovo [2012.06.30 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\LucasArts [2013.01.11 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Mnemosyne [2012.06.20 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\OpenOffice.org [2012.07.04 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\temp [2012.06.20 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 23:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ms\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
888,60 Mb Total Physical Memory | 326,72 Mb Available Physical Memory | 36,77% Memory free
1,87 Gb Paging File | 0,89 Gb Available in Paging File | 47,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,67 Gb Total Space | 79,91 Gb Free Space | 42,58% Space Free | Partition Type: NTFS
Drive D: | 30,27 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
Computer Name: MS-PC | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{890F8CC9-45A2-4328-8CBC-254ABB2A7544}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5006A0E8-B9B0-48DF-981A-41D005B3E937}" = Stata 12
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP3" = AIMP3
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"gretl_is1" = gretl version 1.9.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mnemosyne_is1" = Mnemosyne 2.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Rainlendar2" = Rainlendar2 (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.3
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 18.12.2012 03:26:25 | Computer Name = ms-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 18.12.2012 15:22:14 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TEXCNTR.EXE, Version: 1.0.0.0, Zeitstempel:
0x493c1915 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel:
0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009f40 ID des fehlerhaften Prozesses:
0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cddd5103e36aaa Pfad der fehlerhaften
Anwendung: C:\Program Files\TeXnicCenter\TEXCNTR.EXE Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll Berichtskennung: 39c29093-4948-11e2-b50a-00269e39d1a6
Error - 23.12.2012 15:16:31 | Computer Name = ms-PC | Source = Windows Backup | ID = 4104
Description =
Error - 30.12.2012 14:02:36 | Computer Name = ms-PC | Source = Windows Backup | ID = 4104
Description =
Error - 31.12.2012 11:14:34 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.59.126, Zeitstempel:
0x509cf567 Name des fehlerhaften Moduls: Skype.exe, Version: 6.0.59.126, Zeitstempel:
0x509cf567 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00f8107a ID des fehlerhaften Prozesses:
0x2e8 Startzeit der fehlerhaften Anwendung: 0x01cde75e93f67fff Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Skype\Phone\Skype.exe Berichtskennung: c7ec2d68-535c-11e2-bcb0-00269e39d1a6
Error - 01.01.2013 07:09:23 | Computer Name = ms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0xe78 Startzeit der fehlerhaften Anwendung: 0x01cde80ffb03bf63 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: b1ef77c2-5403-11e2-8b3f-00269e39d1a6
Error - 02.01.2013 08:40:46 | Computer Name = ms-PC | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
[ Spybot - Search and Destroy Events ]
Error - 18.12.2012 13:44:54 | Computer Name = ms-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 06.01.2013 13:51:24 | Computer Name = ms-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 03.11.2012 10:43:35 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom SBRE
Error - 03.11.2012 11:35:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 03.11.2012 11:35:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom SBRE
Error - 03.11.2012 12:53:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 03.11.2012 12:53:02 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom SBRE
Error - 03.11.2012 13:31:40 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 04.11.2012 07:04:09 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 04.11.2012 07:04:09 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom SBRE
Error - 04.11.2012 09:02:01 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 04.11.2012 09:02:01 | Computer Name = ms-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom SBRE
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 08:23:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\ms\AppData\Local\Temp\pxldypoc.sys
---- System - GMER 2.0 ----
SSDT 9005B226 ZwCreateSection
SSDT 9005B230 ZwRequestWaitReplyPort
SSDT 9005B22B ZwSetContextThread
SSDT 9005B235 ZwSetSecurityObject
SSDT 9005B23A ZwSystemDebugControl
SSDT 9005B1C7 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C82A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CC362C 4 Bytes [26, B2, 05, 90] {MOV DL, 0x5; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CC3988 4 Bytes [30, B2, 05, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CC39CC 4 Bytes [2B, B2, 05, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CC3A48 4 Bytes [35, B2, 05, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CC3A9C 4 Bytes [3A, B2, 05, 90]
.text ...
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d585f4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d585f4 (not active ControlSet)
---- EOF - GMER 2.0 ----
Vielen Dank für eure Hilfe!  |
|
14.01.2013, 15:03
| #2 |
| /// Malware-holic   | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Hi
__________________öffne Avira, Verwaltung, Quarantäne, poste alle Funde mit Pfadangabe. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
14.01.2013, 15:57
| #3 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Danke für die schnell Antwort.
__________________Hier die Infos über die Avira-Quarantäne: Code:
ATTFilter Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\C\60\5B26Ad01
Status: Infiziert
Quarantäne-Objekt: 545a2e19.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.126
Virendefinitionsdatei: 7.11.38.200
Meldung: HTML/IFrame.aho
Datum/Uhrzeit: 04.08.2012, 22:15
Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\F\67\35A47d01
Status: Infiziert
Quarantäne-Objekt: 56c87bc7.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.120
Virendefinitionsdatei: 7.11.38.158
Meldung: HTML/IFrame.aho
Datum/Uhrzeit: 02.08.2012, 21:07
Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\4\40\D7909d01
Status: Infiziert
Quarantäne-Objekt: 5504709f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.120
Virendefinitionsdatei: 7.11.38.158
Meldung: HTML/IFrame.aho
Datum/Uhrzeit: 02.08.2012, 21:07
Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Mozilla\Firefox\Profiles\p87ceku4.default\Cache\C\60\5B26Ad01
Status: Infiziert
Quarantäne-Objekt: 539e659d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.120
Virendefinitionsdatei: 7.11.38.158
Meldung: HTML/IFrame.aho
Datum/Uhrzeit: 02.08.2012, 21:06
Typ: Datei
Quelle: E:\Setup.exe
Status: Infiziert
Quarantäne-Objekt: 55a28bd2.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.96
Virendefinitionsdatei: 7.11.34.18
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 26.06.2012, 23:20
Typ: Datei
Quelle: E:\Setup.exe
Status: Infiziert
Quarantäne-Objekt: 571584d2.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.96
Virendefinitionsdatei: 7.11.34.18
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 26.06.2012, 23:20
Typ: Datei
Quelle: E:\Setup.exe
Status: Infiziert
Quarantäne-Objekt: 56b18bc0.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.96
Virendefinitionsdatei: 7.11.34.18
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 26.06.2012, 23:19
Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Temp\LGS-8.30.86\LGS-8.30.86.exe
Status: Infiziert
Quarantäne-Objekt: 55e918d4.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.58
Virendefinitionsdatei: 7.11.28.204
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 20.06.2012, 13:31
Typ: Datei
Quelle: C:\Users\ms\AppData\Local\Temp\LGS-8.30.86\LGS-8.30.86.exe
Status: Infiziert
Quarantäne-Objekt: 551b1ed5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.58
Virendefinitionsdatei: 7.11.28.204
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 20.06.2012, 13:31
Und hier das TDSSKILLER log: Code:
ATTFilter 15:53:38.0607 1856 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:53:38.0888 1856 ============================================================
15:53:38.0888 1856 Current date / time: 2013/01/14 15:53:38.0888
15:53:38.0888 1856 SystemInfo:
15:53:38.0888 1856
15:53:38.0888 1856 OS Version: 6.1.7601 ServicePack: 1.0
15:53:38.0888 1856 Product type: Workstation
15:53:38.0888 1856 ComputerName: MS-PC
15:53:38.0888 1856 UserName: ms
15:53:38.0888 1856 Windows directory: C:\windows
15:53:38.0888 1856 System windows directory: C:\windows
15:53:38.0888 1856 Processor architecture: Intel x86
15:53:38.0888 1856 Number of processors: 2
15:53:38.0888 1856 Page size: 0x1000
15:53:38.0888 1856 Boot type: Normal boot
15:53:38.0888 1856 ============================================================
15:53:40.0526 1856 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:40.0588 1856 ============================================================
15:53:40.0588 1856 \Device\Harddisk0\DR0:
15:53:40.0588 1856 MBR partitions:
15:53:40.0588 1856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
15:53:40.0588 1856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x17755000
15:53:40.0651 1856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x177BA000, BlocksNum 0x3C89000
15:53:40.0651 1856 ============================================================
15:53:40.0775 1856 C: <-> \Device\Harddisk0\DR0\Partition2
15:53:40.0900 1856 D: <-> \Device\Harddisk0\DR0\Partition3
15:53:40.0931 1856 ============================================================
15:53:40.0931 1856 Initialize success
15:53:40.0931 1856 ============================================================
15:54:06.0406 1320 ============================================================
15:54:06.0406 1320 Scan started
15:54:06.0406 1320 Mode: Manual; SigCheck; TDLFS;
15:54:06.0406 1320 ============================================================
15:54:07.0748 1320 ================ Scan system memory ========================
15:54:07.0748 1320 System memory - ok
15:54:07.0748 1320 ================ Scan services =============================
15:54:07.0951 1320 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:54:08.0216 1320 1394ohci - ok
15:54:08.0263 1320 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:54:08.0294 1320 ACPI - ok
15:54:08.0356 1320 [ 79D6B28027C398B728CE7CD0570248B0 ] acpials C:\windows\system32\DRIVERS\acpials.sys
15:54:08.0465 1320 acpials - ok
15:54:08.0512 1320 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:54:08.0621 1320 AcpiPmi - ok
15:54:08.0699 1320 [ 87114EFEDEB94AF49323CA61F344716D ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
15:54:08.0746 1320 ACPIVPC - ok
15:54:08.0824 1320 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:54:08.0887 1320 AdobeFlashPlayerUpdateSvc - ok
15:54:08.0965 1320 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:54:09.0074 1320 adp94xx - ok
15:54:09.0089 1320 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:54:09.0136 1320 adpahci - ok
15:54:09.0167 1320 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:54:09.0214 1320 adpu320 - ok
15:54:09.0245 1320 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:54:09.0323 1320 AeLookupSvc - ok
15:54:09.0386 1320 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
15:54:09.0448 1320 AFD - ok
15:54:09.0464 1320 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
15:54:09.0511 1320 agp440 - ok
15:54:09.0557 1320 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
15:54:09.0620 1320 aic78xx - ok
15:54:09.0667 1320 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
15:54:09.0745 1320 ALG - ok
15:54:09.0791 1320 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
15:54:09.0838 1320 aliide - ok
15:54:09.0854 1320 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
15:54:09.0901 1320 amdagp - ok
15:54:09.0916 1320 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
15:54:09.0947 1320 amdide - ok
15:54:09.0994 1320 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:54:10.0088 1320 AmdK8 - ok
15:54:10.0088 1320 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:54:10.0150 1320 AmdPPM - ok
15:54:10.0197 1320 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
15:54:10.0259 1320 amdsata - ok
15:54:10.0291 1320 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:54:10.0353 1320 amdsbs - ok
15:54:10.0369 1320 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:54:10.0415 1320 amdxata - ok
15:54:10.0509 1320 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:10.0540 1320 AntiVirSchedulerService - ok
15:54:10.0603 1320 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:10.0618 1320 AntiVirService - ok
15:54:10.0665 1320 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
15:54:10.0837 1320 AppID - ok
15:54:10.0883 1320 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:54:10.0977 1320 AppIDSvc - ok
15:54:11.0039 1320 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
15:54:11.0117 1320 Appinfo - ok
15:54:11.0164 1320 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
15:54:11.0211 1320 arc - ok
15:54:11.0227 1320 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:54:11.0258 1320 arcsas - ok
15:54:11.0289 1320 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:54:11.0429 1320 AsyncMac - ok
15:54:11.0476 1320 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
15:54:11.0523 1320 atapi - ok
15:54:11.0585 1320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:54:11.0710 1320 AudioEndpointBuilder - ok
15:54:11.0726 1320 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
15:54:11.0788 1320 Audiosrv - ok
15:54:11.0819 1320 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
15:54:11.0866 1320 avgntflt - ok
15:54:11.0897 1320 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
15:54:11.0929 1320 avipbb - ok
15:54:11.0960 1320 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
15:54:11.0991 1320 avkmgr - ok
15:54:12.0038 1320 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
15:54:12.0147 1320 AxInstSV - ok
15:54:12.0194 1320 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
15:54:12.0303 1320 b06bdrv - ok
15:54:12.0334 1320 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
15:54:12.0397 1320 b57nd60x - ok
15:54:12.0521 1320 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
15:54:12.0662 1320 BCM43XX - ok
15:54:12.0693 1320 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
15:54:12.0787 1320 BDESVC - ok
15:54:12.0833 1320 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
15:54:12.0896 1320 Beep - ok
15:54:12.0958 1320 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
15:54:13.0099 1320 BFE - ok
15:54:13.0145 1320 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
15:54:13.0239 1320 BITS - ok
15:54:13.0270 1320 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:54:13.0317 1320 blbdrive - ok
15:54:13.0348 1320 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:54:13.0426 1320 bowser - ok
15:54:13.0457 1320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:54:13.0567 1320 BrFiltLo - ok
15:54:13.0582 1320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:54:13.0660 1320 BrFiltUp - ok
15:54:13.0707 1320 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
15:54:13.0785 1320 Browser - ok
15:54:13.0801 1320 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:54:13.0894 1320 Brserid - ok
15:54:13.0910 1320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:54:13.0988 1320 BrSerWdm - ok
15:54:14.0003 1320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:54:14.0050 1320 BrUsbMdm - ok
15:54:14.0066 1320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:54:14.0128 1320 BrUsbSer - ok
15:54:14.0175 1320 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:54:14.0362 1320 BthEnum - ok
15:54:14.0409 1320 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:54:14.0487 1320 BTHMODEM - ok
15:54:14.0518 1320 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:54:14.0596 1320 BthPan - ok
15:54:14.0643 1320 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:54:14.0783 1320 BTHPORT - ok
15:54:14.0815 1320 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
15:54:14.0893 1320 bthserv - ok
15:54:14.0908 1320 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:54:14.0986 1320 BTHUSB - ok
15:54:15.0033 1320 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:54:15.0064 1320 btwaudio - ok
15:54:15.0095 1320 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\windows\system32\drivers\btwavdt.sys
15:54:15.0142 1320 btwavdt - ok
15:54:15.0236 1320 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
15:54:15.0298 1320 btwdins - ok
15:54:15.0314 1320 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:54:15.0345 1320 btwl2cap - ok
15:54:15.0361 1320 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:54:15.0407 1320 btwrchid - ok
15:54:15.0517 1320 [ 2306FF4221D45DFB59EE55425A10D157 ] Cam5607 C:\windows\system32\Drivers\BisonC07.sys
15:54:15.0657 1320 Cam5607 - ok
15:54:15.0688 1320 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:54:15.0766 1320 cdfs - ok
15:54:15.0813 1320 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:54:15.0907 1320 cdrom - ok
15:54:15.0953 1320 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
15:54:16.0063 1320 CertPropSvc - ok
15:54:16.0078 1320 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:54:16.0141 1320 circlass - ok
15:54:16.0203 1320 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
15:54:16.0234 1320 CLFS - ok
15:54:16.0343 1320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:16.0406 1320 clr_optimization_v2.0.50727_32 - ok
15:54:16.0499 1320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:16.0577 1320 clr_optimization_v4.0.30319_32 - ok
15:54:16.0609 1320 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:54:16.0671 1320 CmBatt - ok
15:54:16.0733 1320 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
15:54:16.0811 1320 cmdide - ok
15:54:16.0889 1320 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
15:54:16.0999 1320 CNG - ok
15:54:17.0077 1320 [ 4A13D000037A3B4ECF2E299CF2BD14AB ] CnxtHdAudService C:\windows\system32\drivers\CHDRT32.sys
15:54:17.0201 1320 CnxtHdAudService - ok
15:54:17.0248 1320 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:54:17.0326 1320 Compbatt - ok
15:54:17.0389 1320 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:54:17.0451 1320 CompositeBus - ok
15:54:17.0482 1320 COMSysApp - ok
15:54:17.0498 1320 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:54:17.0576 1320 crcdisk - ok
15:54:17.0638 1320 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
15:54:17.0716 1320 CryptSvc - ok
15:54:17.0810 1320 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
15:54:17.0888 1320 DcomLaunch - ok
15:54:17.0935 1320 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
15:54:18.0044 1320 defragsvc - ok
15:54:18.0122 1320 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:54:18.0231 1320 DfsC - ok
15:54:18.0309 1320 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
15:54:18.0387 1320 Dhcp - ok
15:54:18.0403 1320 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
15:54:18.0465 1320 discache - ok
15:54:18.0512 1320 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
15:54:18.0559 1320 Disk - ok
15:54:18.0605 1320 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:54:18.0730 1320 Dnscache - ok
15:54:18.0808 1320 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
15:54:18.0902 1320 dot3svc - ok
15:54:18.0949 1320 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
15:54:19.0011 1320 DPS - ok
15:54:19.0058 1320 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:54:19.0120 1320 drmkaud - ok
15:54:19.0167 1320 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:54:19.0261 1320 DXGKrnl - ok
15:54:19.0292 1320 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
15:54:19.0401 1320 EapHost - ok
15:54:19.0510 1320 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
15:54:19.0760 1320 ebdrv - ok
15:54:19.0807 1320 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
15:54:19.0885 1320 EFS - ok
15:54:19.0978 1320 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:54:20.0119 1320 ehRecvr - ok
15:54:20.0150 1320 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
15:54:20.0212 1320 ehSched - ok
15:54:20.0275 1320 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:54:20.0353 1320 elxstor - ok
15:54:20.0384 1320 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
15:54:20.0431 1320 ErrDev - ok
15:54:20.0493 1320 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
15:54:20.0571 1320 EventSystem - ok
15:54:20.0587 1320 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
15:54:20.0665 1320 exfat - ok
15:54:20.0727 1320 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
15:54:20.0836 1320 fastfat - ok
15:54:20.0914 1320 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
15:54:20.0992 1320 Fax - ok
15:54:21.0008 1320 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:54:21.0055 1320 fdc - ok
15:54:21.0086 1320 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
15:54:21.0164 1320 fdPHost - ok
15:54:21.0179 1320 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
15:54:21.0273 1320 FDResPub - ok
15:54:21.0320 1320 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:54:21.0367 1320 FileInfo - ok
15:54:21.0382 1320 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:54:21.0476 1320 Filetrace - ok
15:54:21.0491 1320 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:54:21.0538 1320 flpydisk - ok
15:54:21.0569 1320 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:54:21.0601 1320 FltMgr - ok
15:54:21.0663 1320 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
15:54:21.0741 1320 FontCache - ok
15:54:21.0819 1320 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:21.0881 1320 FontCache3.0.0.0 - ok
15:54:21.0913 1320 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:54:21.0959 1320 FsDepends - ok
15:54:22.0006 1320 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:54:22.0053 1320 Fs_Rec - ok
15:54:22.0115 1320 [ F626F291E3F56E8969E35945552FECA3 ] funfrm C:\windows\system32\drivers\funfrm.sys
15:54:22.0162 1320 funfrm - ok
15:54:22.0225 1320 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:54:22.0271 1320 fvevol - ok
15:54:22.0318 1320 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:54:22.0365 1320 gagp30kx - ok
15:54:22.0427 1320 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
15:54:22.0521 1320 gpsvc - ok
15:54:22.0537 1320 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:54:22.0615 1320 hcw85cir - ok
15:54:22.0677 1320 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:54:22.0786 1320 HdAudAddService - ok
15:54:22.0802 1320 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:54:22.0849 1320 HDAudBus - ok
15:54:22.0880 1320 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:54:22.0927 1320 HidBatt - ok
15:54:22.0942 1320 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:54:23.0005 1320 HidBth - ok
15:54:23.0036 1320 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:54:23.0083 1320 HidIr - ok
15:54:23.0114 1320 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
15:54:23.0208 1320 hidserv - ok
15:54:23.0254 1320 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:54:23.0301 1320 HidUsb - ok
15:54:23.0348 1320 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
15:54:23.0426 1320 hkmsvc - ok
15:54:23.0473 1320 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:54:23.0566 1320 HomeGroupListener - ok
15:54:23.0613 1320 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:54:23.0660 1320 HomeGroupProvider - ok
15:54:23.0707 1320 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:54:23.0754 1320 HpSAMD - ok
15:54:23.0816 1320 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:54:23.0878 1320 HTTP - ok
15:54:23.0925 1320 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:54:23.0956 1320 hwpolicy - ok
15:54:23.0988 1320 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:54:24.0050 1320 i8042prt - ok
15:54:24.0144 1320 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:54:24.0190 1320 IAANTMON - ok
15:54:24.0222 1320 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:54:24.0253 1320 iaStor - ok
15:54:24.0300 1320 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:54:24.0362 1320 iaStorV - ok
15:54:24.0456 1320 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:54:24.0502 1320 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:54:24.0502 1320 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:54:24.0596 1320 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:24.0752 1320 idsvc - ok
15:54:24.0939 1320 [ C7FEE838FD0216EE0AD3D765AB4F40F4 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
15:54:25.0173 1320 igfx - ok
15:54:25.0204 1320 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:54:25.0267 1320 iirsp - ok
15:54:25.0345 1320 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
15:54:25.0485 1320 IKEEXT - ok
15:54:25.0532 1320 [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
15:54:25.0610 1320 IntcHdmiAddService - ok
15:54:25.0626 1320 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
15:54:25.0672 1320 intelide - ok
15:54:25.0704 1320 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:54:25.0735 1320 intelppm - ok
15:54:25.0782 1320 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:54:25.0860 1320 IPBusEnum - ok
15:54:25.0891 1320 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:54:25.0984 1320 IpFilterDriver - ok
15:54:26.0062 1320 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:54:26.0203 1320 iphlpsvc - ok
15:54:26.0265 1320 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:54:26.0343 1320 IPMIDRV - ok
15:54:26.0406 1320 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:54:26.0515 1320 IPNAT - ok
15:54:26.0562 1320 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
15:54:26.0624 1320 IRENUM - ok
15:54:26.0655 1320 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:54:26.0702 1320 isapnp - ok
15:54:26.0749 1320 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:54:26.0827 1320 iScsiPrt - ok
15:54:26.0889 1320 [ 62632763D9B2B7F92D2968D40406E7AA ] k57nd60x C:\windows\system32\DRIVERS\k57nd60x.sys
15:54:26.0952 1320 k57nd60x - ok
15:54:26.0967 1320 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
15:54:27.0014 1320 kbdclass - ok
15:54:27.0061 1320 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
15:54:27.0108 1320 kbdhid - ok
15:54:27.0139 1320 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
15:54:27.0154 1320 KeyIso - ok
15:54:27.0201 1320 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:54:27.0248 1320 KSecDD - ok
15:54:27.0279 1320 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:54:27.0326 1320 KSecPkg - ok
15:54:27.0357 1320 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
15:54:27.0466 1320 KtmRm - ok
15:54:27.0513 1320 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
15:54:27.0591 1320 LanmanServer - ok
15:54:27.0654 1320 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:54:27.0732 1320 LanmanWorkstation - ok
15:54:27.0778 1320 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\windows\system32\drivers\LGBusEnum.sys
15:54:27.0825 1320 LGBusEnum - ok
15:54:27.0856 1320 [ 8DC67B636F393DF1B93E5445485427C5 ] LGSHidFilt C:\windows\system32\DRIVERS\LGSHidFilt.Sys
15:54:27.0888 1320 LGSHidFilt - ok
15:54:27.0934 1320 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\windows\system32\drivers\LGVirHid.sys
15:54:27.0950 1320 LGVirHid - ok
15:54:27.0997 1320 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:54:28.0090 1320 lltdio - ok
15:54:28.0122 1320 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
15:54:28.0200 1320 lltdsvc - ok
15:54:28.0231 1320 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
15:54:28.0293 1320 lmhosts - ok
15:54:28.0324 1320 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:54:28.0371 1320 LSI_FC - ok
15:54:28.0387 1320 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:54:28.0434 1320 LSI_SAS - ok
15:54:28.0434 1320 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:54:28.0480 1320 LSI_SAS2 - ok
15:54:28.0496 1320 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:54:28.0543 1320 LSI_SCSI - ok
15:54:28.0574 1320 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
15:54:28.0636 1320 luafv - ok
15:54:28.0683 1320 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:54:28.0746 1320 Mcx2Svc - ok
15:54:28.0746 1320 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:54:28.0792 1320 megasas - ok
15:54:28.0824 1320 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:54:28.0886 1320 MegaSR - ok
15:54:28.0917 1320 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
15:54:29.0011 1320 MMCSS - ok
15:54:29.0026 1320 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
15:54:29.0089 1320 Modem - ok
15:54:29.0104 1320 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:54:29.0151 1320 monitor - ok
15:54:29.0198 1320 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:54:29.0245 1320 mouclass - ok
15:54:29.0292 1320 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:54:29.0338 1320 mouhid - ok
15:54:29.0385 1320 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:54:29.0416 1320 mountmgr - ok
15:54:29.0479 1320 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:29.0541 1320 MozillaMaintenance - ok
15:54:29.0572 1320 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
15:54:29.0619 1320 mpio - ok
15:54:29.0635 1320 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:54:29.0728 1320 mpsdrv - ok
15:54:29.0775 1320 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
15:54:29.0900 1320 MpsSvc - ok
15:54:29.0947 1320 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:54:29.0994 1320 MRxDAV - ok
15:54:30.0072 1320 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:54:30.0150 1320 mrxsmb - ok
15:54:30.0165 1320 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:54:30.0228 1320 mrxsmb10 - ok
15:54:30.0259 1320 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:54:30.0321 1320 mrxsmb20 - ok
15:54:30.0352 1320 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
15:54:30.0415 1320 msahci - ok
15:54:30.0446 1320 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:54:30.0508 1320 msdsm - ok
15:54:30.0524 1320 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
15:54:30.0618 1320 MSDTC - ok
15:54:30.0649 1320 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
15:54:30.0727 1320 Msfs - ok
15:54:30.0758 1320 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:54:30.0898 1320 mshidkmdf - ok
15:54:30.0945 1320 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:54:30.0992 1320 msisadrv - ok
15:54:31.0023 1320 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:54:31.0101 1320 MSiSCSI - ok
15:54:31.0117 1320 msiserver - ok
15:54:31.0148 1320 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:54:31.0210 1320 MSKSSRV - ok
15:54:31.0257 1320 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:54:31.0335 1320 MSPCLOCK - ok
15:54:31.0351 1320 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:54:31.0413 1320 MSPQM - ok
15:54:31.0429 1320 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:54:31.0476 1320 MsRPC - ok
15:54:31.0522 1320 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:54:31.0538 1320 mssmbios - ok
15:54:31.0569 1320 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:54:31.0647 1320 MSTEE - ok
15:54:31.0663 1320 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:54:31.0694 1320 MTConfig - ok
15:54:31.0710 1320 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
15:54:31.0756 1320 Mup - ok
15:54:31.0803 1320 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
15:54:31.0881 1320 napagent - ok
15:54:31.0944 1320 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:54:32.0006 1320 NativeWifiP - ok
15:54:32.0068 1320 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
15:54:32.0131 1320 NDIS - ok
15:54:32.0146 1320 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:54:32.0209 1320 NdisCap - ok
15:54:32.0240 1320 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:54:32.0318 1320 NdisTapi - ok
15:54:32.0380 1320 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:54:32.0443 1320 Ndisuio - ok
15:54:32.0490 1320 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:54:32.0583 1320 NdisWan - ok
15:54:32.0599 1320 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:54:32.0677 1320 NDProxy - ok
15:54:32.0708 1320 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:54:32.0770 1320 NetBIOS - ok
15:54:32.0833 1320 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:54:32.0895 1320 NetBT - ok
15:54:32.0911 1320 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
15:54:32.0926 1320 Netlogon - ok
15:54:32.0973 1320 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
15:54:33.0036 1320 Netman - ok
15:54:33.0067 1320 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
15:54:33.0160 1320 netprofm - ok
15:54:33.0192 1320 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:33.0238 1320 NetTcpPortSharing - ok
15:54:33.0410 1320 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\windows\system32\DRIVERS\netw5v32.sys
15:54:33.0691 1320 netw5v32 - ok
15:54:33.0722 1320 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:54:33.0769 1320 nfrd960 - ok
15:54:33.0816 1320 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
15:54:33.0894 1320 NlaSvc - ok
15:54:33.0925 1320 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
15:54:34.0003 1320 Npfs - ok
15:54:34.0174 1320 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
15:54:34.0284 1320 nsi - ok
15:54:34.0299 1320 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:54:34.0377 1320 nsiproxy - ok
15:54:34.0455 1320 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:54:34.0611 1320 Ntfs - ok
15:54:34.0658 1320 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
15:54:34.0783 1320 Null - ok
15:54:34.0830 1320 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
15:54:34.0892 1320 nvraid - ok
15:54:34.0923 1320 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
15:54:34.0970 1320 nvstor - ok
15:54:35.0017 1320 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:54:35.0064 1320 nv_agp - ok
15:54:35.0095 1320 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:54:35.0157 1320 ohci1394 - ok
15:54:35.0188 1320 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:54:35.0282 1320 p2pimsvc - ok
15:54:35.0329 1320 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
15:54:35.0438 1320 p2psvc - ok
15:54:35.0485 1320 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:54:35.0532 1320 Parport - ok
15:54:35.0563 1320 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
15:54:35.0610 1320 partmgr - ok
15:54:35.0625 1320 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
15:54:35.0672 1320 Parvdm - ok
15:54:35.0703 1320 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
15:54:35.0734 1320 PcaSvc - ok
15:54:35.0781 1320 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
15:54:35.0844 1320 pci - ok
15:54:35.0875 1320 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
15:54:35.0937 1320 pciide - ok
15:54:35.0968 1320 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:54:36.0062 1320 pcmcia - ok
15:54:36.0093 1320 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
15:54:36.0140 1320 pcw - ok
15:54:36.0171 1320 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:54:36.0327 1320 PEAUTH - ok
15:54:36.0421 1320 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
15:54:36.0608 1320 pla - ok
15:54:36.0655 1320 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:54:36.0717 1320 PlugPlay - ok
15:54:36.0733 1320 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:54:36.0780 1320 PNRPAutoReg - ok
15:54:36.0811 1320 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:54:36.0842 1320 PNRPsvc - ok
15:54:36.0904 1320 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:54:36.0998 1320 PolicyAgent - ok
15:54:37.0060 1320 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
15:54:37.0123 1320 Power - ok
15:54:37.0185 1320 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:54:37.0279 1320 PptpMiniport - ok
15:54:37.0294 1320 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
15:54:37.0357 1320 Processor - ok
15:54:37.0419 1320 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
15:54:37.0466 1320 ProfSvc - ok
15:54:37.0482 1320 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
15:54:37.0513 1320 ProtectedStorage - ok
15:54:37.0544 1320 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:54:37.0606 1320 Psched - ok
15:54:37.0653 1320 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:54:37.0762 1320 ql2300 - ok
15:54:37.0778 1320 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:54:37.0840 1320 ql40xx - ok
15:54:37.0872 1320 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
15:54:37.0934 1320 QWAVE - ok
15:54:37.0950 1320 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:54:37.0981 1320 QWAVEdrv - ok
15:54:37.0996 1320 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:54:38.0074 1320 RasAcd - ok
15:54:38.0137 1320 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:54:38.0184 1320 RasAgileVpn - ok
15:54:38.0215 1320 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
15:54:38.0308 1320 RasAuto - ok
15:54:38.0355 1320 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:54:38.0433 1320 Rasl2tp - ok
15:54:38.0496 1320 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
15:54:38.0589 1320 RasMan - ok
15:54:38.0620 1320 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:54:38.0714 1320 RasPppoe - ok
15:54:38.0745 1320 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:54:38.0823 1320 RasSstp - ok
15:54:38.0870 1320 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:54:38.0979 1320 rdbss - ok
15:54:38.0995 1320 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:54:39.0057 1320 rdpbus - ok
15:54:39.0088 1320 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:54:39.0151 1320 RDPCDD - ok
15:54:39.0182 1320 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:54:39.0229 1320 RDPENCDD - ok
15:54:39.0260 1320 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:54:39.0307 1320 RDPREFMP - ok
15:54:39.0338 1320 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:54:39.0432 1320 RDPWD - ok
15:54:39.0494 1320 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:54:39.0541 1320 rdyboost - ok
15:54:39.0588 1320 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
15:54:39.0666 1320 RemoteAccess - ok
15:54:39.0697 1320 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:54:39.0790 1320 RemoteRegistry - ok
15:54:39.0837 1320 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:54:39.0868 1320 RFCOMM - ok
15:54:39.0884 1320 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:54:39.0962 1320 RpcEptMapper - ok
15:54:40.0009 1320 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
15:54:40.0071 1320 RpcLocator - ok
15:54:40.0102 1320 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
15:54:40.0149 1320 RpcSs - ok
15:54:40.0196 1320 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:54:40.0274 1320 rspndr - ok
15:54:40.0305 1320 RSUSBSTOR - ok
15:54:40.0321 1320 RtsUIR - ok
15:54:40.0336 1320 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
15:54:40.0368 1320 SamSs - ok
15:54:40.0399 1320 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:54:40.0461 1320 sbp2port - ok
15:54:40.0477 1320 SBRE - ok
15:54:40.0524 1320 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
15:54:40.0602 1320 SCardSvr - ok
15:54:40.0633 1320 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:54:40.0695 1320 scfilter - ok
15:54:40.0758 1320 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
15:54:40.0898 1320 Schedule - ok
15:54:40.0914 1320 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
15:54:40.0960 1320 SCPolicySvc - ok
15:54:41.0007 1320 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:54:41.0054 1320 SDRSVC - ok
15:54:41.0179 1320 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:54:41.0257 1320 SDScannerService - ok
15:54:41.0335 1320 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:54:41.0413 1320 SDUpdateService - ok
15:54:41.0444 1320 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:54:41.0460 1320 SDWSCService - ok
15:54:41.0506 1320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:54:41.0584 1320 secdrv - ok
15:54:41.0616 1320 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
15:54:41.0725 1320 seclogon - ok
15:54:41.0772 1320 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
15:54:41.0834 1320 SENS - ok
15:54:41.0865 1320 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
15:54:41.0912 1320 SensrSvc - ok
15:54:41.0928 1320 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:54:41.0974 1320 Serenum - ok
15:54:42.0006 1320 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:54:42.0084 1320 Serial - ok
15:54:42.0099 1320 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:54:42.0193 1320 sermouse - ok
15:54:42.0240 1320 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
15:54:42.0318 1320 SessionEnv - ok
15:54:42.0364 1320 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:54:42.0458 1320 sffdisk - ok
15:54:42.0474 1320 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:54:42.0536 1320 sffp_mmc - ok
15:54:42.0552 1320 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:54:42.0630 1320 sffp_sd - ok
15:54:42.0645 1320 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:54:42.0692 1320 sfloppy - ok
15:54:42.0739 1320 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
15:54:42.0832 1320 SharedAccess - ok
15:54:42.0895 1320 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:54:42.0973 1320 ShellHWDetection - ok
15:54:43.0020 1320 [ CE2A092F209640211CD8934C7FC60063 ] Shockprf C:\windows\system32\DRIVERS\Apsx86.sys
15:54:43.0066 1320 Shockprf - ok
15:54:43.0098 1320 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
15:54:43.0144 1320 sisagp - ok
15:54:43.0191 1320 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:54:43.0222 1320 SiSRaid2 - ok
15:54:43.0238 1320 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:54:43.0285 1320 SiSRaid4 - ok
15:54:43.0394 1320 [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:54:43.0550 1320 SkypeUpdate - ok
15:54:43.0581 1320 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
15:54:43.0644 1320 Smb - ok
15:54:43.0722 1320 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:54:43.0753 1320 SNMPTRAP - ok
15:54:43.0800 1320 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
15:54:43.0846 1320 spldr - ok
15:54:43.0893 1320 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
15:54:43.0971 1320 Spooler - ok
15:54:44.0143 1320 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
15:54:44.0361 1320 sppsvc - ok
15:54:44.0408 1320 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:54:44.0517 1320 sppuinotify - ok
15:54:44.0595 1320 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:54:44.0673 1320 SQLWriter - ok
15:54:44.0704 1320 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
15:54:44.0814 1320 srv - ok
15:54:44.0845 1320 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:54:44.0938 1320 srv2 - ok
15:54:44.0954 1320 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:54:45.0001 1320 srvnet - ok
15:54:45.0032 1320 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:54:45.0110 1320 SSDPSRV - ok
15:54:45.0157 1320 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
15:54:45.0188 1320 ssmdrv - ok
15:54:45.0219 1320 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
15:54:45.0266 1320 SstpSvc - ok
15:54:45.0297 1320 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:54:45.0328 1320 stexstor - ok
15:54:45.0391 1320 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
15:54:45.0500 1320 StiSvc - ok
15:54:45.0516 1320 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
15:54:45.0547 1320 swenum - ok
15:54:45.0578 1320 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
15:54:45.0687 1320 swprv - ok
15:54:45.0765 1320 [ C93AA00FB1386CC00D0A66BA41847421 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:54:45.0812 1320 SynTP - ok
15:54:45.0890 1320 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
15:54:45.0999 1320 SysMain - ok
15:54:46.0046 1320 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
15:54:46.0108 1320 TabletInputService - ok
15:54:46.0186 1320 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
15:54:46.0296 1320 TapiSrv - ok
15:54:46.0342 1320 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
15:54:46.0420 1320 TBS - ok
15:54:46.0498 1320 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:54:46.0686 1320 Tcpip - ok
15:54:46.0732 1320 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:54:46.0795 1320 TCPIP6 - ok
15:54:46.0857 1320 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:54:46.0935 1320 tcpipreg - ok
15:54:46.0982 1320 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:54:47.0044 1320 TDPIPE - ok
15:54:47.0060 1320 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:54:47.0107 1320 TDTCP - ok
15:54:47.0154 1320 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:54:47.0232 1320 tdx - ok
15:54:47.0325 1320 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
15:54:47.0372 1320 TermDD - ok
15:54:47.0450 1320 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
15:54:47.0575 1320 TermService - ok
15:54:47.0606 1320 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
15:54:47.0668 1320 Themes - ok
15:54:47.0668 1320 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
15:54:47.0731 1320 THREADORDER - ok
15:54:47.0746 1320 [ 5ABC361EE13977D13948602AB17B8C0C ] TPDIGIMN C:\windows\system32\DRIVERS\ApsHM86.sys
15:54:47.0793 1320 TPDIGIMN - ok
15:54:47.0824 1320 [ C4D817A26D5BCCDA3AC0D18E44A8FF56 ] TPHDEXLGSVC C:\windows\system32\TPHDEXLG.exe
15:54:47.0856 1320 TPHDEXLGSVC - ok
15:54:47.0871 1320 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
15:54:47.0980 1320 TrkWks - ok
15:54:48.0043 1320 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:54:48.0090 1320 TrustedInstaller - ok
15:54:48.0136 1320 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:54:48.0230 1320 tssecsrv - ok
15:54:48.0308 1320 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:54:48.0370 1320 TsUsbFlt - ok
15:54:48.0433 1320 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:54:48.0495 1320 tunnel - ok
15:54:48.0511 1320 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:54:48.0558 1320 uagp35 - ok
15:54:48.0604 1320 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:54:48.0714 1320 udfs - ok
15:54:48.0760 1320 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:54:48.0807 1320 UI0Detect - ok
15:54:48.0870 1320 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:54:48.0932 1320 uliagpkx - ok
15:54:48.0963 1320 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
15:54:49.0041 1320 umbus - ok
15:54:49.0072 1320 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:54:49.0150 1320 UmPass - ok
15:54:49.0260 1320 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
15:54:49.0369 1320 upnphost - ok
15:54:49.0400 1320 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:54:49.0494 1320 usbccgp - ok
15:54:49.0509 1320 USBCCID - ok
15:54:49.0540 1320 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:54:49.0587 1320 usbcir - ok
15:54:49.0603 1320 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
15:54:49.0650 1320 usbehci - ok
15:54:49.0681 1320 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:54:49.0743 1320 usbhub - ok
15:54:49.0759 1320 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:54:49.0821 1320 usbohci - ok
15:54:49.0852 1320 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:54:49.0899 1320 usbprint - ok
15:54:49.0946 1320 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:54:49.0993 1320 USBSTOR - ok
15:54:50.0008 1320 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
15:54:50.0071 1320 usbuhci - ok
15:54:50.0118 1320 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:54:50.0164 1320 usbvideo - ok
15:54:50.0196 1320 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
15:54:50.0289 1320 UxSms - ok
15:54:50.0320 1320 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
15:54:50.0383 1320 VaultSvc - ok
15:54:50.0461 1320 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\windows\system32\DRIVERS\VClone.sys
15:54:50.0586 1320 VClone - ok
15:54:50.0648 1320 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:54:50.0695 1320 vdrvroot - ok
15:54:50.0804 1320 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
15:54:50.0944 1320 vds - ok
15:54:50.0991 1320 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:54:51.0054 1320 vga - ok
15:54:51.0100 1320 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
15:54:51.0225 1320 VgaSave - ok
15:54:51.0272 1320 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:54:51.0334 1320 vhdmp - ok
15:54:51.0381 1320 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
15:54:51.0412 1320 viaagp - ok
15:54:51.0444 1320 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
15:54:51.0506 1320 ViaC7 - ok
15:54:51.0537 1320 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
15:54:51.0584 1320 viaide - ok
15:54:51.0615 1320 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:54:51.0678 1320 volmgr - ok
15:54:51.0709 1320 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:54:51.0740 1320 volmgrx - ok
15:54:51.0771 1320 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:54:51.0834 1320 volsnap - ok
15:54:51.0880 1320 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:54:51.0943 1320 vsmraid - ok
15:54:52.0021 1320 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
15:54:52.0161 1320 VSS - ok
15:54:52.0192 1320 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:54:52.0255 1320 vwifibus - ok
15:54:52.0333 1320 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:54:52.0380 1320 vwififlt - ok
15:54:52.0411 1320 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:54:52.0473 1320 vwifimp - ok
15:54:52.0504 1320 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
15:54:52.0598 1320 W32Time - ok
15:54:52.0629 1320 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:54:52.0707 1320 WacomPen - ok
15:54:52.0770 1320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:54:52.0863 1320 WANARP - ok
15:54:52.0863 1320 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:54:52.0910 1320 Wanarpv6 - ok
15:54:52.0972 1320 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
15:54:53.0160 1320 wbengine - ok
15:54:53.0222 1320 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:54:53.0284 1320 WbioSrvc - ok
15:54:53.0331 1320 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
15:54:53.0409 1320 wcncsvc - ok
15:54:53.0456 1320 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:54:53.0534 1320 WcsPlugInService - ok
15:54:53.0581 1320 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
15:54:53.0612 1320 Wd - ok
15:54:53.0706 1320 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:54:53.0830 1320 Wdf01000 - ok
15:54:53.0877 1320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
15:54:54.0002 1320 WdiServiceHost - ok
15:54:54.0002 1320 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
15:54:54.0033 1320 WdiSystemHost - ok
15:54:54.0064 1320 [ EA4E9DD00E69B35F9BD3D39ACB113E3F ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
15:54:54.0111 1320 wdmirror - ok
15:54:54.0174 1320 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
15:54:54.0283 1320 WebClient - ok
15:54:54.0361 1320 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
15:54:54.0439 1320 Wecsvc - ok
15:54:54.0470 1320 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
15:54:54.0548 1320 wercplsupport - ok
15:54:54.0579 1320 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
15:54:54.0688 1320 WerSvc - ok
15:54:54.0735 1320 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:54:54.0798 1320 WfpLwf - ok
15:54:54.0829 1320 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
15:54:54.0891 1320 WimFltr - ok
15:54:54.0907 1320 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:54:54.0938 1320 WIMMount - ok
15:54:55.0016 1320 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:54:55.0094 1320 WinDefend - ok
15:54:55.0110 1320 WinHttpAutoProxySvc - ok
15:54:55.0172 1320 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:54:55.0281 1320 Winmgmt - ok
15:54:55.0359 1320 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
15:54:55.0531 1320 WinRM - ok
15:54:55.0593 1320 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:54:55.0656 1320 WinUsb - ok
15:54:55.0718 1320 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
15:54:55.0874 1320 Wlansvc - ok
15:54:55.0905 1320 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:54:55.0936 1320 WmiAcpi - ok
15:54:55.0983 1320 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:54:56.0155 1320 wmiApSrv - ok
15:54:56.0248 1320 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:56.0436 1320 WMPNetworkSvc - ok
15:54:56.0482 1320 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
15:54:56.0560 1320 WPCSvc - ok
15:54:56.0607 1320 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:54:56.0716 1320 WPDBusEnum - ok
15:54:56.0748 1320 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:54:56.0841 1320 ws2ifsl - ok
15:54:56.0872 1320 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
15:54:56.0919 1320 wscsvc - ok
15:54:56.0935 1320 WSearch - ok
15:54:56.0966 1320 [ BAEDC491374DEFD5E76336901D6D397D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
15:54:57.0028 1320 wsvd - ok
15:54:57.0091 1320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
15:54:57.0231 1320 wuauserv - ok
15:54:57.0262 1320 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:54:57.0340 1320 WudfPf - ok
15:54:57.0372 1320 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:54:57.0434 1320 WUDFRd - ok
15:54:57.0481 1320 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:54:57.0543 1320 wudfsvc - ok
15:54:57.0574 1320 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
15:54:57.0652 1320 WwanSvc - ok
15:54:57.0699 1320 ================ Scan global ===============================
15:54:57.0746 1320 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
15:54:57.0808 1320 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
15:54:57.0855 1320 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
15:54:57.0902 1320 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
15:54:57.0933 1320 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
15:54:57.0949 1320 [Global] - ok
15:54:57.0949 1320 ================ Scan MBR ==================================
15:54:57.0964 1320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:54:58.0261 1320 \Device\Harddisk0\DR0 - ok
15:54:58.0261 1320 ================ Scan VBR ==================================
15:54:58.0261 1320 [ 8484E095B924572A5BA20920CC9D5D29 ] \Device\Harddisk0\DR0\Partition1
15:54:58.0261 1320 \Device\Harddisk0\DR0\Partition1 - ok
15:54:58.0292 1320 [ 37BA1BEBF6F543F80C1AE9C1B20BE07C ] \Device\Harddisk0\DR0\Partition2
15:54:58.0292 1320 \Device\Harddisk0\DR0\Partition2 - ok
15:54:58.0323 1320 [ 482FC679FCB67FBA2E5FE9715D663FB3 ] \Device\Harddisk0\DR0\Partition3
15:54:58.0323 1320 \Device\Harddisk0\DR0\Partition3 - ok
15:54:58.0323 1320 ============================================================
15:54:58.0323 1320 Scan finished
15:54:58.0323 1320 ============================================================
15:54:58.0339 2588 Detected object count: 1
15:54:58.0339 2588 Actual detected object count: 1
15:55:05.0374 2588 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:05.0374 2588 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.01.2013, 17:08
| #4 | |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil hi nö bisher nicht. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 18:06
| #5 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Alles klar, hier das log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-01-14.01 - ms 14.01.2013 17:50:59.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.889.150 [GMT 1:00]
ausgeführt von:: c:\users\ms\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\auto.dta
c:\data\example.tex
C:\install.exe
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\s.bat
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-14 16:59 . 2013-01-14 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-13 22:26 . 2013-01-13 22:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17BB6541-8462-4032-A04A-486E795A012D}\offreg.dll
2013-01-11 15:45 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17BB6541-8462-4032-A04A-486E795A012D}\mpengine.dll
2013-01-09 12:40 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 12:40 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:40 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 12:37 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-09 12:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:36 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 08:52 . 2013-01-09 09:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-12-30 15:56 . 2012-12-30 15:56 -------- d-----w- c:\program files\Common Files\Skype
2012-12-28 19:35 . 2012-12-28 21:52 -------- d-----w- c:\users\ms\AppData\Local\Diagnostics
2012-12-21 21:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 14:29 . 2013-01-06 22:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-18 14:28 . 2013-01-14 16:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-18 14:28 . 2012-12-18 14:28 -------- d-----w- c:\users\ms\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 22:19 . 2012-06-20 11:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 22:19 . 2012-06-20 11:00 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09 . 2012-12-13 07:53 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:53 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:53 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:15 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-11 16:37 . 2013-01-11 16:37 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-19 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-07-27 182088]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 funfrm;funfrm; [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
TCP: DhcpNameServer = 192.168.47.254
DPF: {B2E4704E-A1CA-4473-8CB1-08027E35E7FD} - hxxp://www.ssicentral.com/hlm/downloads/trial/InstallHLM7Trial.cab
FF - ProfilePath - c:\users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14 18:02:44
ComboFix-quarantined-files.txt 2013-01-14 17:02
.
Vor Suchlauf: 8 Verzeichnis(se), 85.982.584.832 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 85.673.205.760 Bytes frei
.
- - End Of File - - 631E3EA74E53B293E33771AF01F340D0
|
|
14.01.2013, 20:00
| #6 |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil |
|
14.01.2013, 22:26
| #7 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.14.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 14.01.2013 21:35:46 mbam-log-2013-01-14 (21-35-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 313017 Laufzeit: 47 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.01.2013, 21:08
| #8 |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil sieht alles ok aus, schon ne Verbesserung?. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 21:55
| #9 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Nein, ist leider noch nicht besser geworden. Code:
ATTFilter 7-Zip 9.20 20.06.2012 notwendig Active Protection System Lenovo 26.09.2009 1.70.06 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig Adobe Reader 9.5.3 - Deutsch Adobe Systems Incorporated 14.01.2013 118,3MB 9.5.3 notwendig AIMP3 AIMP DevTeam 19.06.2012 v3.00.985 notwendig Avira Free Antivirus Avira 14.11.2012 124,8MB 12.1.9.1236 notwendig Broadcom 802.11 Wireless Driver 26.09.2009 1.0.0.0 notwendig Broadcom Gigabit NetLink Controller Broadcom Corporation 26.09.2009 0,44MB 12.26.02 notwendig CCleaner Piriform 22.05.2012 3.19 notwendig Conexant HD Audio Conexant 26.09.2009 4.98.11.60 notwendig Energy Management Lenovo 26.09.2009 4.3.1.2 notwendig gretl version 1.9.9 The gretl team 08.10.2012 37,5MB 1.9.9 notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 26.09.2009 54,3MB 8.15.10.1872 notwendig Intel(R) TV Wizard Intel Corporation 26.09.2009 notwendig Intel® Matrix Storage Manager Intel Corporation 26.09.2009 notwendig Java 7 Update 9 Oracle 09.09.2012 128,4MB 7.0.90 notwendig JavaFX 2.1.1 Oracle Corporation 19.06.2012 20,9MB 2.1.1 unbekannt Lenovo Bluetooth with Enhanced Data Rate Software Broadcom Corporation 26.09.2009 88,4MB 6.2.0.9600 unnötig Lenovo EasyCamera Lenovo EasyCamera 26.09.2009 6.32.2018.08 unnötig Lenovo OneKey Recovery CyberLink Corp. 26.09.2009 329MB 7.0.0723 notwendig Logitech Gaming Software 8.30 Logitech Inc. 19.06.2012 74,2MB 8.30.86 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 13.01.2013 18,4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 20.06.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 20.06.2012 2,94MB 4.0.30319 unbekannt Microsoft Silverlight Microsoft Corporation 02.07.2012 22,7MB 5.1.10411.0 unbekannt Microsoft SQL Server Native Client Microsoft Corporation 26.09.2009 2,59MB 9.00.4035.00 unbekannt Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 26.09.2009 20,1MB 9.00.4035.00 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 26.09.2009 0,66MB 9.00.4035.00 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03.07.2012 0,29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 19.06.2012 1,46MB 9.0.30411 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.06.2012 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 03.07.2012 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.07.2012 12,3MB 10.0.40219 unbekannt MiKTeX 2.9 MiKTeX.org 26.10.2012 2.9 notwendig Mnemosyne 2.0 19.06.2012 144,1MB notwendig Mozilla Firefox 18.0 (x86 de) Mozilla 10.01.2013 43,2MB 18.0 notwendig Mozilla Maintenance Service Mozilla 10.01.2013 0,32MB 18.0 unbekannt Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 08.01.2013 41,9MB 17.0.2 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.06.2012 37,00KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.06.2012 1,33MB 4.20.9876.0 unbekannt OpenOffice.org 3.4 OpenOffice.org 19.06.2012 328MB 3.4.9590 notwendig Rainlendar2 (remove only) 19.06.2012 notwendig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 26.09.2009 6.1.7100.30093 notwendig Skype™ 6.0 Skype Technologies S.A. 29.12.2012 20,3MB 6.0.126 notwendig Sophos confic-a Cleanup Tool Sophos Plc 24.09.2012 5,27MB 1.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 26.09.2009 14.0.0.3 notwendig TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 26.10.2012 Version 1.0 Stable RC1 notwendig VLC media player 2.0.3 VideoLAN 07.10.2012 2.0.3 notwendig |
|
16.01.2013, 22:05
| #10 |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil deinstaliere: Adobe Flash Player alle Adobe - Install Adobe Flash Player neueste version laden, instalieren. adobe reader: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Lenovo : alle mit unnötig gekennzeichneten. Malwarebytes : bitte den Hintergrundwächter, falls aktiv, deaktivieren. Sophos kann weg Öffne CCleaner, analysieren, starten, pc neustarten. öffne CCleaner, extras, autostartliste, Inhalt posten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 22:57
| #11 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabilCode:
ATTFilter # AdwCleaner v2.105 - Datei am 16/01/2013 um 22:53:57 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ms\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [757 octets] - [16/01/2013 22:53:57]
########## EOF - C:\AdwCleaner[R1].txt - [816 octets] ##########
|
|
17.01.2013, 15:34
| #12 |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil die autostart liste fehlt noch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 15:42
| #13 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil oh sorry, hier ist sie: Code:
ATTFilter Ja HKCU:Run Rainlendar2 C:\Program Files\Rainlendar2\Rainlendar2.exe
Ja HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run avgnt "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Ja HKLM:Run cAudioFilterAgent C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
Ja HKLM:Run Energy Management C:\Program Files\Lenovo\Energy Management\Energy Management.exe
Ja HKLM:Run EnergyUtility C:\Program Files\Lenovo\Energy Management\utility.exe
Ja HKLM:Run HotKeysCmds C:\windows\system32\hkcmd.exe
Ja HKLM:Run IAAnotif C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Ja HKLM:Run IgfxTray C:\windows\system32\igfxtray.exe
Ja HKLM:Run Launch LCore C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
Ja HKLM:Run Persistence C:\windows\system32\igfxpers.exe
Ja HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja HKLM:Run SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja HKLM:Run TpShocks C:\Windows\system32\TpShocks.exe
Ja Startup Common Bluetooth.lnk C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
|
|
17.01.2013, 17:09
| #14 |
| /// Malware-holic | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil Hi macht ja nichts. deaktiviere alle außer: avgnt HotKeysCmds SynTPEnh auch unter Startup deaktivieren. Falls dir was wichtiges im Autostart fehlt, kann man es reaktivieren. Downloade Dir bitte AdwCleaner auf deinen Desktop.
starte neu, teste wie das System nun läuft. Frage: ist das ein Laptop?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 17:24
| #15 |
| | Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabilCode:
ATTFilter # AdwCleaner v2.105 - Datei am 17/01/2013 um 17:14:50 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ms\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\p87ceku4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [884 octets] - [16/01/2013 22:53:57]
AdwCleaner[R2].txt - [943 octets] - [17/01/2013 15:28:16]
AdwCleaner[S2].txt - [937 octets] - [17/01/2013 17:14:50]
########## EOF - C:\AdwCleaner[S2].txt - [996 octets] ##########
Das Hochfahren ging schonmal schneller. Auch Firefox und der Flashplayer scheinen auf den ersten Versuch etwas schneller zu reagieren. |
|
| Themen zu Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil |
| 7-zip, antivir, autorun, avira, bho, browser, computer, firefox, flash-player, home, html/iframe.aho, install.exe, langsam, launch, lenovo, logfile, mozilla, plug-in, problem, realtek, registry, rundll, safer networking, security, sehr langsam, sekunden, server, software, virusverdacht, windows |
Linear-Darstellung
